From 454e9c5f8664ea99ccea2417b6cc3ffb238cf834 Mon Sep 17 00:00:00 2001 From: RHE Date: Tue, 26 Dec 2017 13:35:54 +0100 Subject: moon v4 re-organization Change-Id: I73665f739f35ae18175f98d0739567e403c1fa80 Signed-off-by: RHE --- README.md | 322 +- bin/README.md | 5 - bin/bootstrap.py | 235 -- bin/build_all.sh | 36 - bin/build_all_pip.sh | 16 - bin/delete_orchestrator.sh | 63 - bin/moon_lib_update.sh | 43 - bin/set_auth.src | 7 - bin/start.sh | 39 - kubernetes/README.md | 39 - kubernetes/conf/password_moon.txt | 1 - kubernetes/conf/password_root.txt | 1 - kubernetes/conf/ports.conf | 24 - kubernetes/init_k8s.sh | 33 - kubernetes/start_moon.sh | 37 - kubernetes/templates/consul.yaml | 33 - kubernetes/templates/db.yaml | 84 - kubernetes/templates/keystone.yaml | 39 - kubernetes/templates/kube-dns.yaml | 183 - kubernetes/templates/moon_configuration.yaml | 25 - kubernetes/templates/moon_gui.yaml | 42 - kubernetes/templates/moon_manager.yaml | 33 - kubernetes/templates/moon_orchestrator.yaml | 40 - moon_forming/Dockerfile | 10 + moon_forming/README.md | 44 + moon_forming/conf/mls.py | 59 + moon_forming/conf/rbac.py | 61 + moon_forming/conf2consul.py | 103 + moon_forming/moon.conf | 79 + moon_forming/populate_default_values.py | 235 ++ moon_forming/run.sh | 44 + moon_forming/utils/__init__.py | 0 moon_forming/utils/config.py | 22 + moon_forming/utils/models.py | 270 ++ moon_forming/utils/pdp.py | 163 + moon_forming/utils/policies.py | 635 ++++ moon_gui/README.md | 110 +- moon_pythonunittest/Dockerfile | 8 + moon_pythonunittest/README.md | 8 + moon_pythonunittest/requirements.txt | 10 + moon_pythonunittest/run_tests.sh | 13 + moonclient/Changelog | 29 - moonclient/LICENSE | 176 - moonclient/MANIFEST.in | 5 - moonclient/README.rst | 17 - moonclient/moonclient/__init__.py | 1 - moonclient/moonclient/action_assignments.py | 149 - moonclient/moonclient/action_categories.py | 102 - moonclient/moonclient/action_scopes.py | 123 - moonclient/moonclient/actions.py | 102 - moonclient/moonclient/configuration.py | 64 - moonclient/moonclient/intraextension.py | 170 - moonclient/moonclient/logs.py | 96 - moonclient/moonclient/metarules.py | 214 -- moonclient/moonclient/object_assignments.py | 149 - moonclient/moonclient/object_categories.py | 102 - moonclient/moonclient/object_scopes.py | 123 - moonclient/moonclient/objects.py | 102 - moonclient/moonclient/rules.py | 242 -- moonclient/moonclient/shell.py | 264 -- moonclient/moonclient/subject_assignments.py | 149 - moonclient/moonclient/subject_categories.py | 102 - moonclient/moonclient/subject_scopes.py | 123 - moonclient/moonclient/subjects.py | 119 - moonclient/moonclient/tenants.py | 200 -- moonclient/moonclient/tests.py | 251 -- moonclient/moonclient/tests/functional_tests.sh | 131 - .../moonclient/tests/tests_action_assignments.json | 371 -- .../moonclient/tests/tests_action_categories.json | 241 -- .../moonclient/tests/tests_action_scopes.json | 259 -- moonclient/moonclient/tests/tests_actions.json | 241 -- .../tests/tests_admin_intraextensions.json | 128 - .../moonclient/tests/tests_configuration.json | 235 -- .../moonclient/tests/tests_object_assignments.json | 385 --- .../moonclient/tests/tests_object_categories.json | 241 -- .../moonclient/tests/tests_object_scopes.json | 259 -- moonclient/moonclient/tests/tests_objects.json | 241 -- .../tests/tests_root_intraextensions.json | 47 - moonclient/moonclient/tests/tests_rules.json | 378 -- .../tests/tests_subject_assignments.json | 371 -- .../moonclient/tests/tests_subject_categories.json | 241 -- .../moonclient/tests/tests_subject_scopes.json | 259 -- moonclient/moonclient/tests/tests_subjects.json | 241 -- .../moonclient/tests/tests_submetarules.json | 294 -- moonclient/moonclient/tests/tests_tenants.json | 106 - .../tests/todo/tests_empty_policy_new_user.json | 3627 -------------------- .../tests/todo/tests_empty_policy_nova.json | 1079 ------ .../tests/todo/tests_empty_policy_swift.json | 1175 ------- .../tests/todo/tests_external_commands.json | 228 -- moonclient/requirements.txt | 3 - moonclient/setup.py | 133 - templates/moon/moon.conf | 87 - templates/moon_forming/Dockerfile | 10 - templates/moon_forming/README.md | 12 - templates/moon_forming/conf/mls.py | 59 - templates/moon_forming/conf/rbac.py | 61 - templates/moon_forming/conf2consul.py | 103 - templates/moon_forming/moon.conf | 79 - templates/moon_forming/populate_default_values.py | 235 -- templates/moon_forming/run.sh | 44 - templates/moon_forming/utils/__init__.py | 0 templates/moon_forming/utils/config.py | 22 - templates/moon_forming/utils/models.py | 270 -- templates/moon_forming/utils/pdp.py | 163 - templates/moon_forming/utils/policies.py | 635 ---- templates/moon_keystone/Dockerfile | 25 - templates/moon_keystone/README.md | 26 - templates/moon_keystone/run.sh | 81 - templates/moon_pythonunittest/Dockerfile | 8 - templates/moon_pythonunittest/README.md | 8 - templates/moon_pythonunittest/requirements.txt | 10 - templates/moon_pythonunittest/run_tests.sh | 13 - templates/openstack/glance/policy.json | 62 - templates/openstack/nova/policy.json | 488 --- tests/functional/get_keystone_projects.py | 16 + tests/functional/populate_default_values.py | 37 + tests/functional/scenario/delegation.py | 40 + tests/functional/scenario/mls.py | 54 + tests/functional/scenario/rbac.py | 44 + tests/functional/scenario/rbac_custom_100.py | 89 + tests/functional/scenario/rbac_custom_1000.py | 89 + tests/functional/scenario/rbac_custom_50.py | 89 + tests/functional/scenario/rbac_large.py | 233 ++ tests/functional/scenario/rbac_mls.py | 50 + tests/functional/scenario/session.py | 60 + tests/functional/scenario/session_large.py | 389 +++ tests/functional/send_authz.py | 32 + tests/get_keystone_projects.py | 16 - tests/populate_default_values.py | 37 - tests/scenario/delegation.py | 40 - tests/scenario/mls.py | 54 - tests/scenario/rbac.py | 44 - tests/scenario/rbac_custom_100.py | 89 - tests/scenario/rbac_custom_1000.py | 89 - tests/scenario/rbac_custom_50.py | 89 - tests/scenario/rbac_large.py | 233 -- tests/scenario/rbac_mls.py | 50 - tests/scenario/session.py | 60 - tests/scenario/session_large.py | 389 --- tests/send_authz.py | 32 - tools/bin/README.md | 5 + tools/bin/bootstrap.py | 235 ++ tools/bin/build_all.sh | 36 + tools/bin/build_all_pip.sh | 16 + tools/bin/delete_orchestrator.sh | 63 + tools/bin/moon_lib_update.sh | 43 + tools/bin/set_auth.src | 7 + tools/bin/start.sh | 39 + tools/moon/moon.conf | 87 + tools/moon_keystone/Dockerfile | 25 + tools/moon_keystone/README.md | 26 + tools/moon_keystone/run.sh | 81 + tools/moon_kubernetes/README.md | 82 + tools/moon_kubernetes/conf/password_moon.txt | 1 + tools/moon_kubernetes/conf/password_root.txt | 1 + tools/moon_kubernetes/conf/ports.conf | 24 + tools/moon_kubernetes/init_k8s.sh | 33 + tools/moon_kubernetes/start_moon.sh | 37 + tools/moon_kubernetes/templates/consul.yaml | 33 + tools/moon_kubernetes/templates/db.yaml | 84 + tools/moon_kubernetes/templates/keystone.yaml | 39 + tools/moon_kubernetes/templates/kube-dns.yaml | 183 + .../templates/moon_configuration.yaml | 25 + tools/moon_kubernetes/templates/moon_gui.yaml | 42 + tools/moon_kubernetes/templates/moon_manager.yaml | 33 + .../templates/moon_orchestrator.yaml | 40 + tools/openstack/README.md | 73 + tools/openstack/glance/policy.json | 62 + tools/openstack/nova/policy.json | 488 +++ 169 files changed, 5019 insertions(+), 19211 deletions(-) delete mode 100644 bin/README.md delete mode 100644 bin/bootstrap.py delete mode 100644 bin/build_all.sh delete mode 100644 bin/build_all_pip.sh delete mode 100644 bin/delete_orchestrator.sh delete mode 100644 bin/moon_lib_update.sh delete mode 100644 bin/set_auth.src delete mode 100755 bin/start.sh delete mode 100644 kubernetes/README.md delete mode 100644 kubernetes/conf/password_moon.txt delete mode 100644 kubernetes/conf/password_root.txt delete mode 100644 kubernetes/conf/ports.conf delete mode 100644 kubernetes/init_k8s.sh delete mode 100644 kubernetes/start_moon.sh delete mode 100644 kubernetes/templates/consul.yaml delete mode 100644 kubernetes/templates/db.yaml delete mode 100644 kubernetes/templates/keystone.yaml delete mode 100644 kubernetes/templates/kube-dns.yaml delete mode 100644 kubernetes/templates/moon_configuration.yaml delete mode 100644 kubernetes/templates/moon_gui.yaml delete mode 100644 kubernetes/templates/moon_manager.yaml delete mode 100644 kubernetes/templates/moon_orchestrator.yaml create mode 100644 moon_forming/Dockerfile create mode 100644 moon_forming/README.md create mode 100644 moon_forming/conf/mls.py create mode 100644 moon_forming/conf/rbac.py create mode 100644 moon_forming/conf2consul.py create mode 100644 moon_forming/moon.conf create mode 100644 moon_forming/populate_default_values.py create mode 100644 moon_forming/run.sh create mode 100644 moon_forming/utils/__init__.py create mode 100644 moon_forming/utils/config.py create mode 100644 moon_forming/utils/models.py create mode 100644 moon_forming/utils/pdp.py create mode 100644 moon_forming/utils/policies.py create mode 100644 moon_pythonunittest/Dockerfile create mode 100644 moon_pythonunittest/README.md create mode 100644 moon_pythonunittest/requirements.txt create mode 100644 moon_pythonunittest/run_tests.sh delete mode 100644 moonclient/Changelog delete mode 100644 moonclient/LICENSE delete mode 100644 moonclient/MANIFEST.in delete mode 100644 moonclient/README.rst delete mode 100644 moonclient/moonclient/__init__.py delete mode 100644 moonclient/moonclient/action_assignments.py delete mode 100644 moonclient/moonclient/action_categories.py delete mode 100644 moonclient/moonclient/action_scopes.py delete mode 100644 moonclient/moonclient/actions.py delete mode 100644 moonclient/moonclient/configuration.py delete mode 100644 moonclient/moonclient/intraextension.py delete mode 100644 moonclient/moonclient/logs.py delete mode 100644 moonclient/moonclient/metarules.py delete mode 100644 moonclient/moonclient/object_assignments.py delete mode 100644 moonclient/moonclient/object_categories.py delete mode 100644 moonclient/moonclient/object_scopes.py delete mode 100644 moonclient/moonclient/objects.py delete mode 100644 moonclient/moonclient/rules.py delete mode 100644 moonclient/moonclient/shell.py delete mode 100644 moonclient/moonclient/subject_assignments.py delete mode 100644 moonclient/moonclient/subject_categories.py delete mode 100644 moonclient/moonclient/subject_scopes.py delete mode 100644 moonclient/moonclient/subjects.py delete mode 100644 moonclient/moonclient/tenants.py delete mode 100644 moonclient/moonclient/tests.py delete mode 100644 moonclient/moonclient/tests/functional_tests.sh delete mode 100644 moonclient/moonclient/tests/tests_action_assignments.json delete mode 100644 moonclient/moonclient/tests/tests_action_categories.json delete mode 100644 moonclient/moonclient/tests/tests_action_scopes.json delete mode 100644 moonclient/moonclient/tests/tests_actions.json delete mode 100644 moonclient/moonclient/tests/tests_admin_intraextensions.json delete mode 100644 moonclient/moonclient/tests/tests_configuration.json delete mode 100644 moonclient/moonclient/tests/tests_object_assignments.json delete mode 100644 moonclient/moonclient/tests/tests_object_categories.json delete mode 100644 moonclient/moonclient/tests/tests_object_scopes.json delete mode 100644 moonclient/moonclient/tests/tests_objects.json delete mode 100644 moonclient/moonclient/tests/tests_root_intraextensions.json delete mode 100644 moonclient/moonclient/tests/tests_rules.json delete mode 100644 moonclient/moonclient/tests/tests_subject_assignments.json delete mode 100644 moonclient/moonclient/tests/tests_subject_categories.json delete mode 100644 moonclient/moonclient/tests/tests_subject_scopes.json delete mode 100644 moonclient/moonclient/tests/tests_subjects.json delete mode 100644 moonclient/moonclient/tests/tests_submetarules.json delete mode 100644 moonclient/moonclient/tests/tests_tenants.json delete mode 100644 moonclient/moonclient/tests/todo/tests_empty_policy_new_user.json delete mode 100644 moonclient/moonclient/tests/todo/tests_empty_policy_nova.json delete mode 100644 moonclient/moonclient/tests/todo/tests_empty_policy_swift.json delete mode 100644 moonclient/moonclient/tests/todo/tests_external_commands.json delete mode 100644 moonclient/requirements.txt delete mode 100644 moonclient/setup.py delete mode 100644 templates/moon/moon.conf delete mode 100644 templates/moon_forming/Dockerfile delete mode 100644 templates/moon_forming/README.md delete mode 100644 templates/moon_forming/conf/mls.py delete mode 100644 templates/moon_forming/conf/rbac.py delete mode 100644 templates/moon_forming/conf2consul.py delete mode 100644 templates/moon_forming/moon.conf delete mode 100644 templates/moon_forming/populate_default_values.py delete mode 100644 templates/moon_forming/run.sh delete mode 100644 templates/moon_forming/utils/__init__.py delete mode 100644 templates/moon_forming/utils/config.py delete mode 100644 templates/moon_forming/utils/models.py delete mode 100644 templates/moon_forming/utils/pdp.py delete mode 100644 templates/moon_forming/utils/policies.py delete mode 100644 templates/moon_keystone/Dockerfile delete mode 100644 templates/moon_keystone/README.md delete mode 100644 templates/moon_keystone/run.sh delete mode 100644 templates/moon_pythonunittest/Dockerfile delete mode 100644 templates/moon_pythonunittest/README.md delete mode 100644 templates/moon_pythonunittest/requirements.txt delete mode 100644 templates/moon_pythonunittest/run_tests.sh delete mode 100644 templates/openstack/glance/policy.json delete mode 100644 templates/openstack/nova/policy.json create mode 100644 tests/functional/get_keystone_projects.py create mode 100644 tests/functional/populate_default_values.py create mode 100644 tests/functional/scenario/delegation.py create mode 100644 tests/functional/scenario/mls.py create mode 100644 tests/functional/scenario/rbac.py create mode 100644 tests/functional/scenario/rbac_custom_100.py create mode 100644 tests/functional/scenario/rbac_custom_1000.py create mode 100644 tests/functional/scenario/rbac_custom_50.py create mode 100644 tests/functional/scenario/rbac_large.py create mode 100644 tests/functional/scenario/rbac_mls.py create mode 100644 tests/functional/scenario/session.py create mode 100644 tests/functional/scenario/session_large.py create mode 100644 tests/functional/send_authz.py delete mode 100644 tests/get_keystone_projects.py delete mode 100644 tests/populate_default_values.py delete mode 100644 tests/scenario/delegation.py delete mode 100644 tests/scenario/mls.py delete mode 100644 tests/scenario/rbac.py delete mode 100644 tests/scenario/rbac_custom_100.py delete mode 100644 tests/scenario/rbac_custom_1000.py delete mode 100644 tests/scenario/rbac_custom_50.py delete mode 100644 tests/scenario/rbac_large.py delete mode 100644 tests/scenario/rbac_mls.py delete mode 100644 tests/scenario/session.py delete mode 100644 tests/scenario/session_large.py delete mode 100644 tests/send_authz.py create mode 100644 tools/bin/README.md create mode 100644 tools/bin/bootstrap.py create mode 100644 tools/bin/build_all.sh create mode 100644 tools/bin/build_all_pip.sh create mode 100644 tools/bin/delete_orchestrator.sh create mode 100644 tools/bin/moon_lib_update.sh create mode 100644 tools/bin/set_auth.src create mode 100755 tools/bin/start.sh create mode 100644 tools/moon/moon.conf create mode 100644 tools/moon_keystone/Dockerfile create mode 100644 tools/moon_keystone/README.md create mode 100644 tools/moon_keystone/run.sh create mode 100644 tools/moon_kubernetes/README.md create mode 100644 tools/moon_kubernetes/conf/password_moon.txt create mode 100644 tools/moon_kubernetes/conf/password_root.txt create mode 100644 tools/moon_kubernetes/conf/ports.conf create mode 100644 tools/moon_kubernetes/init_k8s.sh create mode 100644 tools/moon_kubernetes/start_moon.sh create mode 100644 tools/moon_kubernetes/templates/consul.yaml create mode 100644 tools/moon_kubernetes/templates/db.yaml create mode 100644 tools/moon_kubernetes/templates/keystone.yaml create mode 100644 tools/moon_kubernetes/templates/kube-dns.yaml create mode 100644 tools/moon_kubernetes/templates/moon_configuration.yaml create mode 100644 tools/moon_kubernetes/templates/moon_gui.yaml create mode 100644 tools/moon_kubernetes/templates/moon_manager.yaml create mode 100644 tools/moon_kubernetes/templates/moon_orchestrator.yaml create mode 100644 tools/openstack/README.md create mode 100644 tools/openstack/glance/policy.json create mode 100644 tools/openstack/nova/policy.json diff --git a/README.md b/README.md index ba3604d6..566d8280 100644 --- a/README.md +++ b/README.md @@ -3,241 +3,50 @@ __Version 4.3__ This directory contains all the modules for running the Moon platform. -## Installation -### kubeadm -You must follow those explanations to install `kubeadm`: -> https://kubernetes.io/docs/setup/independent/install-kubeadm/ - -To summarize, you must install `docker`: -```bash -apt update -apt install -y docker.io -``` - -And then, install `kubeadm`: -```bash -apt update && apt install -y apt-transport-https -curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - -cat </etc/apt/sources.list.d/kubernetes.list -deb http://apt.kubernetes.io/ kubernetes-xenial main -EOF -apt update -apt install -y kubelet kubeadm kubectl -``` - -### Moon -The Moon code is not necessary to start the platform but you need -Kubernetes configuration files from the GIT repository. - -The easy way is to clone the Moon code: -```bash -git clone https://git.opnfv.org/moon -cd moon/moonv4 -export MOON=$(pwd) -``` - -### OpenStack -You must have the following OpenStack components installed somewhere: -- nova, see [Nova install](https://docs.openstack.org/mitaka/install-guide-ubuntu/nova-controller-install.html) -- glance, see [Glance install](https://docs.openstack.org/glance/pike/install/) - -A Keystone component is automatically installed and configured in the Moon platform. -After the Moon platform installation, the Keystone server will be available -at: `http://localhost:30005 or http://\:30005` - -You can also use your own Keystone server if you want. - -## Initialisation -### kubeadm -The `kubeadm` platform can be initialized with the following shell script: -```bash -sh kubernetes/init_k8s.sh -``` - -Wait until all the kubeadm containers are in the `running` state: -```bash -watch kubectl get po --namespace=kube-system -``` - -You must see something like this: - - $ kubectl get po --namespace=kube-system - NAME READY STATUS RESTARTS AGE - calico-etcd-7qgjb 1/1 Running 0 1h - calico-node-f8zvm 2/2 Running 1 1h - calico-policy-controller-59fc4f7888-ns9kv 1/1 Running 0 1h - etcd-varuna 1/1 Running 0 1h - kube-apiserver-varuna 1/1 Running 0 1h - kube-controller-manager-varuna 1/1 Running 0 1h - kube-dns-bfbb49cd7-rgqxn 3/3 Running 0 1h - kube-proxy-x88wg 1/1 Running 0 1h - kube-scheduler-varuna 1/1 Running 0 1h - -### Moon -The Moon platform is composed on the following components: -* `consul`: a Consul configuration server -* `db`: a MySQL database server -* `keystone`: a Keystone authentication server -* `gui`: a Moon web interface -* `manager`: the Moon manager for the database -* `orchestrator`: the Moon component that manage pods in te K8S platform -* `wrapper`: the Moon endpoint where OpenStack component connect to. - -At this point, you must choose one of the following options: -* Specific configuration -* Generic configuration - -#### Specific Configuration -Why using a specific configuration: -1. The `db` and `keystone` can be installed by yourself but you must configure the -Moon platform to use them. -2. You want to change the default passwords in the Moon platform - -Use the following commands: `TODO` - -#### Generic Configuration -Why using a specific configuration: -1. You just want to test the platform -2. You want to develop on the Moon platform - -The `Moon` platform can be initialized with the following shell script: -```bash -sh kubernetes/start_moon.sh -``` - -Wait until all the Moon containers are in the `running` state: -```bash -watch kubectl get po --namespace=moon -``` - -You must see something like this: - - $ kubectl get po --namespace=moon - NAME READY STATUS RESTARTS AGE - consul-57b6d66975-9qnfx 1/1 Running 0 52m - db-867f9c6666-bq8cf 1/1 Running 0 52m - gui-bc9878b58-q288x 1/1 Running 0 51m - keystone-7d9cdbb69f-bl6ln 1/1 Running 0 52m - manager-5bfbb96988-2nvhd 1/1 Running 0 51m - manager-5bfbb96988-fg8vj 1/1 Running 0 51m - manager-5bfbb96988-w9wnk 1/1 Running 0 51m - orchestrator-65d8fb4574-tnfx2 1/1 Running 0 51m - wrapper-astonishing-748b7dcc4f-ngsvp 1/1 Running 0 51m - -## Configuration -### Moon -#### Introduction -The Moon platform is already configured after the installation. -If you want to see or modify the configuration, go with a web browser -to the following page: - -> http://localhost:30006 - -This is a consul server, you can update the configuration in the `KEY/VALUE` tab. -There are some configuration items, lots of them are only read when a new K8S pod is started -and not during its life cycle. - -**WARNING: some confidential information are put here in clear text. -This is a known security issue.** - -#### Keystone -If you have your own Keystone server, you can point Moon to your server in the -`openstack/keystone` element or through the link: -> http://localhost:30005/ui/#/dc1/kv/openstack/keystone/edit - -This configuration element is read every time Moon need it, specially when adding users. - -#### Database -The database can also be modified here: -> http://varuna:30005/ui/#/dc1/kv/database/edit - -**WARNING: the password is in clear text, this is a known security issue.** - -If you want to use your own database server, change the configuration: - - {"url": "mysql+pymysql://my_user:my_secret_password@my_server/moon", "driver": "sql"} - -Then you have to rebuild the database before using it. -This can be done with the following commands: - - cd $MOON - kubectl delete -f kubernetes/templates/moon_configuration.yaml - kubectl create -f kubernetes/templates/moon_configuration.yaml - - -### OpenStack -Before updating the configuration of the OpenStack platform, check that the platform -is working without Moon, use the following commands: -```bash -# set authentication -openstack endpoint list -openstack user list -openstack server list -``` - -In order to connect the OpenStack platform with the Moon platform, you must update some -configuration files in Nova and Glance: -* `/etc/nova/policy.json` -* `/etc/glance/policy.json` - -In some installed platform, the `/etc/nova/policy.json` can be absent so you have -to create one. You can find example files in those directory: -> ${MOON}/moonv4/templates/nova/policy.json -> ${MOON}/moonv4/templates/glance/policy.json - -Each line is mapped to an OpenStack API interface, for example, the following line -allows the user to get details for every virtual machines in the cloud -(the corresponding shell command is `openstack server list`): - - "os_compute_api:servers:detail": "", - -This lines indicates that there is no special authorisation to use this API, -every users can use it. If you want that the Moon platform handles that authorisation, -update this line with: - - "os_compute_api:servers:detail": "http://my_hostname:31001/authz" - -1) by replacing `my_hostname` with the hostname (od the IP address) of the Moon platform. -2) by updating the TCP port (default: 31001) with the good one. - -To find this TCP port, use the following command: - - $ kubectl get services -n moon | grep wrapper | cut -d ":" -f 2 | cut -d " " -f 1 - 31002/TCP - -### Moon +## Platform Setup +- [Docker installation](tools/moon_kubernetes/README.md) +- [kubeadm installation](tools/moon_kubernetes/README.md) +- [Moon deployment](tools/moon_kubernetes/README.md) +- [OpenStack deployment](tools/openstack/README.md) + + +## Micro-service Architecture +The Moon platform is composed on the following components/containers: +- *consul*: a Consul configuration server +- *db*: a MySQL database server +- *keystone*: a Keystone authentication server +- [gui](moon_gui/README.md): a Moon web interface +- [manager](moon_manager/README.md): the Moon manager for the database +- [orchestrator](moon_orchestrator/README.md): the Moon component that manage pods in te K8S platform +- [wrapper](moon_wrapper/README.md): the Moon endpoint where OpenStack component connect to. + + +## Manipulation +### moon_gui The Moon platform comes with a graphical user interface which can be used with -a web browser at this URL: -> http://$MOON_HOST:30002 +a web browser at this URL `http://$MOON_HOST:30002` You will be asked to put a login and password. Those elements are the login and password of the Keystone server, if you didn't modify the Keystone server, you will find the -login and password here: -> http://$MOON_HOST:30005/ui/#/dc1/kv/openstack/keystone/edit +login and password here `http://$MOON_HOST:30005/ui/#/dc1/kv/openstack/keystone/edit` **WARNING: the password is in clear text, this is a known security issue.** -The Moon platform can also be requested through its API: -> http://$MOON_HOST:30001 +### moon_manager +The Moon platform can also be requested through its API `http://$MOON_HOST:30001` **WARNING: By default, no login/password will be needed because of the configuration which is in DEV mode.** If you want more security, you have to update the configuration of the Keystone server here: -> http://$MOON_HOST:30005/ui/#/dc1/kv/openstack/keystone/edit - +`http://$MOON_HOST:30005/ui/#/dc1/kv/openstack/keystone/edit` by modifying the `check_token` argument to `yes`. If you write this modification, your requests to Moon API must always include a valid token taken from the Keystone server. This token must be place in the header of the request (`X-Auth-Token`). -## usage -### tests the platform -In order to know if the platform is healthy, here are some commands you can use. -1) Check that all the K8S pods in the Moon namespace are in running state: -`kubectl get pods -n moon` - -2) Check if the Manager API is running: +### End-to-end Functional Test +Check if the Manager API is running: ```bash curl http://$MOON_HOST:30001 curl http://$MOON_HOST:30001/pdp @@ -275,11 +84,8 @@ curl --header "X-Auth-Token: " http://moon_hostnam curl --header "X-Auth-Token: " http://moon_hostname:30001/policies ``` -3) Use a web browser to navigate to the GUI and enter the login and password of the keystone service: -`firefox http://$MOON_HOST:30002` - -4) Use tests Python Scripts -check firstly the Consul service for *Components/Manager*, e.g. +Check the Consul service for +- *Components/Manager*, e.g. ```json { "port": 8082, @@ -292,7 +98,7 @@ check firstly the Consul service for *Components/Manager*, e.g. } } ``` -*OpenStack/Keystone*: e.g. +- *OpenStack/Keystone*: e.g. ```json { "url": "http://keystone:5000/v3", @@ -308,74 +114,8 @@ check firstly the Consul service for *Components/Manager*, e.g. } ``` +Launch functional [test scenario](tests/functional/scenario) : ```bash python3 populate_default_values.py --consul-host=$MOON_HOST --consul-port=30005 -v scenario/rbac_large.py python3 send_authz.py --consul-host=$MOON_HOST --consul-port=30005 --authz-host=$MOON_HOST --authz-port=31002 -v scenario/rbac_large.py ``` - -### GUI usage -After authentication, you will see 4 tabs: Project, Models, Policies, PDP: - -* *Projects*: configure mapping between Keystone projects and PDP (Policy Decision Point) -* *Models*: configure templates of policies (for example RBAC or MLS) -* *Policies*: applied models or instantiated models ; -on one policy, you map a authorisation model and set subject, objects and action that will -rely on that model -* *PDP*: Policy Decision Point, this is the link between Policies and Keystone Project - -In the following paragraphs, we will add a new user in OpenStack and allow her to list -all VM on the OpenStack platform. - -First, add a new user and a new project in the OpenStack platform: - - openstack user create --password-prompt demo_user - openstack project create demo - DEMO_USER=$(openstack user list | grep demo_user | cut -d " " -f 2) - DEMO_PROJECT=$(openstack project list | grep demo | cut -d " " -f 2) - openstack role add --user $DEMO_USER --project $DEMO_PROJECT admin - -You have to add the same user in the Moon interface: - -1. go to the `Projects` tab in the Moon interface -1. go to the line corresponding to the new project and click to the `Map to a PDP` link -1. select in the combobox the MLS PDP and click `OK` -1. in the Moon interface, go to the `Policy` tab -1. go to the line corresponding to the MLS policy and click on the `actions->edit` button -1. scroll to the `Perimeters` line and click on the `show` link to show the perimeter configuration -1. go to the `Add a subject` line and click on `Add a new perimeter` -1. set the name of that subject to `demo_user` (*the name must be strictly identical*) -1. in the combobox named `Policy list` select the `MLS` policy and click on the `+` button -1. click on the yellow `Add Perimeter` button -1. go to the `Assignment` line and click on the `show` button -1. under the `Add a Assignments Subject` select the MLS policy, -the new user (`demo_user`), the category `subject_category_level` -1. in the `Select a Data` line, choose the `High` scope and click on the `+` link -1. click on the yellow `Create Assignments` button -1. if you go to the OpenStack platform, the `demo_user` is now allow to connect -to the Nova component (test with `openstack server list` connected with the `demo_user`) - - -## Annexes - -### connect to the OpenStack platform - -Here is a shell script to authenticate to the OpenStack platform as `admin`: - - export OS_USERNAME=admin - export OS_PASSWORD=p4ssw0rd - export OS_REGION_NAME=Orange - export OS_TENANT_NAME=admin - export OS_AUTH_URL=http://moon_hostname:30006/v3 - export OS_DOMAIN_NAME=Default - export OS_IDENTITY_API_VERSION=3 - -For the `demo_user`, use: - - export OS_USERNAME=demo_user - export OS_PASSWORD=your_secret_password - export OS_REGION_NAME=Orange - export OS_TENANT_NAME=demo - export OS_AUTH_URL=http://moon_hostname:30006/v3 - export OS_DOMAIN_NAME=Default - export OS_IDENTITY_API_VERSION=3 - diff --git a/bin/README.md b/bin/README.md deleted file mode 100644 index 3125c468..00000000 --- a/bin/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# Automated Tools/Scripts - -## moon_utilities_update -- update moon_utilities to PIP: `./moon_utilities_update.sh upload` -- locally update moon_utilities for each moon Python package: `./moon_utilities_update.sh copy` \ No newline at end of file diff --git a/bin/bootstrap.py b/bin/bootstrap.py deleted file mode 100644 index 6f2a5e03..00000000 --- a/bin/bootstrap.py +++ /dev/null @@ -1,235 +0,0 @@ -import os -import sys -import time -import requests -import yaml -import logging -import json -import base64 -import mysql.connector -import re -import subprocess - -logging.basicConfig(level=logging.INFO) -log = logging.getLogger("moon.bootstrap") -requests_log = logging.getLogger("requests.packages.urllib3") -requests_log.setLevel(logging.WARNING) -requests_log.propagate = True - -if len(sys.argv) == 2: - if os.path.isfile(sys.argv[1]): - CONF_FILENAME = sys.argv[1] - CONSUL_HOST = "consul" - else: - CONF_FILENAME = "moon.conf" - CONSUL_HOST = sys.argv[1] - CONSUL_PORT = 8500 -else: - CONSUL_HOST = sys.argv[1] if len(sys.argv) > 1 else "consul" - CONSUL_PORT = sys.argv[2] if len(sys.argv) > 2 else 8500 - CONF_FILENAME = sys.argv[3] if len(sys.argv) > 3 else "moon.conf" -HEADERS = {"content-type": "application/json"} - - -def search_config_file(): - data_config = None - for _file in ( - CONF_FILENAME, - "conf/moon.conf", - "../moon.conf", - "../conf/moon.conf", - "/etc/moon/moon.conf", - ): - try: - data_config = yaml.safe_load(open(_file)) - except FileNotFoundError: - data_config = None - continue - else: - break - if not data_config: - raise Exception("Configuration file not found...") - return data_config - - -def put(key, value): - url = "http://{host}:{port}/v1/kv/{key}".format(host=CONSUL_HOST, port=CONSUL_PORT, key=key) - log.info(url) - req = requests.put( - url, - headers=HEADERS, - json=value - ) - if req.status_code != 200: - raise Exception("Error connecting to Consul ({}, {})".format(req.status_code, req.text)) - - -def get(key): - url = "http://{host}:{port}/v1/kv/{key}".format(host=CONSUL_HOST, port=CONSUL_PORT, key=key) - req = requests.get(url) - data = req.json() - for item in data: - log.info("{} {} -> {}".format( - req.status_code, - item["Key"], - json.loads(base64.b64decode(item["Value"]).decode("utf-8")) - )) - yield json.loads(base64.b64decode(item["Value"]).decode("utf-8")) - - -def start_consul(data_config): - cmd = ["docker", "run", "-d", "--net=moon", "--name=consul", "--hostname=consul", "-p", "8500:8500", "consul"] - output = subprocess.run(cmd, - stdout=subprocess.PIPE, - stderr=subprocess.PIPE) - if output.returncode != 0: - log.info(" ".join(cmd)) - log.info(output.returncode) - log.error(output.stderr) - log.error(output.stdout) - raise Exception("Error starting Consul container!") - while True: - try: - req = requests.get("http://{}:{}/ui".format(CONSUL_HOST, CONSUL_PORT)) - except requests.exceptions.ConnectionError: - log.info("Waiting for Consul ({}:{})".format(CONSUL_HOST, CONSUL_PORT)) - time.sleep(1) - continue - else: - break - # if req.status_code in (302, 200): - # break - # log.info("Waiting for Consul ({}:{})".format(CONSUL_HOST, CONSUL_PORT)) - # time.sleep(1) - log.info("Consul is up") - - req = requests.get("http://{}:{}/v1/kv/database".format(CONSUL_HOST, CONSUL_PORT)) - if req.status_code == 200: - log.info("Consul is already populated") - return - - put("database", data_config["database"]) - put("messenger", data_config["messenger"]) - put("slave", data_config["slave"]) - put("docker", data_config["docker"]) - put("logging", data_config["logging"]) - put("components_port_start", data_config["components"]["port_start"]) - - for _key, _value in data_config["components"].items(): - if type(_value) is dict: - put("components/{}".format(_key), data_config["components"][_key]) - - for _key, _value in data_config["plugins"].items(): - put("plugins/{}".format(_key), data_config["plugins"][_key]) - - for _key, _value in data_config["openstack"].items(): - put("openstack/{}".format(_key), data_config["openstack"][_key]) - - -def start_database(): - cmd = ["docker", "run", "-dti", "--net=moon", "--hostname=db", "--name=db", - "-e", "MYSQL_ROOT_PASSWORD=p4sswOrd1", "-e", "MYSQL_DATABASE=moon", "-e", "MYSQL_USER=moon", - "-e", "MYSQL_PASSWORD=p4sswOrd1", "-p", "3306:3306", "mysql:latest"] - output = subprocess.run(cmd, - stdout=subprocess.PIPE, - stderr=subprocess.PIPE) - if output.returncode != 0: - log.info(cmd) - log.error(output.stderr) - log.error(output.stdout) - raise Exception("Error starting DB container!") - for database in get("database"): - database_url = database['url'] - match = re.search("(?P^[\\w+]+):\/\/(?P\\w+):(?P.+)@(?P\\w+):*(?P\\d*)", - database_url) - config = match.groupdict() - while True: - try: - conn = mysql.connector.connect( - host=config["host"], - user=config["user"], - password=config["password"], - database="moon" - ) - conn.close() - except mysql.connector.errors.InterfaceError: - log.info("Waiting for Database ({})".format(config["host"])) - time.sleep(1) - continue - else: - log.info("Database is up, populating it...") - output = subprocess.run(["moon_db_manager", "upgrade"], - stdout=subprocess.PIPE, - stderr=subprocess.PIPE) - if output.returncode != 0: - raise Exception("Error populating the database!") - break - - -def start_keystone(): - output = subprocess.run(["docker", "run", "-dti", "--net=moon", "--hostname=keystone", "--name=keystone", - "-e", "DB_HOST=db", "-e", "DB_PASSWORD_ROOT=p4sswOrd1", "-p", "35357:35357", - "-p", "5000:5000", "keystone:mitaka"], - stdout=subprocess.PIPE, - stderr=subprocess.PIPE) - if output.returncode != 0: - raise Exception("Error starting Keystone container!") - # TODO: Keystone answers request too quickly - # even if it is not fully loaded - # we must test if a token retrieval is possible or not - # to see if Keystone is truly up and running - for config in get("openstack/keystone"): - while True: - try: - time.sleep(1) - req = requests.get(config["url"]) - except requests.exceptions.ConnectionError: - log.info("Waiting for Keystone ({})".format(config["url"])) - time.sleep(1) - continue - else: - log.info("Keystone is up") - break - - -def start_moon(data_config): - cmds = [ - # ["docker", "run", "-dti", "--net=moon", "--name=wrapper", "--hostname=wrapper", "-p", - # "{0}:{0}".format(data_config['components']['wrapper']['port']), - # data_config['components']['wrapper']['container']], - ["docker", "run", "-dti", "--net=moon", "--name=manager", - "--hostname=manager", "-p", - "{0}:{0}".format(data_config['components']['manager']['port']), - data_config['components']['manager']['container']], - ["docker", "run", "-dti", "--net=moon", "--name=interface", - "--hostname=interface", "-p", - "{0}:{0}".format(data_config['components']['interface']['port']), - data_config['components']['interface']['container']], - ] - for cmd in cmds: - log.warning("Start {}".format(cmd[-1])) - # answer = input() - # if answer.lower() in ("y", "yes", "o", "oui"): - output = subprocess.run(cmd, - stdout=subprocess.PIPE, - stderr=subprocess.PIPE) - time.sleep(3) - if output.returncode != 0: - log.info(" ".join(cmd)) - log.info(output.returncode) - log.error(output.stderr) - log.error(output.stdout) - raise Exception("Error starting {} container!".format(cmd[-1])) - subprocess.run(["docker", "ps"]) - - -def main(): - data_config = search_config_file() - subprocess.run(["docker", "rm", "-f", "consul", "db", "manager", "wrapper", "interface", "authz*", "keystone"]) - start_consul(data_config) - start_database() - start_keystone() - start_moon(data_config) - -main() - diff --git a/bin/build_all.sh b/bin/build_all.sh deleted file mode 100644 index 5bbf6a19..00000000 --- a/bin/build_all.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/usr/bin/env bash - -VERSION=v4.1 -export DOCKER_HOST=tcp://172.88.88.1:2376 - - -mkdir $MOON_HOME/moon_orchestrator/dist 2>/dev/null - -echo Building Moon_Orchestrator -cd $MOON_HOME/moon_orchestrator -docker build -t wukongsun/moon_orchestrator:${VERSION} . - -echo Building Moon_Interface -cd $MOON_HOME/moon_interface -docker build -t wukongsun/moon_interface:${VERSION} . - -echo Building Moon_Security_Router -cd $MOON_HOME/moon_secrouter -docker build -t wukongsun/moon_router:${VERSION} . - -echo Building Moon_Manager -cd $MOON_HOME/moon_manager -docker build -t wukongsun/moon_manager:${VERSION} . - -echo Building Moon_Authz -cd $MOON_HOME/moon_authz -docker build -t wukongsun/moon_authz:${VERSION} . - - -echo Building Moon_DB -cd $MOON_HOME/moon_db -python3 setup.py sdist bdist_wheel > /tmp/moon_db.log - -echo Building Moon_Utilities -cd $MOON_HOME/moon_utilities -python3 setup.py sdist bdist_wheel > /tmp/moon_utilities.log diff --git a/bin/build_all_pip.sh b/bin/build_all_pip.sh deleted file mode 100644 index 2b415bf0..00000000 --- a/bin/build_all_pip.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/usr/bin/env bash - - -echo Building Moon_DB -cd $MOON_HOME/moon_db -python3 setup.py sdist bdist_wheel> /tmp/moon_db.log - - -echo Building Moon_Utilities -cd $MOON_HOME/moon_utilities -python3 setup.py sdist bdist_wheel> /tmp/moon_utilities.log - - -echo Building Moon_Orchestrator -cd $MOON_HOME/moon_orchestrator -python3 setup.py sdist bdist_wheel> /tmp/moon_orchestrator.log \ No newline at end of file diff --git a/bin/delete_orchestrator.sh b/bin/delete_orchestrator.sh deleted file mode 100644 index 95fcfddd..00000000 --- a/bin/delete_orchestrator.sh +++ /dev/null @@ -1,63 +0,0 @@ -#!/usr/bin/env bash - -set +x - -kubectl delete -n moon -f kubernetes/templates/moon_orchestrator.yaml -for i in $(kubectl get deployments -n moon | grep wrapper | cut -d " " -f 1 | xargs); do - kubectl delete deployments/$i -n moon; -done -for i in $(kubectl get deployments -n moon | grep interface | cut -d " " -f 1 | xargs); do - kubectl delete deployments/$i -n moon; -done -for i in $(kubectl get deployments -n moon | grep authz | cut -d " " -f 1 | xargs); do - kubectl delete deployments/$i -n moon; -done -for i in $(kubectl get services -n moon | grep wrapper | cut -d " " -f 1 | xargs); do - kubectl delete services/$i -n moon; -done -for i in $(kubectl get services -n moon | grep interface | cut -d " " -f 1 | xargs); do - kubectl delete services/$i -n moon; -done -for i in $(kubectl get services -n moon | grep authz | cut -d " " -f 1 | xargs); do - kubectl delete services/$i -n moon; -done - -if [ "$1" = "build" ]; then - - DOCKER_ARGS="" - - cd moon_manager - docker build -t wukongsun/moon_manager:v4.3.1 . ${DOCKER_ARGS} - if [ "$2" = "push" ]; then - docker push wukongsun/moon_manager:v4.3.1 - fi - cd - - - cd moon_orchestrator - docker build -t wukongsun/moon_orchestrator:v4.3 . ${DOCKER_ARGS} - if [ "$2" = "push" ]; then - docker push wukongsun/moon_orchestrator:v4.3 - fi - cd - - - cd moon_interface - docker build -t wukongsun/moon_interface:v4.3 . ${DOCKER_ARGS} - if [ "$2" = "push" ]; then - docker push wukongsun/moon_interface:v4.3 - fi - cd - - - cd moon_authz - docker build -t wukongsun/moon_authz:v4.3 . ${DOCKER_ARGS} - if [ "$2" = "push" ]; then - docker push wukongsun/moon_authz:v4.3 - fi - cd - - - cd moon_wrapper - docker build -t wukongsun/moon_wrapper:v4.3 . ${DOCKER_ARGS} - if [ "$2" = "push" ]; then - docker push wukongsun/moon_wrapper:v4.3 - fi - cd - -fi diff --git a/bin/moon_lib_update.sh b/bin/moon_lib_update.sh deleted file mode 100644 index 3925e336..00000000 --- a/bin/moon_lib_update.sh +++ /dev/null @@ -1,43 +0,0 @@ -#!/usr/bin/env bash - -# usage: moon_update.sh {build,upload,copy} {python_moondb,python_moonutilities} - -CMD=$1 -COMPONENT=$2 -GPG_ID=$3 - -VERSION=${COMPONENT}-$(grep __version__ ${COMPONENT}/${COMPONENT}/__init__.py | cut -d "\"" -f 2) - -cd ${COMPONENT} - -python3 setup.py sdist bdist_wheel - -if [ "$CMD" = "upload" ]; then - # Instead of "A0A96E75", use your own GPG ID - rm dist/*.asc 2>/dev/null - gpg --detach-sign -u "${GPG_ID}" -a dist/${VERSION}-py3-none-any.whl - gpg --detach-sign -u "${GPG_ID}" -a dist/${VERSION/_/-}.tar.gz - twine upload dist/${VERSION}-py3-none-any.whl dist/${VERSION}-py3-none-any.whl.asc - twine upload dist/${VERSION/_/-}.tar.gz dist/${VERSION/_/-}.tar.gz.asc -fi - -rm -f ../moon_manager/dist/${COMPONENT}* -rm -f ../moon_orchestrator/dist/${COMPONENT}* -rm -f ../moon_wrapper/dist/${COMPONENT}* -rm -f ../moon_interface/dist/${COMPONENT}* -rm -f ../moon_authz/dist/${COMPONENT}* - - -if [ "$CMD" = "copy" ]; then - mkdir -p ../moon_manager/dist/ 2>/dev/null - cp -v dist/${VERSION}-py3-none-any.whl ../moon_manager/dist/ - mkdir -p ../moon_orchestrator/dist/ 2>/dev/null - cp -v dist/${VERSION}-py3-none-any.whl ../moon_orchestrator/dist/ - mkdir -p ../moon_wrapper/dist/ 2>/dev/null - cp -v dist/${VERSION}-py3-none-any.whl ../moon_wrapper/dist/ - mkdir -p ../moon_interface/dist/ 2>/dev/null - cp -v dist/${VERSION}-py3-none-any.whl ../moon_interface/dist/ - mkdir -p ../moon_authz/dist/ 2>/dev/null - cp -v dist/${VERSION}-py3-none-any.whl ../moon_authz/dist/ -fi - diff --git a/bin/set_auth.src b/bin/set_auth.src deleted file mode 100644 index d955e30b..00000000 --- a/bin/set_auth.src +++ /dev/null @@ -1,7 +0,0 @@ -export OS_USERNAME=admin -export OS_PASSWORD=p4ssw0rd -export OS_REGION_NAME=Orange -export OS_TENANT_NAME=admin -export OS_AUTH_URL=http://keystone:5000/v3 -export OS_DOMAIN_NAME=Default -export MOON_URL=http://172.18.0.11:38001 diff --git a/bin/start.sh b/bin/start.sh deleted file mode 100755 index e95ac393..00000000 --- a/bin/start.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/usr/bin/env bash - -VERSION=4.1 -export DOCKER_HOST=tcp://172.88.88.1:2376 - -echo -e "\033[31mDeleting previous dockers\033[m" -docker rm -f $(docker ps -a | grep moon | cut -d " " -f 1) 2>/dev/null -docker rm -f messenger db keystone consul 2>/dev/null - -echo -e "\033[32mStarting Messenger\033[m" -docker run -dti --net=moon --hostname messenger --name messenger -e RABBITMQ_DEFAULT_USER=moon -e RABBITMQ_DEFAULT_PASS=p4sswOrd1 -e RABBITMQ_NODENAME=rabbit@messenger -e RABBITMQ_DEFAULT_VHOST=moon -e RABBITMQ_HIPE_COMPILE=1 -p 5671:5671 -p 5672:5672 -p 8080:15672 rabbitmq:3-management - -echo -e "\033[32mStarting DB manager\033[m" -docker run -dti --net=moon --hostname db --name db -e MYSQL_ROOT_PASSWORD=p4sswOrd1 -e MYSQL_DATABASE=moon -e MYSQL_USER=moon -e MYSQL_PASSWORD=p4sswOrd1 -p 3306:3306 mysql:latest - -docker run -d --net=moon --name=consul --hostname=consul -p 8500:8500 consul - -echo "waiting for Database (it may takes time)..." -echo -e "\033[35m" -sed '/ready for connections/q' <(docker logs db -f) -echo -e "\033[m" - -echo "waiting for Messenger (it may takes time)..." -echo -e "\033[35m" -sed '/Server startup complete;/q' <(docker logs messenger -f) -echo -e "\033[m" - -docker run -dti --net moon --hostname keystone --name keystone -e DB_HOST=db -e DB_PASSWORD_ROOT=p4sswOrd1 -p 35357:35357 -p 5000:5000 keystone:mitaka - -echo -e "\033[32mConfiguring Moon platform\033[m" -sudo pip install moon_db -moon_db_manager upgrade - -cd ${MOON_HOME}/moon_orchestrator -python3 populate_consul.py - -echo -e "\033[32mStarting Moon platform\033[m" - -docker container run -dti --net moon --hostname orchestrator --name orchestrator wukongsun/moon_orchestrator:${VERSION} diff --git a/kubernetes/README.md b/kubernetes/README.md deleted file mode 100644 index b5320dd6..00000000 --- a/kubernetes/README.md +++ /dev/null @@ -1,39 +0,0 @@ -# Moon Platform Setup -## K8S Installation -Choose the right K8S platform -### Minikube -```bash -curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl -chmod +x ./kubectl -sudo mv ./kubectl /usr/local/bin/kubectl -curl -Lo minikube https://storage.googleapis.com/minikube/releases/v0.21.0/minikube-linux-amd64 && chmod +x minikube && sudo mv minikube /usr/local/bin/ -``` - -### Kubeadm -see: https://kubernetes.io/docs/setup/independent/install-kubeadm/ -```bash -apt-get update && apt-get install -y apt-transport-https -curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - -cat </etc/apt/sources.list.d/kubernetes.list -deb http://apt.kubernetes.io/ kubernetes-xenial main -EOF -apt-get update -apt-get install -y kubelet kubeadm kubectl -``` - -## Moon Deployment -### Creation -Execute the script : init_k8s.sh -```bash -sudo bash init_k8s.sh -watch kubectl get po --namespace=kube-system -``` -Wait until all pods are in "Running" state (crtl-c to stop the watch command) - -### Execution -Execute the script : start_moon.sh -```bash -sudo bash start_moon.sh -watch kubectl get po --namespace=moon -``` - diff --git a/kubernetes/conf/password_moon.txt b/kubernetes/conf/password_moon.txt deleted file mode 100644 index bb9bcf7d..00000000 --- a/kubernetes/conf/password_moon.txt +++ /dev/null @@ -1 +0,0 @@ -p4sswOrd1 \ No newline at end of file diff --git a/kubernetes/conf/password_root.txt b/kubernetes/conf/password_root.txt deleted file mode 100644 index bb9bcf7d..00000000 --- a/kubernetes/conf/password_root.txt +++ /dev/null @@ -1 +0,0 @@ -p4sswOrd1 \ No newline at end of file diff --git a/kubernetes/conf/ports.conf b/kubernetes/conf/ports.conf deleted file mode 100644 index 487945c0..00000000 --- a/kubernetes/conf/ports.conf +++ /dev/null @@ -1,24 +0,0 @@ -manager: - port: 8082 - kport: 30001 -gui: - port: 3000 - kport: 30002 -orchestrator: - port: 8083 - kport: 30003 - -consul: - port: 8500 - kport: 30005 -keystone: - port: 5000 - kport: 30006 - -wrapper: - port: 8080 - kport: 30010 -interface: - port: 8080 -authz: - port: 8081 diff --git a/kubernetes/init_k8s.sh b/kubernetes/init_k8s.sh deleted file mode 100644 index 6eb94e78..00000000 --- a/kubernetes/init_k8s.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/usr/bin/env bash - -set -x - -sudo kubeadm reset - -sudo swapoff -a - -sudo kubeadm init --pod-network-cidr=192.168.0.0/16 -#sudo kubeadm init --pod-network-cidr=10.244.0.0/16 - -mkdir -p $HOME/.kube -sudo cp -f /etc/kubernetes/admin.conf $HOME/.kube/config -sudo chown $(id -u):$(id -g) $HOME/.kube/config - -kubectl apply -f http://docs.projectcalico.org/v2.4/getting-started/kubernetes/installation/hosted/kubeadm/1.6/calico.yaml -#kubectl apply -f https://raw.githubusercontent.com/projectcalico/canal/master/k8s-install/1.6/rbac.yaml -#kubectl apply -f https://raw.githubusercontent.com/projectcalico/canal/master/k8s-install/1.6/canal.yaml - -#kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml - -kubectl delete deployment kube-dns --namespace=kube-system -kubectl apply -f kubernetes/templates/kube-dns.yaml - -kubectl taint nodes --all node-role.kubernetes.io/master- - -kubectl proxy& -sleep 5 -echo ========================================= -kubectl get po --namespace=kube-system -echo ========================================= - - diff --git a/kubernetes/start_moon.sh b/kubernetes/start_moon.sh deleted file mode 100644 index 8121e319..00000000 --- a/kubernetes/start_moon.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/usr/bin/env bash - -set -x - -kubectl create namespace moon -kubectl create configmap moon-config --from-file conf/moon.conf -n moon -kubectl create configmap config --from-file ~/.kube/config -n moon -kubectl create secret generic mysql-root-pass --from-file=kubernetes/conf/password_root.txt -n moon -kubectl create secret generic mysql-pass --from-file=kubernetes/conf/password_moon.txt -n moon - -kubectl create -n moon -f kubernetes/templates/consul.yaml -kubectl create -n moon -f kubernetes/templates/db.yaml -kubectl create -n moon -f kubernetes/templates/keystone.yaml - -echo ========================================= -kubectl get pods -n moon -echo ========================================= - -sleep 10 -kubectl create -n moon -f kubernetes/templates/moon_configuration.yaml - -echo Waiting for jobs moonforming -sleep 5 -kubectl get jobs -n moon -kubectl logs -n moon jobs/moonforming - -sleep 5 - -kubectl create -n moon -f kubernetes/templates/moon_manager.yaml - -sleep 2 - -kubectl create -n moon -f kubernetes/templates/moon_orchestrator.yaml - -kubectl create -n moon -f kubernetes/templates/moon_gui.yaml - - diff --git a/kubernetes/templates/consul.yaml b/kubernetes/templates/consul.yaml deleted file mode 100644 index f0fb764e..00000000 --- a/kubernetes/templates/consul.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: apps/v1beta1 -kind: Deployment -metadata: - namespace: moon - name: consul -spec: - replicas: 1 - template: - metadata: - labels: - app: consul - spec: - hostname: consul - containers: - - name: consul - image: consul:latest - ports: - - containerPort: 8500 ---- - -apiVersion: v1 -kind: Service -metadata: - name: consul - namespace: moon -spec: - ports: - - port: 8500 - targetPort: 8500 - nodePort: 30005 - selector: - app: consul - type: NodePort diff --git a/kubernetes/templates/db.yaml b/kubernetes/templates/db.yaml deleted file mode 100644 index 38418643..00000000 --- a/kubernetes/templates/db.yaml +++ /dev/null @@ -1,84 +0,0 @@ -#apiVersion: v1 -#kind: PersistentVolume -#metadata: -# name: local-pv-1 -# labels: -# type: local -#spec: -# capacity: -# storage: 5Gi -# accessModes: -# - ReadWriteOnce -# hostPath: -# path: /tmp/data/pv-1 -#--- -# -#apiVersion: v1 -#kind: PersistentVolumeClaim -#metadata: -# name: mysql-pv-claim -# labels: -# platform: moon -# app: db -#spec: -# accessModes: -# - ReadWriteOnce -# resources: -# requests: -# storage: 5Gi -#--- - -apiVersion: apps/v1beta1 -kind: Deployment -metadata: - namespace: moon - name: db -spec: - replicas: 1 - strategy: - type: Recreate - template: - metadata: - labels: - app: db - spec: - containers: - - name: db - image: mysql:latest - env: - - name: MYSQL_DATABASE - value: "moon" - - name: MYSQL_USER - value: "moon" - - name: MYSQL_PASSWORD - valueFrom: - secretKeyRef: - name: mysql-pass - key: password_moon.txt - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: mysql-root-pass - key: password_root.txt - ports: - - containerPort: 3306 - name: mysql -# volumeMounts: -# - name: mysql-persistent-storage -# mountPath: /var/lib/mysql -# volumes: -# - name: mysql-persistent-storage -# persistentVolumeClaim: -# claimName: mysql-pv-claim ---- -apiVersion: v1 -kind: Service -metadata: - namespace: moon - name: db -spec: - ports: - - port: 3306 - selector: - app: db ---- \ No newline at end of file diff --git a/kubernetes/templates/keystone.yaml b/kubernetes/templates/keystone.yaml deleted file mode 100644 index e4218e4c..00000000 --- a/kubernetes/templates/keystone.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: apps/v1beta1 -kind: Deployment -metadata: - namespace: moon - name: keystone -spec: - replicas: 1 - template: - metadata: - labels: - app: keystone - spec: - hostname: keystone - containers: - - name: keystone - image: asteroide/keystone:pike-cors - env: - - name: KEYSTONE_HOSTNAME - value: "127.0.0.1" - - name: KEYSTONE_PORT - value: "30006" - ports: - - containerPort: 35357 - containerPort: 5000 ---- - -apiVersion: v1 -kind: Service -metadata: - name: keystone - namespace: moon -spec: - ports: - - port: 5000 - targetPort: 5000 - nodePort: 30006 - selector: - app: keystone - type: NodePort diff --git a/kubernetes/templates/kube-dns.yaml b/kubernetes/templates/kube-dns.yaml deleted file mode 100644 index c8f18fd8..00000000 --- a/kubernetes/templates/kube-dns.yaml +++ /dev/null @@ -1,183 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - annotations: - deployment.kubernetes.io/revision: "2" - kubectl.kubernetes.io/last-applied-configuration: | - {"apiVersion":"extensions/v1beta1","kind":"Deployment","metadata":{"annotations":{"deployment.kubernetes.io/revision":"1"},"creationTimestamp":"2017-10-30T09:03:59Z","generation":1,"labels":{"k8s-app":"kube-dns"},"name":"kube-dns","namespace":"kube-system","resourceVersion":"556","selfLink":"/apis/extensions/v1beta1/namespaces/kube-system/deployments/kube-dns","uid":"4433b709-bd51-11e7-a055-80fa5b15034a"},"spec":{"replicas":1,"selector":{"matchLabels":{"k8s-app":"kube-dns"}},"strategy":{"rollingUpdate":{"maxSurge":"10%","maxUnavailable":0},"type":"RollingUpdate"},"template":{"metadata":{"creationTimestamp":null,"labels":{"k8s-app":"kube-dns"}},"spec":{"affinity":{"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"beta.kubernetes.io/arch","operator":"In","values":["amd64"]}]}]}}},"containers":[{"args":["--domain=cluster.local.","--dns-port=10053","--config-dir=/kube-dns-config","--v=2"],"env":[{"name":"PROMETHEUS_PORT","value":"10055"}],"image":"gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.5","imagePullPolicy":"IfNotPresent","livenessProbe":{"failureThreshold":5,"httpGet":{"path":"/healthcheck/kubedns","port":10054,"scheme":"HTTP"},"initialDelaySeconds":60,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":5},"name":"kubedns","ports":[{"containerPort":10053,"name":"dns-local","protocol":"UDP"},{"containerPort":10053,"name":"dns-tcp-local","protocol":"TCP"},{"containerPort":10055,"name":"metrics","protocol":"TCP"}],"readinessProbe":{"failureThreshold":3,"httpGet":{"path":"/readiness","port":8081,"scheme":"HTTP"},"initialDelaySeconds":3,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":5},"resources":{"limits":{"memory":"170Mi"},"requests":{"cpu":"100m","memory":"70Mi"}},"terminationMessagePath":"/dev/termination-log","terminationMessagePolicy":"File","volumeMounts":[{"mountPath":"/kube-dns-config","name":"kube-dns-config"}]},{"args":["-v=2","-logtostderr","-configDir=/etc/k8s/dns/dnsmasq-nanny","-restartDnsmasq=true","--","-k","--cache-size=1000","--log-facility=-","--server=/cluster.local/127.0.0.1#10053","--server=/in-addr.arpa/127.0.0.1#10053","--server=/ip6.arpa/127.0.0.1#10053","--server=8.8.8.8"],"image":"gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.5","imagePullPolicy":"IfNotPresent","livenessProbe":{"failureThreshold":5,"httpGet":{"path":"/healthcheck/dnsmasq","port":10054,"scheme":"HTTP"},"initialDelaySeconds":60,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":5},"name":"dnsmasq","ports":[{"containerPort":53,"name":"dns","protocol":"UDP"},{"containerPort":53,"name":"dns-tcp","protocol":"TCP"}],"resources":{"requests":{"cpu":"150m","memory":"20Mi"}},"terminationMessagePath":"/dev/termination-log","terminationMessagePolicy":"File","volumeMounts":[{"mountPath":"/etc/k8s/dns/dnsmasq-nanny","name":"kube-dns-config"}]},{"args":["--v=2","--logtostderr","--probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.cluster.local,5,A","--probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.cluster.local,5,A"],"image":"gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.5","imagePullPolicy":"IfNotPresent","livenessProbe":{"failureThreshold":5,"httpGet":{"path":"/metrics","port":10054,"scheme":"HTTP"},"initialDelaySeconds":60,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":5},"name":"sidecar","ports":[{"containerPort":10054,"name":"metrics","protocol":"TCP"}],"resources":{"requests":{"cpu":"10m","memory":"20Mi"}},"terminationMessagePath":"/dev/termination-log","terminationMessagePolicy":"File"}],"dnsPolicy":"Default","restartPolicy":"Always","schedulerName":"default-scheduler","securityContext":{},"serviceAccount":"kube-dns","serviceAccountName":"kube-dns","terminationGracePeriodSeconds":30,"tolerations":[{"key":"CriticalAddonsOnly","operator":"Exists"},{"effect":"NoSchedule","key":"node-role.kubernetes.io/master"}],"volumes":[{"configMap":{"defaultMode":420,"name":"kube-dns","optional":true},"name":"kube-dns-config"}]}}},"status":{"availableReplicas":1,"conditions":[{"lastTransitionTime":"2017-10-30T09:05:11Z","lastUpdateTime":"2017-10-30T09:05:11Z","message":"Deployment has minimum availability.","reason":"MinimumReplicasAvailable","status":"True","type":"Available"}],"observedGeneration":1,"readyReplicas":1,"replicas":1,"updatedReplicas":1}} - creationTimestamp: 2017-10-30T09:03:59Z - generation: 2 - labels: - k8s-app: kube-dns - name: kube-dns - namespace: kube-system - resourceVersion: "300076" - selfLink: /apis/extensions/v1beta1/namespaces/kube-system/deployments/kube-dns - uid: 4433b709-bd51-11e7-a055-80fa5b15034a -spec: - replicas: 1 - selector: - matchLabels: - k8s-app: kube-dns - strategy: - rollingUpdate: - maxSurge: 10% - maxUnavailable: 0 - type: RollingUpdate - template: - metadata: - creationTimestamp: null - labels: - k8s-app: kube-dns - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - - amd64 - containers: - - args: - - --domain=cluster.local. - - --dns-port=10053 - - --config-dir=/kube-dns-config - - --v=2 - env: - - name: PROMETHEUS_PORT - value: "10055" - image: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.5 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthcheck/kubedns - port: 10054 - scheme: HTTP - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: kubedns - ports: - - containerPort: 10053 - name: dns-local - protocol: UDP - - containerPort: 10053 - name: dns-tcp-local - protocol: TCP - - containerPort: 10055 - name: metrics - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readiness - port: 8081 - scheme: HTTP - initialDelaySeconds: 3 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: - limits: - memory: 340Mi - requests: - cpu: 200m - memory: 140Mi - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /kube-dns-config - name: kube-dns-config - - args: - - -v=2 - - -logtostderr - - -configDir=/etc/k8s/dns/dnsmasq-nanny - - -restartDnsmasq=true - - -- - - -k - - --dns-forward-max=300 - - --cache-size=1000 - - --log-facility=- - - --server=/cluster.local/127.0.0.1#10053 - - --server=/in-addr.arpa/127.0.0.1#10053 - - --server=/ip6.arpa/127.0.0.1#10053 - - --server=8.8.8.8 - image: gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.5 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthcheck/dnsmasq - port: 10054 - scheme: HTTP - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: dnsmasq - ports: - - containerPort: 53 - name: dns - protocol: UDP - - containerPort: 53 - name: dns-tcp - protocol: TCP - resources: - requests: - cpu: 150m - memory: 20Mi - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /etc/k8s/dns/dnsmasq-nanny - name: kube-dns-config - - args: - - --v=2 - - --logtostderr - - --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.cluster.local,5,A - - --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.cluster.local,5,A - image: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.5 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 5 - httpGet: - path: /metrics - port: 10054 - scheme: HTTP - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: sidecar - ports: - - containerPort: 10054 - name: metrics - protocol: TCP - resources: - requests: - cpu: 10m - memory: 20Mi - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - dnsPolicy: Default - restartPolicy: Always - schedulerName: default-scheduler - securityContext: {} - serviceAccount: kube-dns - serviceAccountName: kube-dns - terminationGracePeriodSeconds: 30 - tolerations: - - key: CriticalAddonsOnly - operator: Exists - - effect: NoSchedule - key: node-role.kubernetes.io/master - volumes: - - configMap: - defaultMode: 420 - name: kube-dns - optional: true - name: kube-dns-config diff --git a/kubernetes/templates/moon_configuration.yaml b/kubernetes/templates/moon_configuration.yaml deleted file mode 100644 index 3bcaa533..00000000 --- a/kubernetes/templates/moon_configuration.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: moonforming - namespace: moon -spec: - template: - metadata: - name: moonforming - spec: - containers: - - name: moonforming - image: asteroide/moonforming:v1.3 - env: - - name: POPULATE_ARGS - value: "--verbose" # debug mode: --debug - volumeMounts: - - name: config-volume - mountPath: /etc/moon - volumes: - - name: config-volume - configMap: - name: moon-config - restartPolicy: Never - #backoffLimit: 4 \ No newline at end of file diff --git a/kubernetes/templates/moon_gui.yaml b/kubernetes/templates/moon_gui.yaml deleted file mode 100644 index 2d355216..00000000 --- a/kubernetes/templates/moon_gui.yaml +++ /dev/null @@ -1,42 +0,0 @@ -apiVersion: apps/v1beta1 -kind: Deployment -metadata: - namespace: moon - name: gui -spec: - replicas: 1 - template: - metadata: - labels: - app: gui - spec: - hostname: gui - containers: - - name: gui - image: wukongsun/moon_gui:v4.3.1 - env: - - name: MANAGER_HOST - value: "127.0.0.1" - - name: MANAGER_PORT - value: "30001" - - name: KEYSTONE_HOST - value: "127.0.0.1" - - name: KEYSTONE_PORT - value: "30006" - ports: - - containerPort: 80 ---- - -apiVersion: v1 -kind: Service -metadata: - name: gui - namespace: moon -spec: - ports: - - port: 80 - targetPort: 80 - nodePort: 30002 - selector: - app: gui - type: NodePort diff --git a/kubernetes/templates/moon_manager.yaml b/kubernetes/templates/moon_manager.yaml deleted file mode 100644 index 9d4a09a8..00000000 --- a/kubernetes/templates/moon_manager.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: apps/v1beta1 -kind: Deployment -metadata: - name: manager - namespace: moon -spec: - replicas: 3 - template: - metadata: - labels: - app: manager - spec: - hostname: manager - containers: - - name: manager - image: wukongsun/moon_manager:v4.3.1 - ports: - - containerPort: 8082 ---- - -apiVersion: v1 -kind: Service -metadata: - name: manager - namespace: moon -spec: - ports: - - port: 8082 - targetPort: 8082 - nodePort: 30001 - selector: - app: manager - type: NodePort diff --git a/kubernetes/templates/moon_orchestrator.yaml b/kubernetes/templates/moon_orchestrator.yaml deleted file mode 100644 index 419f2d52..00000000 --- a/kubernetes/templates/moon_orchestrator.yaml +++ /dev/null @@ -1,40 +0,0 @@ -apiVersion: apps/v1beta1 -kind: Deployment -metadata: - namespace: moon - name: orchestrator -spec: - replicas: 1 - template: - metadata: - labels: - app: orchestrator - spec: - hostname: orchestrator - containers: - - name: orchestrator - image: wukongsun/moon_orchestrator:v4.3 - ports: - - containerPort: 8083 - volumeMounts: - - name: config-volume - mountPath: /root/.kube - volumes: - - name: config-volume - configMap: - name: config ---- - -apiVersion: v1 -kind: Service -metadata: - name: orchestrator - namespace: moon -spec: - ports: - - port: 8083 - targetPort: 8083 - nodePort: 30003 - selector: - app: orchestrator - type: NodePort diff --git a/moon_forming/Dockerfile b/moon_forming/Dockerfile new file mode 100644 index 00000000..fe48eee0 --- /dev/null +++ b/moon_forming/Dockerfile @@ -0,0 +1,10 @@ +FROM python:3 +WORKDIR /usr/src/app +RUN pip install --no-cache-dir --upgrade requests pyyaml python_moonutilities python_moondb + +ENV POPULATE_ARGS "-v" + +ADD . /root +WORKDIR /root + +CMD sh /root/run.sh ${POPULATE_ARGS} \ No newline at end of file diff --git a/moon_forming/README.md b/moon_forming/README.md new file mode 100644 index 00000000..d71805cb --- /dev/null +++ b/moon_forming/README.md @@ -0,0 +1,44 @@ +# Moon Forming +moon_forming is a container to automatize the configuration of the Moon platform + +## Run +```bash +docker run wukongsun/moon_forming:latest +``` + +## Consul +The Moon platform is already configured after the installation. +If you want to see or modify the configuration, go with a web browser +to the following page: `http://localhost:30006`. + +With the consul server, you can update the configuration in the `KEY/VALUE` tab. +There are some configuration items, lots of them are only read when a new K8S pod is started +and not during its life cycle. + +**WARNING: some confidential information are put here in clear text. +This is a known security issue.** + +### Keystone +If you have your own Keystone server, you can point Moon to your Keystone in the +`openstack/keystone` element: `http://localhost:30005/ui/#/dc1/kv/openstack/keystone/edit`. +This configuration element is read every time Moon need it, specially when adding users. + +### Database +The database can also be modified through: `http://localhost:30005/ui/#/dc1/kv/database/edit`. + +**WARNING: the password is in clear text, this is a known security issue.** + +If you want to use your own database server, change the configuration: + + {"url": "mysql+pymysql://my_user:my_secret_password@my_server/moon", "driver": "sql"} + +Then you have to rebuild the database before using it. +This can be done with the following commands: +```bash +kubectl delete -f $MOON/tools/moon_kubernetes/templates/moon_configuration.yaml +kubectl create -f $MOON/tools/moon_kubernetes/templates/moon_configuration.yaml +``` + + + + diff --git a/moon_forming/conf/mls.py b/moon_forming/conf/mls.py new file mode 100644 index 00000000..0e6285c9 --- /dev/null +++ b/moon_forming/conf/mls.py @@ -0,0 +1,59 @@ + +pdp_name = "pdp_mls" +policy_name = "MLS Policy example" +model_name = "MLS" +policy_genre = "authz" + +subjects = {"adminuser": "", "user1": "", "user2": "", } +objects = {"vm0": "", "vm1": "", } +actions = {"start": "", "stop": ""} + +subject_categories = {"subject-security-level": "", } +object_categories = {"object-security-level": "", } +action_categories = {"action-type": "", } + +subject_data = { + "subject-security-level": {"low": "", "medium": "", "high": ""}, +} +object_data = { + "object-security-level": {"low": "", "medium": "", "high": ""}, +} +action_data = {"action-type": {"vm-action": "", "storage-action": "", }} + +subject_assignments = { + "adminuser": {"subject-security-level": "high"}, + "user1": {"subject-security-level": "medium"}, +} +object_assignments = { + "vm0": {"object-security-level": "medium"}, + "vm1": {"object-security-level": "low"}, +} +action_assignments = { + "start": {"action-type": "vm-action"}, + "stop": {"action-type": "vm-action"} +} + +meta_rule = { + "mls": { + "id": "", + "value": ("subject-security-level", + "object-security-level", + "action-type")}, +} + +rules = { + "mls": ( + { + "rule": ("high", "medium", "vm-action"), + "instructions": ({"decision": "grant"}) + }, + { + "rule": ("high", "low", "vm-action"), + "instructions": ({"decision": "grant"}) + }, + { + "rule": ("medium", "low", "vm-action"), + "instructions": ({"decision": "grant"}) + }, + ) +} diff --git a/moon_forming/conf/rbac.py b/moon_forming/conf/rbac.py new file mode 100644 index 00000000..25c010fd --- /dev/null +++ b/moon_forming/conf/rbac.py @@ -0,0 +1,61 @@ + +pdp_name = "pdp_rbac" +policy_name = "RBAC policy example" +model_name = "RBAC" +policy_genre = "authz" + +subjects = {"adminuser": "", "user1": "", } +objects = {"vm0": "", "vm1": "", } +actions = {"start": "", "stop": ""} + +subject_categories = {"role": "", } +object_categories = {"id": "", } +action_categories = {"action-type": "", } + +subject_data = {"role": {"admin": "", "employee": "", "*": ""}} +object_data = {"id": {"vm0": "", "vm1": "", "*": ""}} +action_data = {"action-type": {"vm-action": "", "*": ""}} + +subject_assignments = { + "adminuser": + ({"role": "admin"}, {"role": "employee"}, {"role": "*"}), + "user1": + ({"role": "employee"}, {"role": "*"}), +} +object_assignments = { + "vm0": + ({"id": "vm0"}, {"id": "*"}), + "vm1": + ({"id": "vm1"}, {"id": "*"}) +} +action_assignments = { + "start": + ({"action-type": "vm-action"}, {"action-type": "*"}), + "stop": + ({"action-type": "vm-action"}, {"action-type": "*"}) +} + +meta_rule = { + "rbac": {"id": "", "value": ("role", "id", "action-type")}, +} + +rules = { + "rbac": ( + { + "rule": ("admin", "vm0", "vm-action"), + "instructions": ( + {"decision": "grant"}, + # "grant" to immediately exit, + # "continue" to wait for the result of next policy + ) + }, + { + "rule": ("employee", "vm1", "vm-action"), + "instructions": ( + {"decision": "grant"}, + ) + }, + ) +} + + diff --git a/moon_forming/conf2consul.py b/moon_forming/conf2consul.py new file mode 100644 index 00000000..46c99d5c --- /dev/null +++ b/moon_forming/conf2consul.py @@ -0,0 +1,103 @@ +import os +import sys +import requests +import yaml +import logging +import json +import base64 + +logging.basicConfig(level=logging.INFO) +log = logging.getLogger("moon.conf2consul") +requests_log = logging.getLogger("requests.packages.urllib3") +requests_log.setLevel(logging.WARNING) +requests_log.propagate = True + +if len(sys.argv) == 2: + if os.path.isfile(sys.argv[1]): + CONF_FILENAME = sys.argv[1] + CONSUL_HOST = "consul" + else: + CONF_FILENAME = "moon.conf" + CONSUL_HOST = sys.argv[1] + CONSUL_PORT = 8500 +else: + CONSUL_HOST = sys.argv[1] if len(sys.argv) > 1 else "consul" + CONSUL_PORT = sys.argv[2] if len(sys.argv) > 2 else 8500 + CONF_FILENAME = sys.argv[3] if len(sys.argv) > 3 else "moon.conf" +HEADERS = {"content-type": "application/json"} + + +def search_config_file(): + data_config = None + for _file in ( + CONF_FILENAME, + "conf/moon.conf", + "../moon.conf", + "../conf/moon.conf", + "/etc/moon/moon.conf", + ): + try: + data_config = yaml.safe_load(open(_file)) + except FileNotFoundError: + data_config = None + continue + else: + break + if not data_config: + raise Exception("Configuration file not found...") + return data_config + + +def put(key, value): + url = "http://{host}:{port}/v1/kv/{key}".format(host=CONSUL_HOST, port=CONSUL_PORT, key=key) + log.info(url) + req = requests.put( + url, + headers=HEADERS, + json=value + ) + if req.status_code != 200: + raise Exception("Error connecting to Consul ({}, {})".format(req.status_code, req.text)) + + +def get(key): + url = "http://{host}:{port}/v1/kv/{key}".format(host=CONSUL_HOST, port=CONSUL_PORT, key=key) + req = requests.get(url) + data = req.json() + for item in data: + log.info("{} {} -> {}".format( + req.status_code, + item["Key"], + json.loads(base64.b64decode(item["Value"]).decode("utf-8")) + )) + yield json.loads(base64.b64decode(item["Value"]).decode("utf-8")) + + +def main(): + data_config = search_config_file() + req = requests.head("http://{}:{}/ui/".format(CONSUL_HOST, CONSUL_PORT)) + if req.status_code != 200: + log.critical("Consul is down...") + log.critical("request info: {}/{}".format(req, req.text)) + sys.exit(1) + + put("database", data_config["database"]) + # put("messenger", data_config["messenger"]) + # put("slave", data_config["slave"]) + # put("docker", data_config["docker"]) + put("logging", data_config["logging"]) + put("components_port_start", data_config["components"]["port_start"]) + + for _key, _value in data_config["components"].items(): + if type(_value) is dict: + put("components/{}".format(_key), data_config["components"][_key]) + + for _key, _value in data_config["plugins"].items(): + put("plugins/{}".format(_key), data_config["plugins"][_key]) + + for _key, _value in data_config["openstack"].items(): + put("openstack/{}".format(_key), data_config["openstack"][_key]) + + +main() + diff --git a/moon_forming/moon.conf b/moon_forming/moon.conf new file mode 100644 index 00000000..dc498e34 --- /dev/null +++ b/moon_forming/moon.conf @@ -0,0 +1,79 @@ +database: + url: mysql+pymysql://moon:p4sswOrd1@db/moon + driver: sql + +openstack: + keystone: + url: http://keystone:5000/v3 + user: admin + password: p4ssw0rd + domain: default + project: admin + check_token: false + certificate: false + +plugins: + authz: + container: wukongsun/moon_authz:v4.3 + port: 8081 + session: + container: asteroide/session:latest + port: 8082 + +components: + interface: + port: 8080 + bind: 0.0.0.0 + hostname: interface + container: wukongsun/moon_interface:v4.3 + orchestrator: + port: 8083 + bind: 0.0.0.0 + hostname: orchestrator + container: wukongsun/moon_orchestrator:v4.3 + wrapper: + port: 8080 + bind: 0.0.0.0 + hostname: wrapper + container: wukongsun/moon_wrapper:v4.3.1 + timeout: 5 + manager: + port: 8082 + bind: 0.0.0.0 + hostname: manager + container: wukongsun/moon_manager:v4.3.1 + port_start: 31001 + +logging: + version: 1 + + formatters: + brief: + format: "%(levelname)s %(name)s %(message)-30s" + custom: + format: "%(asctime)-15s %(levelname)s %(name)s %(message)s" + + handlers: + console: + class : logging.StreamHandler + formatter: brief + level : INFO + stream : ext://sys.stdout + file: + class : logging.handlers.RotatingFileHandler + formatter: custom + level : DEBUG + filename: /tmp/moon.log + maxBytes: 1048576 + backupCount: 3 + + loggers: + moon: + level: DEBUG + handlers: [console, file] + propagate: no + + root: + level: ERROR + handlers: [console] + diff --git a/moon_forming/populate_default_values.py b/moon_forming/populate_default_values.py new file mode 100644 index 00000000..fa099458 --- /dev/null +++ b/moon_forming/populate_default_values.py @@ -0,0 +1,235 @@ +import argparse +import logging +from importlib.machinery import SourceFileLoader +from utils.pdp import * +from utils.models import * +from utils.policies import * + +parser = argparse.ArgumentParser() +parser.add_argument('filename', help='scenario filename', nargs=1) +parser.add_argument("--verbose", "-v", action='store_true', + help="verbose mode") +parser.add_argument("--debug", "-d", action='store_true', help="debug mode") +parser.add_argument("--keystone-pid", "-k", dest="keystone_pid", default="", + help="Force a particular Keystone Project ID") +args = parser.parse_args() + +FORMAT = '%(asctime)-15s %(levelname)s %(message)s' +if args.debug: + logging.basicConfig( + format=FORMAT, + level=logging.DEBUG) +elif args.verbose: + logging.basicConfig( + format=FORMAT, + level=logging.INFO) +else: + logging.basicConfig( + format=FORMAT, + level=logging.WARNING) + +requests_log = logging.getLogger("requests.packages.urllib3") +requests_log.setLevel(logging.WARNING) +requests_log.propagate = True + +logger = logging.getLogger("moonforming") + +if args.filename: + print("Loading: {}".format(args.filename[0])) + +m = SourceFileLoader("scenario", args.filename[0]) + +scenario = m.load_module() + + +def create_model(model_id=None): + if args.verbose: + logger.info("Creating model {}".format(scenario.model_name)) + if not model_id: + logger.info("Add model") + model_id = add_model(name=scenario.model_name) + logger.info("Add subject categories") + for cat in scenario.subject_categories: + scenario.subject_categories[cat] = add_subject_category(name=cat) + logger.info("Add object categories") + for cat in scenario.object_categories: + scenario.object_categories[cat] = add_object_category(name=cat) + logger.info("Add action categories") + for cat in scenario.action_categories: + scenario.action_categories[cat] = add_action_category(name=cat) + sub_cat = [] + ob_cat = [] + act_cat = [] + meta_rule_list = [] + for item_name, item_value in scenario.meta_rule.items(): + for item in item_value["value"]: + if item in scenario.subject_categories: + sub_cat.append(scenario.subject_categories[item]) + elif item in scenario.object_categories: + ob_cat.append(scenario.object_categories[item]) + elif item in scenario.action_categories: + act_cat.append(scenario.action_categories[item]) + meta_rules = check_meta_rule(meta_rule_id=None) + for _meta_rule_id, _meta_rule_value in meta_rules['meta_rules'].items(): + if _meta_rule_value['name'] == item_name: + meta_rule_id = _meta_rule_id + break + else: + logger.info("Add meta rule") + meta_rule_id = add_meta_rule(item_name, sub_cat, ob_cat, act_cat) + item_value["id"] = meta_rule_id + if meta_rule_id not in meta_rule_list: + meta_rule_list.append(meta_rule_id) + return model_id, meta_rule_list + + +def create_policy(model_id, meta_rule_list): + if args.verbose: + logger.info("Creating policy {}".format(scenario.policy_name)) + _policies = check_policy() + for _policy_id, _policy_value in _policies["policies"].items(): + if _policy_value['name'] == scenario.policy_name: + policy_id = _policy_id + break + else: + policy_id = add_policy(name=scenario.policy_name, genre=scenario.policy_genre) + + update_policy(policy_id, model_id) + + for meta_rule_id in meta_rule_list: + logger.debug("add_meta_rule_to_model {} {}".format(model_id, meta_rule_id)) + add_meta_rule_to_model(model_id, meta_rule_id) + + logger.info("Add subject data") + for subject_cat_name in scenario.subject_data: + for subject_data_name in scenario.subject_data[subject_cat_name]: + data_id = scenario.subject_data[subject_cat_name][subject_data_name] = add_subject_data( + policy_id=policy_id, + category_id=scenario.subject_categories[subject_cat_name], name=subject_data_name) + scenario.subject_data[subject_cat_name][subject_data_name] = data_id + logger.info("Add object data") + for object_cat_name in scenario.object_data: + for object_data_name in scenario.object_data[object_cat_name]: + data_id = scenario.object_data[object_cat_name][object_data_name] = add_object_data( + policy_id=policy_id, + category_id=scenario.object_categories[object_cat_name], name=object_data_name) + scenario.object_data[object_cat_name][object_data_name] = data_id + logger.info("Add action data") + for action_cat_name in scenario.action_data: + for action_data_name in scenario.action_data[action_cat_name]: + data_id = scenario.action_data[action_cat_name][action_data_name] = add_action_data( + policy_id=policy_id, + category_id=scenario.action_categories[action_cat_name], name=action_data_name) + scenario.action_data[action_cat_name][action_data_name] = data_id + + logger.info("Add subjects") + for name in scenario.subjects: + scenario.subjects[name] = add_subject(policy_id, name=name) + logger.info("Add objects") + for name in scenario.objects: + scenario.objects[name] = add_object(policy_id, name=name) + logger.info("Add actions") + for name in scenario.actions: + scenario.actions[name] = add_action(policy_id, name=name) + + logger.info("Add subject assignments") + for subject_name in scenario.subject_assignments: + if type(scenario.subject_assignments[subject_name]) in (list, tuple): + for items in scenario.subject_assignments[subject_name]: + for subject_category_name in items: + subject_id = scenario.subjects[subject_name] + subject_cat_id = scenario.subject_categories[subject_category_name] + for data in scenario.subject_assignments[subject_name]: + subject_data_id = scenario.subject_data[subject_category_name][data[subject_category_name]] + add_subject_assignments(policy_id, subject_id, subject_cat_id, subject_data_id) + else: + for subject_category_name in scenario.subject_assignments[subject_name]: + subject_id = scenario.subjects[subject_name] + subject_cat_id = scenario.subject_categories[subject_category_name] + subject_data_id = scenario.subject_data[subject_category_name][scenario.subject_assignments[subject_name][subject_category_name]] + add_subject_assignments(policy_id, subject_id, subject_cat_id, subject_data_id) + + logger.info("Add object assignments") + for object_name in scenario.object_assignments: + if type(scenario.object_assignments[object_name]) in (list, tuple): + for items in scenario.object_assignments[object_name]: + for object_category_name in items: + object_id = scenario.objects[object_name] + object_cat_id = scenario.object_categories[object_category_name] + for data in scenario.object_assignments[object_name]: + object_data_id = scenario.object_data[object_category_name][data[object_category_name]] + add_object_assignments(policy_id, object_id, object_cat_id, object_data_id) + else: + for object_category_name in scenario.object_assignments[object_name]: + object_id = scenario.objects[object_name] + object_cat_id = scenario.object_categories[object_category_name] + object_data_id = scenario.object_data[object_category_name][scenario.object_assignments[object_name][object_category_name]] + add_object_assignments(policy_id, object_id, object_cat_id, object_data_id) + + logger.info("Add action assignments") + for action_name in scenario.action_assignments: + if type(scenario.action_assignments[action_name]) in (list, tuple): + for items in scenario.action_assignments[action_name]: + for action_category_name in items: + action_id = scenario.actions[action_name] + action_cat_id = scenario.action_categories[action_category_name] + for data in scenario.action_assignments[action_name]: + action_data_id = scenario.action_data[action_category_name][data[action_category_name]] + add_action_assignments(policy_id, action_id, action_cat_id, action_data_id) + else: + for action_category_name in scenario.action_assignments[action_name]: + action_id = scenario.actions[action_name] + action_cat_id = scenario.action_categories[action_category_name] + action_data_id = scenario.action_data[action_category_name][scenario.action_assignments[action_name][action_category_name]] + add_action_assignments(policy_id, action_id, action_cat_id, action_data_id) + + logger.info("Add rules") + for meta_rule_name in scenario.rules: + meta_rule_value = scenario.meta_rule[meta_rule_name] + for rule in scenario.rules[meta_rule_name]: + data_list = [] + _meta_rule = list(meta_rule_value["value"]) + for data_name in rule["rule"]: + category_name = _meta_rule.pop(0) + if category_name in scenario.subject_categories: + data_list.append(scenario.subject_data[category_name][data_name]) + elif category_name in scenario.object_categories: + data_list.append(scenario.object_data[category_name][data_name]) + elif category_name in scenario.action_categories: + data_list.append(scenario.action_data[category_name][data_name]) + instructions = rule["instructions"] + add_rule(policy_id, meta_rule_value["id"], data_list, instructions) + return policy_id + + +def create_pdp(policy_id=None): + logger.info("Creating PDP {}".format(scenario.pdp_name)) + projects = get_keystone_projects() + project_id = args.keystone_pid + if not project_id: + for _project in projects['projects']: + if _project['name'] == "admin": + project_id = _project['id'] + assert project_id + pdps = check_pdp()["pdps"] + for pdp_id, pdp_value in pdps.items(): + if scenario.pdp_name == pdp_value["name"]: + update_pdp(pdp_id, policy_id=policy_id) + logger.debug("Found existing PDP named {} (will add policy {})".format(scenario.pdp_name, policy_id)) + return pdp_id + _pdp_id = add_pdp(name=scenario.pdp_name, policy_id=policy_id) + map_to_keystone(pdp_id=_pdp_id, keystone_project_id=project_id) + return _pdp_id + +if __name__ == "__main__": + _models = check_model() + for _model_id, _model_value in _models['models'].items(): + if _model_value['name'] == scenario.model_name: + model_id = _model_id + meta_rule_list = _model_value['meta_rules'] + create_model(model_id) + break + else: + model_id, meta_rule_list = create_model() + policy_id = create_policy(model_id, meta_rule_list) + pdp_id = create_pdp(policy_id) diff --git a/moon_forming/run.sh b/moon_forming/run.sh new file mode 100644 index 00000000..71543f9e --- /dev/null +++ b/moon_forming/run.sh @@ -0,0 +1,44 @@ +#!/usr/bin/env bash + +populate_args=$* + +echo "Waiting for Consul (http://consul:8500)" +while ! python -c "import requests; req = requests.get('http://consul:8500')" 2>/dev/null ; do + sleep 5 ; + echo "." +done + +echo "Consul (http://consul:8500) is up." + +python3 /root/conf2consul.py /etc/moon/moon.conf + +echo "Waiting for DB (tcp://db:3306)" +while ! python -c "import socket, sys; s = socket.socket(socket.AF_INET, socket.SOCK_STREAM); s.connect(('db', 3306)); sys.exit(0)" 2>/dev/null ; do + sleep 5 ; + echo "." +done + +echo "Database (http://db:3306) is up." + +moon_db_manager upgrade + +echo "Waiting for Keystone (http://keystone:5000)" +while ! python -c "import requests; req = requests.get('http://keystone:5000')" 2>/dev/null ; do + sleep 5 ; + echo "." +done + +echo "Keystone (http://keystone:5000) is up." + +echo "Waiting for Manager (http://manager:8082)" +while ! python -c "import requests; req = requests.get('http://manager:8082')" 2>/dev/null ; do + sleep 5 ; + echo "." +done + +echo "Manager (http://manager:8082) is up." + +cd /root + +python3 populate_default_values.py $populate_args /root/conf/rbac.py +python3 populate_default_values.py $populate_args /root/conf/mls.py diff --git a/moon_forming/utils/__init__.py b/moon_forming/utils/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/moon_forming/utils/config.py b/moon_forming/utils/config.py new file mode 100644 index 00000000..30c8ea4f --- /dev/null +++ b/moon_forming/utils/config.py @@ -0,0 +1,22 @@ +import yaml + + +def get_config_data(filename="moon.conf"): + data_config = None + for _file in ( + filename, + "conf/moon.conf", + "../moon.conf", + "../conf/moon.conf", + "/etc/moon/moon.conf", + ): + try: + data_config = yaml.safe_load(open(_file)) + except FileNotFoundError: + data_config = None + continue + else: + break + if not data_config: + raise Exception("Configuration file not found...") + return data_config diff --git a/moon_forming/utils/models.py b/moon_forming/utils/models.py new file mode 100644 index 00000000..3cf31354 --- /dev/null +++ b/moon_forming/utils/models.py @@ -0,0 +1,270 @@ +import requests +import copy +import utils.config + +config = utils.config.get_config_data() + +URL = "http://{}:{}".format( + config['components']['manager']['hostname'], + config['components']['manager']['port']) +URL = URL + "{}" +HEADERS = {"content-type": "application/json"} + +model_template = { + "name": "test_model", + "description": "test", + "meta_rules": [] +} + +category_template = { + "name": "name of the category", + "description": "description of the category" +} + +meta_rule_template = { + "name": "test_meta_rule", + "subject_categories": [], + "object_categories": [], + "action_categories": [] +} + + +def check_model(model_id=None, check_model_name=True): + req = requests.get(URL.format("/models")) + assert req.status_code == 200 + result = req.json() + assert type(result) is dict + assert "models" in result + if model_id: + assert result["models"] + assert model_id in result['models'] + assert "name" in result['models'][model_id] + if check_model_name: + assert model_template["name"] == result['models'][model_id]["name"] + return result + + +def add_model(name=None): + if name: + model_template['name'] = name + req = requests.post(URL.format("/models"), json=model_template, headers=HEADERS) + assert req.status_code == 200 + result = req.json() + assert type(result) is dict + model_id = list(result['models'].keys())[0] + if "result" in result: + assert result["result"] + assert "name" in result['models'][model_id] + assert model_template["name"] == result['models'][model_id]["name"] + return model_id + + +def delete_model(model_id): + req = requests.delete(URL.format("/models/{}".format(model_id))) + assert req.status_code == 200 + result = req.json() + assert type(result) is dict + assert "result" in result + assert result["result"] + + +def add_subject_category(name="subject_cat_1"): + category_template["name"] = name + req = requests.post(URL.format("/subject_categories"), json=category_template, headers=HEADERS) + assert req.status_code == 200 + result = req.json() + assert type(result) is dict + assert "subject_categories" in result + category_id = list(result['subject_categories'].keys())[0] + if "result" in result: + assert result["result"] + assert "name" in result['subject_categories'][category_id] + assert category_template["name"] == result['subject_categories'][category_id]["name"] + return category_id + + +def check_subject_category(category_id): + req = requests.get(URL.format("/subject_categories")) + assert req.status_code == 200 + result = req.json() + assert type(result) is dict + assert "subject_categories" in result + if "result" in result: + assert result["result"] + assert category_id in result['subject_categories'] + assert "name" in result['subject_categories'][category_id] + assert category_template["name"] == result['subject_categories'][category_id]["name"] + + +def delete_subject_category(category_id): + req = requests.delete(URL.format("/subject_categories/{}".format(category_id))) + assert req.status_code == 200 + result = req.json() + assert type(result) is dict + if "result" in result: + assert result["result"] + + +def add_object_category(name="object_cat_1"): + category_template["name"] = name + req = requests.post(URL.format("/object_categories"), json=category_template, headers=HEADERS) + assert req.status_code == 200 + result = req.json() + assert type(result) is dict + assert "object_categories" in result + category_id = list(result['object_categories'].keys())[0] + if "result" in result: + assert result["result"] + assert "name" in result['object_categories'][category_id] + assert category_template["name"] == result['object_categories'][category_id]["name"] + return category_id + + +def check_object_category(category_id): + req = requests.get(URL.format("/object_categories")) + assert req.status_code == 200 + result = req.json() + assert type(result) is dict + assert "object_categories" in result + if "result" in result: + assert result["result"] + assert category_id in result['object_categories'] + assert "name" in result['object_categories'][category_id] + assert category_template["name"] == result['object_categories'][category_id]["name"] + + +def delete_object_category(category_id): + req = requests.delete(URL.format("/object_categories/{}".format(category_id))) + assert req.status_code == 200 + result = req.json() + assert type(result) is dict + if "result" in result: + assert result["result"] + + +def add_action_category(name="action_cat_1"): + category_template["name"] = name + req = requests.post(URL.format("/action_categories"), json=category_template, headers=HEADERS) + assert req.status_code == 200 + result = req.json() + assert type(result) is dict + assert "action_categories" in result + category_id = list(result['action_categories'].keys())[0] + if "result" in result: + assert result["result"] + assert "name" in result['action_categories'][category_id] + assert category_template["name"] == result['action_categories'][category_id]["name"] + return category_id + + +def check_action_category(category_id): + req = requests.get(URL.format("/action_categories")) + assert req.status_code == 200 + result = req.json() + assert type(result) is dict + assert "action_categories" in result + if "result" in result: + assert result["result"] + assert category_id in result['action_categories'] + assert "name" in result['action_categories'][category_id] + assert category_template["name"] == result['action_categories'][category_id]["name"] + + +def delete_action_category(category_id): + req = requests.delete(URL.format("/action_categories/{}".format(category_id))) + assert req.status_code == 200 + result = req.json() + assert type(result) is dict + if "result" in result: + assert result["result"] + + +def add_categories_and_meta_rule(name="test_meta_rule"): + scat_id = add_subject_category() + ocat_id = add_object_category() + acat_id = add_action_category() + _meta_rule_template = copy.deepcopy(meta_rule_template) + _meta_rule_template["name"] = name + _meta_rule_template["subject_categories"].append(scat_id) + _meta_rule_template["object_categories"].append(ocat_id) + _meta_rule_template["action_categories"].append(acat_id) + req = requests.post(URL.format("/meta_rules"), json=_meta_rule_template, headers=HEADERS) + assert req.status_code == 200 + result = req.json() + assert type(result) is dict + assert "meta_rules" in result + meta_rule_id = list(result['meta_rules'].keys())[0] + if "result" in result: + assert result["result"] + assert "name" in result['meta_rules'][meta_rule_id] + assert _meta_rule_template["name"] == result['meta_rules'][meta_rule_id]["name"] + return meta_rule_id, scat_id, ocat_id, acat_id + + +def add_meta_rule(name="test_meta_rule", scat=[], ocat=[], acat=[]): + _meta_rule_template = copy.deepcopy(meta_rule_template) + _meta_rule_template["name"] = name + _meta_rule_template["subject_categories"] = [] + _meta_rule_template["subject_categories"].extend(scat) + _meta_rule_template["object_categories"] = [] + _meta_rule_template["object_categories"].extend(ocat) + _meta_rule_template["action_categories"] = [] + _meta_rule_template["action_categories"].extend(acat) + req = requests.post(URL.format("/meta_rules"), json=_meta_rule_template, headers=HEADERS) + assert req.status_code == 200 + result = req.json() + assert type(result) is dict + assert "meta_rules" in result + meta_rule_id = list(result['meta_rules'].keys())[0] + if "result" in result: + assert result["result"] + assert "name" in result['meta_rules'][meta_rule_id] + assert _meta_rule_template["name"] == result['meta_rules'][meta_rule_id]["name"] + return meta_rule_id + + +def check_meta_rule(meta_rule_id, scat_id=None, ocat_id=None, acat_id=None): + req = requests.get(URL.format("/meta_rules")) + assert req.status_code == 200 + result = req.json() + assert type(result) is dict + assert "meta_rules" in result + if "result" in result: + assert result["result"] + if not meta_rule_id: + return result + assert meta_rule_id in result['meta_rules'] + assert "name" in result['meta_rules'][meta_rule_id] + if scat_id: + assert scat_id in result['meta_rules'][meta_rule_id]["subject_categories"] + if ocat_id: + assert ocat_id in result['meta_rules'][meta_rule_id]["object_categories"] + if acat_id: + assert acat_id in result['meta_rules'][meta_rule_id]["action_categories"] + + +def delete_meta_rule(meta_rule_id): + req = requests.delete(URL.format("/meta_rules/{}".format(meta_rule_id))) + assert req.status_code == 200 + result = req.json() + assert type(result) is dict + if "result" in result: + assert result["result"] + + +def add_meta_rule_to_model(model_id, meta_rule_id): + model = check_model(model_id, check_model_name=False)['models'] + meta_rule_list = model[model_id]["meta_rules"] + if meta_rule_id not in meta_rule_list: + meta_rule_list.append(meta_rule_id) + req = requests.patch(URL.format("/models/{}".format(model_id)), + json={"meta_rules": meta_rule_list}, + headers=HEADERS) + assert req.status_code == 200 + result = req.json() + assert type(result) is dict + model_id = list(result['models'].keys())[0] + if "result" in result: + assert result["result"] + assert "meta_rules" in result['models'][model_id] + assert meta_rule_list == result['models'][model_id]["meta_rules"] diff --git a/moon_forming/utils/pdp.py b/moon_forming/utils/pdp.py new file mode 100644 index 00000000..f3c6df37 --- /dev/null +++ b/moon_forming/utils/pdp.py @@ -0,0 +1,163 @@ +import logging +import requests +import utils.config + +config = utils.config.get_config_data() +logger = logging.getLogger("moonforming.utils.policies") + +URL = "http://{}:{}".format( + config['components']['manager']['hostname'], + config['components']['manager']['port']) +HEADERS = {"content-type": "application/json"} +KEYSTONE_USER = config['openstack']['keystone']['user'] +KEYSTONE_PASSWORD = config['openstack']['keystone']['password'] +KEYSTONE_PROJECT = config['openstack']['keystone']['project'] +KEYSTONE_SERVER = config['openstack']['keystone']['url'] + +pdp_template = { + "name": "test_pdp", + "security_pipeline": [], + "keystone_project_id": None, + "description": "test", +} + + +def get_keystone_projects(): + + HEADERS = { + "Content-Type": "application/json" + } + + data_auth = { + "auth": { + "identity": { + "methods": [ + "password" + ], + "password": { + "user": { + "name": KEYSTONE_USER, + "domain": { + "name": "Default" + }, + "password": KEYSTONE_PASSWORD + } + } + } + } + } + + req = requests.post("{}/auth/tokens".format(KEYSTONE_SERVER), json=data_auth, headers=HEADERS) + logger.debug("{}/auth/tokens".format(KEYSTONE_SERVER)) + logger.debug(req.text) + assert req.status_code in (200, 201) + TOKEN = req.headers['X-Subject-Token'] + HEADERS['X-Auth-Token'] = TOKEN + req = requests.get("{}/projects".format(KEYSTONE_SERVER), headers=HEADERS) + if req.status_code not in (200, 201): + data_auth["auth"]["scope"] = { + "project": { + "name": KEYSTONE_PROJECT, + "domain": { + "id": "default" + } + } + } + req = requests.post("{}/auth/tokens".format(KEYSTONE_SERVER), json=data_auth, headers=HEADERS) + assert req.status_code in (200, 201) + TOKEN = req.headers['X-Subject-Token'] + HEADERS['X-Auth-Token'] = TOKEN + req = requests.get("{}/projects".format(KEYSTONE_SERVER), headers=HEADERS) + assert req.status_code in (200, 201) + return req.json() + + +def check_pdp(pdp_id=None, keystone_project_id=None, moon_url=None): + _URL = URL + if moon_url: + _URL = moon_url + req = requests.get(_URL + "/pdp") + assert req.status_code == 200 + result = req.json() + assert type(result) is dict + assert "pdps" in result + if pdp_id: + assert result["pdps"] + assert pdp_id in result['pdps'] + assert "name" in result['pdps'][pdp_id] + assert pdp_template["name"] == result['pdps'][pdp_id]["name"] + if keystone_project_id: + assert result["pdps"] + assert pdp_id in result['pdps'] + assert "keystone_project_id" in result['pdps'][pdp_id] + assert keystone_project_id == result['pdps'][pdp_id]["keystone_project_id"] + return result + + +def add_pdp(name="test_pdp", policy_id=None): + pdp_template['name'] = name + if policy_id: + pdp_template['security_pipeline'].append(policy_id) + req = requests.post(URL + "/pdp", json=pdp_template, headers=HEADERS) + logger.debug(req.status_code) + logger.debug(req) + assert req.status_code == 200 + result = req.json() + assert type(result) is dict + pdp_id = list(result['pdps'].keys())[0] + if "result" in result: + assert result["result"] + assert "name" in result['pdps'][pdp_id] + assert pdp_template["name"] == result['pdps'][pdp_id]["name"] + return pdp_id + + +def update_pdp(pdp_id, policy_id=None): + req = requests.get(URL + "/pdp/{}".format(pdp_id)) + assert req.status_code == 200 + result = req.json() + assert type(result) is dict + assert "pdps" in result + assert pdp_id in result['pdps'] + pipeline = result['pdps'][pdp_id]["security_pipeline"] + if policy_id not in pipeline: + pipeline.append(policy_id) + req = requests.patch(URL + "/pdp/{}".format(pdp_id), + json={"security_pipeline": pipeline}) + assert req.status_code == 200 + result = req.json() + assert type(result) is dict + assert "pdps" in result + assert pdp_id in result['pdps'] + + req = requests.get(URL + "/pdp/{}".format(pdp_id)) + assert req.status_code == 200 + result = req.json() + assert type(result) is dict + assert "pdps" in result + assert pdp_id in result['pdps'] + assert policy_id in pipeline + + +def map_to_keystone(pdp_id, keystone_project_id): + req = requests.patch(URL + "/pdp/{}".format(pdp_id), json={"keystone_project_id": keystone_project_id}, + headers=HEADERS) + assert req.status_code == 200 + result = req.json() + assert type(result) is dict + if "result" in result: + assert result["result"] + assert pdp_id in result['pdps'] + assert "name" in result['pdps'][pdp_id] + assert pdp_template["name"] == result['pdps'][pdp_id]["name"] + return pdp_id + + +def delete_pdp(pdp_id): + req = requests.delete(URL + "/pdp/{}".format(pdp_id)) + assert req.status_code == 200 + result = req.json() + assert type(result) is dict + assert "result" in result + assert result["result"] + diff --git a/moon_forming/utils/policies.py b/moon_forming/utils/policies.py new file mode 100644 index 00000000..bd08291a --- /dev/null +++ b/moon_forming/utils/policies.py @@ -0,0 +1,635 @@ +import logging +import requests +import utils.config + +config = utils.config.get_config_data() +logger = logging.getLogger("moonforming.utils.policies") + +URL = "http://{}:{}".format(config['components']['manager']['hostname'], config['components']['manager']['port']) +URL = URL + "{}" +HEADERS = {"content-type": "application/json"} +FILE = open("/tmp/test.log", "w") + +policy_template = { + "name": "test_policy", + "model_id": "", + "genre": "authz", + "description": "test", +} + +subject_template = { + "name": "test_subject", + "description": "test", + "email": "mail", + "password": "my_pass", +} + +object_template = { + "name": "test_subject", + "description": "test" +} + +action_template = { + "name": "test_subject", + "description": "test" +} + +subject_data_template = { + "name": "subject_data1", + "description": "description of the data subject" +} + +object_data_template = { + "name": "object_data1", + "description": "description of the data subject" +} + +action_data_template = { + "name": "action_data1", + "description": "description of the data subject" +} + +subject_assignment_template = { + "id": "", + "category_id": "", + "scope_id": "" +} + + +def check_policy(policy_id=None): + req = requests.get(URL.format("/policies")) + assert req.status_code == 200 + result = req.json() + assert type(result) is dict + assert "policies" in result + if policy_id: + assert result["policies"] + assert policy_id in result['policies'] + assert "name" in result['policies'][policy_id] + assert policy_template["name"] == result['policies'][policy_id]["name"] + return result + + +def add_policy(name="test_policy", genre="authz"): + policy_template["name"] = name + policy_template["genre"] = genre + req = requests.post(URL.format("/policies"), json=policy_template, headers=HEADERS) + assert req.status_code == 200 + result = req.json() + assert type(result) is dict + policy_id = list(result['policies'].keys())[0] + if "result" in result: + assert result["result"] + assert "name" in result['policies'][policy_id] + assert policy_template["name"] == result['policies'][policy_id]["name"] + return policy_id + + +def update_policy(policy_id, model_id): + req = requests.patch(URL.format("/policies/{}".format(policy_id)), + json={"model_id": model_id}, headers=HEADERS) + assert req.status_code == 200 + result = req.json() + assert type(result) is dict + policy_id = list(result['policies'].keys())[0] + if "result" in result: + assert result["result"] + assert "model_id" in result['policies'][policy_id] + assert model_id == result['policies'][policy_id]["model_id"] + + +def delete_policy(policy_id): + req = requests.delete(URL.format("/policies/{}".format(policy_id))) + assert req.status_code == 200 + result = req.json() + assert type(result) is dict + assert "result" in result + assert result["result"] + + +def add_subject(policy_id=None, name="test_subject"): + subject_template['name'] = name + if policy_id: + logger.debug(URL.format("/policies/{}/subjects".format(policy_id))) + req = requests.post(URL.format("/policies/{}/subjects".format(policy_id)), + json=subject_template, headers=HEADERS) + else: + logger.debug(URL.format("/subjects")) + req = requests.post(URL.format("/subjects"), json=subject_template, headers=HEADERS) + logger.debug(req.text) + assert req.status_code == 200 + result = req.json() + assert "subjects" in result + subject_id = list(result['subjects'].keys())[0] + return subject_id + + +def update_subject(subject_id, policy_id=None, description=None): + if policy_id and not description: + req = requests.patch(URL.format("/policies/{}/subjects/{}".format(policy_id, subject_id)), + json={}) + elif policy_id and description: + req = requests.patch(URL.format("/policies/{}/subjects/{}".format(policy_id, subject_id)), + json={"description": description}) + else: + req = requests.patch(URL.format("/subjects/{}".format(subject_id)), + json={"description": description}) + assert req.status_code == 200 + result = req.json() + assert "subjects" in result + assert "name" in result["subjects"][subject_id] + assert subject_template["name"] == result["subjects"][subject_id]["name"] + assert "policy_list" in result["subjects"][subject_id] + if policy_id: + assert policy_id in result["subjects"][subject_id]["policy_list"] + if description: + assert description in result["subjects"][subject_id]["description"] + + +def check_subject(subject_id=None, policy_id=None): + if policy_id: + req = requests.get(URL.format("/policies/{}/subjects".format(policy_id))) + else: + req = requests.get(URL.format("/subjects")) + assert req.status_code == 200 + result = req.json() + assert "subjects" in result + assert "name" in result["subjects"][subject_id] + assert subject_template["name"] == result["subjects"][subject_id]["name"] + if policy_id: + assert "policy_list" in result["subjects"][subject_id] + assert policy_id in result["subjects"][subject_id]["policy_list"] + + +def delete_subject(subject_id, policy_id=None): + if policy_id: + req = requests.delete(URL.format("/policies/{}/subjects/{}".format(policy_id, subject_id))) + else: + req = requests.delete(URL.format("/subjects/{}".format(subject_id))) + assert req.status_code == 200 + result = req.json() + assert type(result) is dict + assert "result" in result + assert result["result"] + + if policy_id: + req = requests.get(URL.format("/policies/{}/subjects".format(policy_id))) + else: + req = requests.get(URL.format("/subjects")) + assert req.status_code == 200 + result = req.json() + assert "subjects" in result + if subject_id in result["subjects"]: + assert "name" in result["subjects"][subject_id] + assert subject_template["name"] == result["subjects"][subject_id]["name"] + if policy_id: + assert "policy_list" in result["subjects"][subject_id] + assert policy_id not in result["subjects"][subject_id]["policy_list"] + + +def add_object(policy_id=None, name="test_object"): + object_template['name'] = name + if policy_id: + req = requests.post(URL.format("/policies/{}/objects".format(policy_id)), + json=object_template, headers=HEADERS) + else: + req = requests.post(URL.format("/objects"), json=object_template, headers=HEADERS) + assert req.status_code == 200 + result = req.json() + assert "objects" in result + object_id = list(result['objects'].keys())[0] + return object_id + + +def update_object(object_id, policy_id): + req = requests.patch(URL.format("/policies/{}/objects/{}".format(policy_id, object_id)), json={}) + assert req.status_code == 200 + result = req.json() + assert "objects" in result + assert "name" in result["objects"][object_id] + assert object_template["name"] == result["objects"][object_id]["name"] + assert "policy_list" in result["objects"][object_id] + assert policy_id in result["objects"][object_id]["policy_list"] + + +def check_object(object_id=None, policy_id=None): + if policy_id: + req = requests.get(URL.format("/policies/{}/objects".format(policy_id))) + else: + req = requests.get(URL.format("/objects")) + assert req.status_code == 200 + result = req.json() + assert "objects" in result + assert "name" in result["objects"][object_id] + assert object_template["name"] == result["objects"][object_id]["name"] + if policy_id: + assert "policy_list" in result["objects"][object_id] + assert policy_id in result["objects"][object_id]["policy_list"] + + +def delete_object(object_id, policy_id=None): + if policy_id: + req = requests.delete(URL.format("/policies/{}/objects/{}".format(policy_id, object_id))) + else: + req = requests.delete(URL.format("/objects/{}".format(object_id))) + assert req.status_code == 200 + result = req.json() + assert type(result) is dict + assert "result" in result + assert result["result"] + + if policy_id: + req = requests.get(URL.format("/policies/{}/objects".format(policy_id))) + else: + req = requests.get(URL.format("/objects")) + assert req.status_code == 200 + result = req.json() + assert "objects" in result + if object_id in result["objects"]: + assert "name" in result["objects"][object_id] + assert object_template["name"] == result["objects"][object_id]["name"] + if policy_id: + assert "policy_list" in result["objects"][object_id] + assert policy_id not in result["objects"][object_id]["policy_list"] + + +def add_action(policy_id=None, name="test_action"): + action_template['name'] = name + if policy_id: + req = requests.post(URL.format("/policies/{}/actions".format(policy_id)), + json=action_template, headers=HEADERS) + else: + req = requests.post(URL.format("/actions"), json=action_template, headers=HEADERS) + assert req.status_code == 200 + result = req.json() + assert "actions" in result + action_id = list(result['actions'].keys())[0] + return action_id + + +def update_action(action_id, policy_id): + req = requests.patch(URL.format("/policies/{}/actions/{}".format(policy_id, action_id)), json={}) + assert req.status_code == 200 + result = req.json() + assert "actions" in result + assert "name" in result["actions"][action_id] + assert action_template["name"] == result["actions"][action_id]["name"] + assert "policy_list" in result["actions"][action_id] + assert policy_id in result["actions"][action_id]["policy_list"] + + +def check_action(action_id=None, policy_id=None): + if policy_id: + req = requests.get(URL.format("/policies/{}/actions".format(policy_id))) + else: + req = requests.get(URL.format("/actions")) + assert req.status_code == 200 + result = req.json() + assert "actions" in result + assert "name" in result["actions"][action_id] + assert action_template["name"] == result["actions"][action_id]["name"] + if policy_id: + assert "policy_list" in result["actions"][action_id] + assert policy_id in result["actions"][action_id]["policy_list"] + + +def delete_action(action_id, policy_id=None): + if policy_id: + req = requests.delete(URL.format("/policies/{}/actions/{}".format(policy_id, action_id))) + else: + req = requests.delete(URL.format("/actions/{}".format(action_id))) + assert req.status_code == 200 + result = req.json() + assert type(result) is dict + assert "result" in result + assert result["result"] + + if policy_id: + req = requests.get(URL.format("/policies/{}/actions".format(policy_id))) + else: + req = requests.get(URL.format("/actions")) + assert req.status_code == 200 + result = req.json() + assert "actions" in result + if action_id in result["actions"]: + assert "name" in result["actions"][action_id] + assert action_template["name"] == result["actions"][action_id]["name"] + if policy_id: + assert "policy_list" in result["actions"][action_id] + assert policy_id not in result["actions"][action_id]["policy_list"] + + +def add_subject_data(policy_id, category_id, name="subject_data1"): + subject_data_template['name'] = name + req = requests.post(URL.format("/policies/{}/subject_data/{}".format(policy_id, category_id)), + json=subject_data_template, headers=HEADERS) + assert req.status_code == 200 + result = req.json() + assert "subject_data" in result + subject_id = list(result['subject_data']['data'].keys())[0] + return subject_id + + +def check_subject_data(policy_id, data_id, category_id): + req = requests.get(URL.format("/policies/{}/subject_data/{}".format(policy_id, category_id))) + assert req.status_code == 200 + result = req.json() + assert "subject_data" in result + for _data in result['subject_data']: + assert data_id in list(_data['data'].keys()) + assert category_id == _data["category_id"] + + +def delete_subject_data(policy_id, category_id, data_id): + req = requests.delete(URL.format("/policies/{}/subject_data/{}/{}".format(policy_id, category_id, data_id)), + headers=HEADERS) + assert req.status_code == 200 + req = requests.get(URL.format("/policies/{}/subject_data/{}".format(policy_id, category_id))) + assert req.status_code == 200 + result = req.json() + assert "subject_data" in result + for _data in result['subject_data']: + assert data_id not in list(_data['data'].keys()) + assert category_id == _data["category_id"] + + +def add_object_data(policy_id, category_id, name="object_data1"): + object_data_template['name'] = name + req = requests.post(URL.format("/policies/{}/object_data/{}".format(policy_id, category_id)), + json=object_data_template, headers=HEADERS) + assert req.status_code == 200 + result = req.json() + assert "object_data" in result + object_id = list(result['object_data']['data'].keys())[0] + return object_id + + +def check_object_data(policy_id, data_id, category_id): + req = requests.get(URL.format("/policies/{}/object_data/{}".format(policy_id, category_id))) + assert req.status_code == 200 + result = req.json() + assert "object_data" in result + for _data in result['object_data']: + assert data_id in list(_data['data'].keys()) + assert category_id == _data["category_id"] + + +def delete_object_data(policy_id, category_id, data_id): + req = requests.delete(URL.format("/policies/{}/object_data/{}/{}".format(policy_id, category_id, data_id)), + headers=HEADERS) + assert req.status_code == 200 + req = requests.get(URL.format("/policies/{}/object_data/{}".format(policy_id, category_id))) + assert req.status_code == 200 + result = req.json() + assert "object_data" in result + for _data in result['object_data']: + assert data_id not in list(_data['data'].keys()) + assert category_id == _data["category_id"] + + +def add_action_data(policy_id, category_id, name="action_data1"): + action_data_template['name'] = name + req = requests.post(URL.format("/policies/{}/action_data/{}".format(policy_id, category_id)), + json=action_data_template, headers=HEADERS) + assert req.status_code == 200 + result = req.json() + assert "action_data" in result + action_id = list(result['action_data']['data'].keys())[0] + return action_id + + +def check_action_data(policy_id, data_id, category_id): + req = requests.get(URL.format("/policies/{}/action_data/{}".format(policy_id, category_id))) + assert req.status_code == 200 + result = req.json() + assert "action_data" in result + for _data in result['action_data']: + assert data_id in list(_data['data'].keys()) + assert category_id == _data["category_id"] + + +def delete_action_data(policy_id, category_id, data_id): + req = requests.delete(URL.format("/policies/{}/action_data/{}/{}".format(policy_id, category_id, data_id)), + headers=HEADERS) + assert req.status_code == 200 + req = requests.get(URL.format("/policies/{}/action_data/{}".format(policy_id, category_id))) + assert req.status_code == 200 + result = req.json() + assert "action_data" in result + for _data in result['action_data']: + assert data_id not in list(_data['data'].keys()) + assert category_id == _data["category_id"] + + +def add_subject_assignments(policy_id, subject_id, subject_cat_id, subject_data_id): + req = requests.post(URL.format("/policies/{}/subject_assignments".format(policy_id)), + json={ + "id": subject_id, + "category_id": subject_cat_id, + "data_id": subject_data_id + }, headers=HEADERS) + assert req.status_code == 200 + result = req.json() + assert "subject_assignments" in result + assert result["subject_assignments"] + + +def check_subject_assignments(policy_id, subject_id, subject_cat_id, subject_data_id): + req = requests.get(URL.format("/policies/{}/subject_assignments/{}/{}/{}".format( + policy_id, subject_id, subject_cat_id, subject_data_id))) + assert req.status_code == 200 + result = req.json() + assert "subject_assignments" in result + assert result["subject_assignments"] + for key in result["subject_assignments"]: + assert "subject_id" in result["subject_assignments"][key] + assert "category_id" in result["subject_assignments"][key] + assert "assignments" in result["subject_assignments"][key] + if result["subject_assignments"][key]['subject_id'] == subject_id and \ + result["subject_assignments"][key]["category_id"] == subject_cat_id: + assert subject_data_id in result["subject_assignments"][key]["assignments"] + + +def check_object_assignments(policy_id, object_id, object_cat_id, object_data_id): + req = requests.get(URL.format("/policies/{}/object_assignments/{}/{}/{}".format( + policy_id, object_id, object_cat_id, object_data_id))) + assert req.status_code == 200 + result = req.json() + assert "object_assignments" in result + assert result["object_assignments"] + for key in result["object_assignments"]: + assert "object_id" in result["object_assignments"][key] + assert "category_id" in result["object_assignments"][key] + assert "assignments" in result["object_assignments"][key] + if result["object_assignments"][key]['object_id'] == object_id and \ + result["object_assignments"][key]["category_id"] == object_cat_id: + assert object_data_id in result["object_assignments"][key]["assignments"] + + +def check_action_assignments(policy_id, action_id, action_cat_id, action_data_id): + req = requests.get(URL.format("/policies/{}/action_assignments/{}/{}/{}".format( + policy_id, action_id, action_cat_id, action_data_id))) + assert req.status_code == 200 + result = req.json() + assert "action_assignments" in result + assert result["action_assignments"] + for key in result["action_assignments"]: + assert "action_id" in result["action_assignments"][key] + assert "category_id" in result["action_assignments"][key] + assert "assignments" in result["action_assignments"][key] + if result["action_assignments"][key]['action_id'] == action_id and \ + result["action_assignments"][key]["category_id"] == action_cat_id: + assert action_data_id in result["action_assignments"][key]["assignments"] + + +def add_object_assignments(policy_id, object_id, object_cat_id, object_data_id): + req = requests.post(URL.format("/policies/{}/object_assignments".format(policy_id)), + json={ + "id": object_id, + "category_id": object_cat_id, + "data_id": object_data_id + }, headers=HEADERS) + assert req.status_code == 200 + result = req.json() + assert "object_assignments" in result + assert result["object_assignments"] + + +def add_action_assignments(policy_id, action_id, action_cat_id, action_data_id): + req = requests.post(URL.format("/policies/{}/action_assignments".format(policy_id)), + json={ + "id": action_id, + "category_id": action_cat_id, + "data_id": action_data_id + }, headers=HEADERS) + assert req.status_code == 200 + result = req.json() + assert "action_assignments" in result + assert result["action_assignments"] + + +def delete_subject_assignment(policy_id, subject_id, subject_cat_id, subject_data_id): + req = requests.delete(URL.format("/policies/{}/subject_assignments/{}/{}/{}".format( + policy_id, subject_id, subject_cat_id, subject_data_id))) + assert req.status_code == 200 + result = req.json() + assert "result" in result + assert result["result"] + + req = requests.get(URL.format("/policies/{}/subject_assignments/{}/{}/{}".format( + policy_id, subject_id, subject_cat_id, subject_data_id))) + assert req.status_code == 200 + result = req.json() + assert "subject_assignments" in result + assert result["subject_assignments"] + for key in result["subject_assignments"]: + assert "subject_id" in result["subject_assignments"][key] + assert "category_id" in result["subject_assignments"][key] + assert "assignments" in result["subject_assignments"][key] + if result["subject_assignments"][key]['subject_id'] == subject_id and \ + result["subject_assignments"][key]["category_id"] == subject_cat_id: + assert subject_data_id not in result["subject_assignments"][key]["assignments"] + + +def delete_object_assignment(policy_id, object_id, object_cat_id, object_data_id): + req = requests.delete(URL.format("/policies/{}/object_assignments/{}/{}/{}".format( + policy_id, object_id, object_cat_id, object_data_id))) + assert req.status_code == 200 + result = req.json() + assert "result" in result + assert result["result"] + + req = requests.get(URL.format("/policies/{}/object_assignments/{}/{}/{}".format( + policy_id, object_id, object_cat_id, object_data_id))) + assert req.status_code == 200 + result = req.json() + assert "object_assignments" in result + assert result["object_assignments"] + for key in result["object_assignments"]: + assert "object_id" in result["object_assignments"][key] + assert "category_id" in result["object_assignments"][key] + assert "assignments" in result["object_assignments"][key] + if result["object_assignments"][key]['object_id'] == object_id and \ + result["object_assignments"][key]["category_id"] == object_cat_id: + assert object_data_id not in result["object_assignments"][key]["assignments"] + + +def delete_action_assignment(policy_id, action_id, action_cat_id, action_data_id): + req = requests.delete(URL.format("/policies/{}/action_assignments/{}/{}/{}".format( + policy_id, action_id, action_cat_id, action_data_id))) + assert req.status_code == 200 + result = req.json() + assert "result" in result + assert result["result"] + + req = requests.get(URL.format("/policies/{}/action_assignments/{}/{}/{}".format( + policy_id, action_id, action_cat_id, action_data_id))) + assert req.status_code == 200 + result = req.json() + assert "action_assignments" in result + assert result["action_assignments"] + for key in result["action_assignments"]: + assert "action_id" in result["action_assignments"][key] + assert "category_id" in result["action_assignments"][key] + assert "assignments" in result["action_assignments"][key] + if result["action_assignments"][key]['action_id'] == action_id and \ + result["action_assignments"][key]["category_id"] == action_cat_id: + assert action_data_id not in result["action_assignments"][key]["assignments"] + + +def add_rule(policy_id, meta_rule_id, rule, instructions={"chain": [{"security_pipeline": "rbac"}]}): + req = requests.post(URL.format("/policies/{}/rules".format(policy_id)), + json={ + "meta_rule_id": meta_rule_id, + "rule": rule, + "instructions": instructions, + "enabled": True + }, + headers=HEADERS) + assert req.status_code == 200 + result = req.json() + assert "rules" in result + try: + rule_id = list(result["rules"].keys())[0] + except Exception as e: + return False + assert "policy_id" in result["rules"][rule_id] + assert policy_id == result["rules"][rule_id]["policy_id"] + assert "meta_rule_id" in result["rules"][rule_id] + assert meta_rule_id == result["rules"][rule_id]["meta_rule_id"] + assert rule == result["rules"][rule_id]["rule"] + return rule_id + + +def check_rule(policy_id, meta_rule_id, rule_id, rule): + req = requests.get(URL.format("/policies/{}/rules".format(policy_id))) + assert req.status_code == 200 + result = req.json() + assert "rules" in result + assert "policy_id" in result["rules"] + assert policy_id == result["rules"]["policy_id"] + for item in result["rules"]["rules"]: + assert "meta_rule_id" in item + if meta_rule_id == item["meta_rule_id"]: + if rule_id == item["id"]: + assert rule == item["rule"] + + +def delete_rule(policy_id, rule_id): + req = requests.delete(URL.format("/policies/{}/rules/{}".format(policy_id, rule_id))) + assert req.status_code == 200 + result = req.json() + assert "result" in result + assert result["result"] + + req = requests.get(URL.format("/policies/{}/rules".format(policy_id))) + assert req.status_code == 200 + result = req.json() + assert "rules" in result + assert "policy_id" in result["rules"] + assert policy_id == result["rules"]["policy_id"] + found_rule = False + for item in result["rules"]["rules"]: + if rule_id == item["id"]: + found_rule = True + assert not found_rule diff --git a/moon_gui/README.md b/moon_gui/README.md index ff6e5a97..ea46b079 100644 --- a/moon_gui/README.md +++ b/moon_gui/README.md @@ -1,63 +1,71 @@ - -GUI for the Moon project -================================ - +# GUI for the Moon project This directory contains all the code for the Moon project It is designed to provide a running GUI of the Moon platform instance. - ## Usage - -### Prerequist -- `sudo apt-get install nodejs nodejs-legacy` -- `sudo npm install --global gulp-cli` - - -### Install all packages -- `cd $MOON_HOME/moon_gui` -- `sudo npm install` - -### Run the GUI -- `gulp webServerDelivery` -- Open your web browser - +- Prerequist + - `sudo apt-get install nodejs nodejs-legacy` + - `sudo npm install --global gulp-cli` +- Install all packages + - `cd $MOON_HOME/moon_gui` + - `sudo npm install` +- Run the GUI + - `gulp webServerDelivery` + - Open your web browser ## Configuration +- build the delivery package: `gulp delivery` +- launch the Web Server: `gulp webServerDelivery` -### Build the delivery package -- `gulp delivery` -### Launch the Web Server -- `gulp webServerDelivery` - -### Development - -During the development it is possible to use following commands : -- `gulp build` -Launch a Web Server -- `gulp webServer` +## Development +- during the development it is possible to use following commands: `gulp build` +- launch a Web Server: `gulp webServer` - Gulp webServer will refresh the browser when a file related to the application changed - - -### Constants -It is possible to change some constants (API endpoints) -- $MOON_HOME/moon_gui/static/app/moon.constants.js - - -### CORS +- it is possible to change some constants (API endpoints): `$MOON_HOME/moon_gui/static/app/moon.constants.js` +## CORS The GUI need to connect itself to Keystone and Moon. Opening CORS to the GUI WebServer is required. - -In order to modify Keystone : - -`cd $pathtoVmSpace/docker/keystone` - -Concerned file is run.sh - -In order to modify Moon : - -`cd $MOON_HOME/moon_interface/interface` - -Concerned file is http_server.py - +- modify Keystone: `$MOON_HOME/tools/moon_keystone/run.sh` +- modify Moon: `$MOON_HOME/moon_interface/interface/http_server.py` +## Usage +After authentication, you will see 4 tabs: Project, Models, Policies, PDP: + +* *Projects*: configure mapping between Keystone projects and PDP (Policy Decision Point) +* *Models*: configure templates of policies (for example RBAC or MLS) +* *Policies*: applied models or instantiated models ; +on one policy, you map a authorisation model and set subject, objects and action that will +rely on that model +* *PDP*: Policy Decision Point, this is the link between Policies and Keystone Project + +In the following paragraphs, we will add a new user in OpenStack and allow her to list +all VM on the OpenStack platform. + +First, add a new user and a new project in the OpenStack platform: + + openstack user create --password-prompt demo_user + openstack project create demo + DEMO_USER=$(openstack user list | grep demo_user | cut -d " " -f 2) + DEMO_PROJECT=$(openstack project list | grep demo | cut -d " " -f 2) + openstack role add --user $DEMO_USER --project $DEMO_PROJECT admin + +You have to add the same user in the Moon interface: + +1. go to the `Projects` tab in the Moon interface +1. go to the line corresponding to the new project and click to the `Map to a PDP` link +1. select in the combobox the MLS PDP and click `OK` +1. in the Moon interface, go to the `Policy` tab +1. go to the line corresponding to the MLS policy and click on the `actions->edit` button +1. scroll to the `Perimeters` line and click on the `show` link to show the perimeter configuration +1. go to the `Add a subject` line and click on `Add a new perimeter` +1. set the name of that subject to `demo_user` (*the name must be strictly identical*) +1. in the combobox named `Policy list` select the `MLS` policy and click on the `+` button +1. click on the yellow `Add Perimeter` button +1. go to the `Assignment` line and click on the `show` button +1. under the `Add a Assignments Subject` select the MLS policy, +the new user (`demo_user`), the category `subject_category_level` +1. in the `Select a Data` line, choose the `High` scope and click on the `+` link +1. click on the yellow `Create Assignments` button +1. if you go to the OpenStack platform, the `demo_user` is now allow to connect +to the Nova component (test with `openstack server list` connected with the `demo_user`) \ No newline at end of file diff --git a/moon_pythonunittest/Dockerfile b/moon_pythonunittest/Dockerfile new file mode 100644 index 00000000..b8fb5151 --- /dev/null +++ b/moon_pythonunittest/Dockerfile @@ -0,0 +1,8 @@ +FROM python:3 + +RUN pip install pytest requests_mock requests --upgrade +ADD requirements.txt /root +RUN pip install -r /root/requirements.txt --upgrade + +ADD run_tests.sh /root +CMD ["sh", "/root/run_tests.sh"] \ No newline at end of file diff --git a/moon_pythonunittest/README.md b/moon_pythonunittest/README.md new file mode 100644 index 00000000..45d3a988 --- /dev/null +++ b/moon_pythonunittest/README.md @@ -0,0 +1,8 @@ +# Python Unit Test Docker + +## Build +- `docker image build -t wukongsun/moon_python_unit_test .` + +## Push to DockerHub +- `docker login --username=wukongsun` +- `docker image push wukongsun/moon_python_unit_test` \ No newline at end of file diff --git a/moon_pythonunittest/requirements.txt b/moon_pythonunittest/requirements.txt new file mode 100644 index 00000000..b611b008 --- /dev/null +++ b/moon_pythonunittest/requirements.txt @@ -0,0 +1,10 @@ +kombu !=4.0.1,!=4.0.0 +oslo.messaging +oslo.config +oslo.log +vine +werkzeug +flask +requests +pytest +requests_mock \ No newline at end of file diff --git a/moon_pythonunittest/run_tests.sh b/moon_pythonunittest/run_tests.sh new file mode 100644 index 00000000..6c586f87 --- /dev/null +++ b/moon_pythonunittest/run_tests.sh @@ -0,0 +1,13 @@ +#!/usr/bin/env bash + +cd /data +pip3 install -r tests/unit_python/requirements.txt --upgrade +pip3 install . + +if [ -f /data/tests/unit_python/run_tests.sh ]; +then + bash /data/tests/unit_python/run_tests.sh; +fi + +cd /data/tests/unit_python +pytest . diff --git a/moonclient/Changelog b/moonclient/Changelog deleted file mode 100644 index 1326511a..00000000 --- a/moonclient/Changelog +++ /dev/null @@ -1,29 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - - -CHANGES -======= - -0.4.0 ------ - -* Add an argument to force the name of the logfile for test command. - -0.3.0 ------ - -* Return code matches now the number of error occurred during tests - -0.2.0 ------ - -* Update tests command by adding a "--self" attribute - - -0.1.0 ------ - -* Initialization of Moon Client \ No newline at end of file diff --git a/moonclient/LICENSE b/moonclient/LICENSE deleted file mode 100644 index 68c771a0..00000000 --- a/moonclient/LICENSE +++ /dev/null @@ -1,176 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - diff --git a/moonclient/MANIFEST.in b/moonclient/MANIFEST.in deleted file mode 100644 index ef125662..00000000 --- a/moonclient/MANIFEST.in +++ /dev/null @@ -1,5 +0,0 @@ -include README.rst -include Changelog -include LICENSE -include requirements.txt -graft moonclient/tests diff --git a/moonclient/README.rst b/moonclient/README.rst deleted file mode 100644 index 1263f187..00000000 --- a/moonclient/README.rst +++ /dev/null @@ -1,17 +0,0 @@ -Moon Client -=========== - -Installation ------------- - -* `sudo python setup.py install` - -* `cd ~/devstack || source openrc admin` - - -Manipulation ------------- - -* `moon tenant list` - - diff --git a/moonclient/moonclient/__init__.py b/moonclient/moonclient/__init__.py deleted file mode 100644 index 6a9beea8..00000000 --- a/moonclient/moonclient/__init__.py +++ /dev/null @@ -1 +0,0 @@ -__version__ = "0.4.0" diff --git a/moonclient/moonclient/action_assignments.py b/moonclient/moonclient/action_assignments.py deleted file mode 100644 index 5625a2f2..00000000 --- a/moonclient/moonclient/action_assignments.py +++ /dev/null @@ -1,149 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import logging - -from cliff.lister import Lister -from cliff.command import Command - - -class ActionAssignmentsList(Lister): - """List all action assignments.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ActionAssignmentsList, self).get_parser(prog_name) - parser.add_argument( - 'action_id', - metavar='', - help='Action UUID', - ) - parser.add_argument( - 'action_category_id', - metavar='', - help='Action category UUID', - ) - parser.add_argument( - '--intraextension', - metavar='', - help='IntraExtension UUID', - ) - return parser - - def __get_scope_from_id(self, intraextension_id, action_category_id, action_scope_id): - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/action_scopes/{}".format( - intraextension_id, action_category_id), - authtoken=True) - if action_scope_id in data: - return data[action_scope_id] - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/action_assignments/{}/{}".format( - parsed_args.intraextension, parsed_args.action_id, parsed_args.action_category_id), - authtoken=True) - return ( - ("id", "name"), - ((_id, self.__get_scope_from_id(parsed_args.intraextension, - parsed_args.action_category_id, - _id)['name']) for _id in data) - ) - - -class ActionAssignmentsAdd(Command): - """Add a new action assignment.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ActionAssignmentsAdd, self).get_parser(prog_name) - parser.add_argument( - 'action_id', - metavar='', - help='Action UUID', - ) - parser.add_argument( - 'action_category_id', - metavar='', - help='Action category UUID', - ) - parser.add_argument( - 'action_scope_id', - metavar='', - help='Action scope UUID', - ) - parser.add_argument( - '--intraextension', - metavar='', - help='IntraExtension UUID', - ) - return parser - - def __get_scope_from_id(self, intraextension_id, action_category_id, action_scope_id): - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/action_scopes/{}".format( - intraextension_id, action_category_id), - authtoken=True) - if action_scope_id in data: - return data[action_scope_id] - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/action_assignments".format(parsed_args.intraextension), - post_data={ - "action_id": parsed_args.action_id, - "action_category_id": parsed_args.action_category_id, - "action_scope_id": parsed_args.action_scope_id}, - authtoken=True) - return ( - ("id", "name"), - ((_id, self.__get_scope_from_id(parsed_args.intraextension, - parsed_args.action_category_id, - _id)['name']) for _id in data) - ) - - -class ActionAssignmentsDelete(Command): - """Delete an action assignment.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ActionAssignmentsDelete, self).get_parser(prog_name) - parser.add_argument( - 'action_id', - metavar='', - help='Action UUID', - ) - parser.add_argument( - 'action_category_id', - metavar='', - help='Action category UUID', - ) - parser.add_argument( - 'action_scope_id', - metavar='', - help='Action scope UUID', - ) - parser.add_argument( - '--intraextension', - metavar='', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/action_assignments/{}/{}/{}".format( - parsed_args.intraextension, - parsed_args.action_id, - parsed_args.action_category_id, - parsed_args.action_scope_id), - method="DELETE", - authtoken=True - ) \ No newline at end of file diff --git a/moonclient/moonclient/action_categories.py b/moonclient/moonclient/action_categories.py deleted file mode 100644 index bf7cb7e1..00000000 --- a/moonclient/moonclient/action_categories.py +++ /dev/null @@ -1,102 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import logging - -from cliff.lister import Lister -from cliff.command import Command - - -class ActionCategoriesList(Lister): - """List all action categories.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ActionCategoriesList, self).get_parser(prog_name) - parser.add_argument( - '--intraextension', - metavar='', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/action_categories".format(parsed_args.intraextension), - authtoken=True) - return ( - ("id", "name", "description"), - ((_uuid, data[_uuid]["name"], data[_uuid]["description"]) for _uuid in data) - ) - - -class ActionCategoriesAdd(Command): - """Add a new action category.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ActionCategoriesAdd, self).get_parser(prog_name) - parser.add_argument( - 'action_category_name', - metavar='', - help='Action category name', - ) - parser.add_argument( - '--intraextension', - metavar='', - help='IntraExtension UUID', - ) - parser.add_argument( - '--description', - metavar='', - help='Action category description', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/action_categories".format(parsed_args.intraextension), - post_data={ - "action_category_name": parsed_args.action_category_name, - "action_category_description": parsed_args.description}, - authtoken=True) - return ( - ("id", "name", "description"), - ((_uuid, data[_uuid]["name"], data[_uuid]["description"]) for _uuid in data) - ) - - -class ActionCategoriesDelete(Command): - """Delete an action category.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ActionCategoriesDelete, self).get_parser(prog_name) - parser.add_argument( - 'action_category_id', - metavar='', - help='Action category UUID', - ) - parser.add_argument( - '--intraextension', - metavar='', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/action_categories/{}".format( - parsed_args.intraextension, - parsed_args.action_category_id), - method="DELETE", - authtoken=True - ) \ No newline at end of file diff --git a/moonclient/moonclient/action_scopes.py b/moonclient/moonclient/action_scopes.py deleted file mode 100644 index 9ddf8d4e..00000000 --- a/moonclient/moonclient/action_scopes.py +++ /dev/null @@ -1,123 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import logging - -from cliff.lister import Lister -from cliff.command import Command - - -class ActionScopesList(Lister): - """List all action scopes.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ActionScopesList, self).get_parser(prog_name) - parser.add_argument( - 'action_category_id', - metavar='', - help='Action category UUID', - ) - parser.add_argument( - '--intraextension', - metavar='', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/action_scopes/{}".format( - parsed_args.intraextension, parsed_args.action_category_id), - authtoken=True) - self.log.debug(data) - return ( - ("id", "name", "description"), - ((_id, data[_id]["name"], data[_id]["description"]) for _id in data) - ) - - -class ActionScopesAdd(Command): - """Add a new action scope.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ActionScopesAdd, self).get_parser(prog_name) - parser.add_argument( - 'action_category_id', - metavar='', - help='Action category UUID', - ) - parser.add_argument( - 'action_scope_name', - metavar='', - help='Action scope name', - ) - parser.add_argument( - '--description', - metavar='', - help='Description', - ) - parser.add_argument( - '--intraextension', - metavar='', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/action_scopes/{}".format( - parsed_args.intraextension, parsed_args.action_category_id), - post_data={ - "action_scope_name": parsed_args.action_scope_name, - "action_scope_description": parsed_args.description, - }, - authtoken=True) - return ( - ("id", "name", "description"), - ((_id, data[_id]["name"], data[_id]["description"]) for _id in data) - ) - - -class ActionScopesDelete(Command): - """Delete an action scope.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ActionScopesDelete, self).get_parser(prog_name) - parser.add_argument( - 'action_category_id', - metavar='', - help='Action category UUID', - ) - parser.add_argument( - 'action_scope_id', - metavar='', - help='Action scope UUID', - ) - parser.add_argument( - '--intraextension', - metavar='', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/action_scopes/{}/{}".format( - parsed_args.intraextension, - parsed_args.action_category_id, - parsed_args.action_scope_id - ), - method="DELETE", - authtoken=True - ) \ No newline at end of file diff --git a/moonclient/moonclient/actions.py b/moonclient/moonclient/actions.py deleted file mode 100644 index 9fbad13a..00000000 --- a/moonclient/moonclient/actions.py +++ /dev/null @@ -1,102 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import logging - -from cliff.lister import Lister -from cliff.command import Command - - -class ActionsList(Lister): - """List all actions.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ActionsList, self).get_parser(prog_name) - parser.add_argument( - '--intraextension', - metavar='', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/actions".format(parsed_args.intraextension), - authtoken=True) - return ( - ("id", "name", "description"), - ((_uuid, data[_uuid]['name'], data[_uuid]['description']) for _uuid in data) - ) - - -class ActionsAdd(Command): - """Add a new action.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ActionsAdd, self).get_parser(prog_name) - parser.add_argument( - 'action_name', - metavar='', - help='Action name', - ) - parser.add_argument( - '--intraextension', - metavar='', - help='IntraExtension UUID', - ) - parser.add_argument( - '--description', - metavar='', - help='Action description', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/actions".format(parsed_args.intraextension), # TODO: check method POST? - post_data={ - "action_name": parsed_args.action_name, - "action_description": parsed_args.description}, - authtoken=True) - return ( - ("id", "name", "description"), - ((_uuid, data[_uuid]['name'], data[_uuid]['description']) for _uuid in data) - ) - - -class ActionsDelete(Command): - """Delete an action.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ActionsDelete, self).get_parser(prog_name) - parser.add_argument( - 'action_id', - metavar='', - help='Action UUID', - ) - parser.add_argument( - '--intraextension', - metavar='', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/actions/{}".format( - parsed_args.intraextension, - parsed_args.action_id), - method="DELETE", - authtoken=True - ) \ No newline at end of file diff --git a/moonclient/moonclient/configuration.py b/moonclient/moonclient/configuration.py deleted file mode 100644 index a05d7151..00000000 --- a/moonclient/moonclient/configuration.py +++ /dev/null @@ -1,64 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import logging - -from cliff.lister import Lister - - -class TemplatesList(Lister): - """List all policy templates.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(TemplatesList, self).get_parser(prog_name) - return parser - - def take_action(self, parsed_args): - templates = self.app.get_url(self.app.url_prefix+"/configuration/templates", authtoken=True) - return ( - ("id", "name", "description"), - ((template_id, templates[template_id]["name"], templates[template_id]["description"]) - for template_id in templates) - ) - - -class AggregationAlgorithmsList(Lister): - """List all aggregation algorithms.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(AggregationAlgorithmsList, self).get_parser(prog_name) - return parser - - def take_action(self, parsed_args): - templates = self.app.get_url(self.app.url_prefix+"/configuration/aggregation_algorithms", authtoken=True) - return ( - ("id", "name", "description"), - ((template_id, templates[template_id]["name"], templates[template_id]["description"]) - for template_id in templates) - ) - - -class SubMetaRuleAlgorithmsList(Lister): - """List all sub meta rule algorithms.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(SubMetaRuleAlgorithmsList, self).get_parser(prog_name) - return parser - - def take_action(self, parsed_args): - templates = self.app.get_url(self.app.url_prefix+"/configuration/sub_meta_rule_algorithms", authtoken=True) - return ( - ("id", "name", "description"), - ((template_id, templates[template_id]["name"], templates[template_id]["description"]) - for template_id in templates) - ) - - diff --git a/moonclient/moonclient/intraextension.py b/moonclient/moonclient/intraextension.py deleted file mode 100644 index f66aabbc..00000000 --- a/moonclient/moonclient/intraextension.py +++ /dev/null @@ -1,170 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import logging - -from cliff.command import Command -from cliff.lister import Lister -from cliff.show import ShowOne -import os - - -class IntraExtensionSelect(Command): - """Select an Intra_Extension to work with.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(IntraExtensionSelect, self).get_parser(prog_name) - parser.add_argument( - 'id', - metavar='', - help='IntraExtension UUID to select', - ) - return parser - - def take_action(self, parsed_args): - ie = self.app.get_url(self.app.url_prefix+"/intra_extensions", authtoken=True) - if parsed_args.id in ie.keys(): - self.app.intraextension = parsed_args.id - self.app.stdout.write("Select {} IntraExtension.\n".format(self.app.intraextension)) - else: - self.app.stdout.write("IntraExtension {} unknown.\n".format(parsed_args.id)) - return - - -class IntraExtensionCreate(Command): - """Create a new Intra_Extension.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(IntraExtensionCreate, self).get_parser(prog_name) - parser.add_argument( - 'name', - metavar='', - help='New IntraExtension name', - ) - parser.add_argument( - '--policy_model', - metavar='', - help='Policy model name (Template for the new IntraExtension)', - ) - parser.add_argument( - '--description', - metavar='', - help='New IntraExtension description', - default="" - ) - return parser - - def take_action(self, parsed_args): - post_data = { - "intra_extension_name": parsed_args.name, - "intra_extension_model": parsed_args.policy_model, - "intra_extension_description": parsed_args.description - } - ie = self.app.get_url(self.app.url_prefix+"/intra_extensions", post_data=post_data, authtoken=True) - if "id" not in ie: - raise Exception("Error in command {}".format(ie)) - self.app.stdout.write("IntraExtension created: {}\n".format(ie["id"])) - return - - -class IntraExtensionList(Lister): - """List all Intra_Extensions.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(IntraExtensionList, self).get_parser(prog_name) - return parser - - def take_action(self, parsed_args): - ie = self.app.get_url(self.app.url_prefix+"/intra_extensions", authtoken=True) - return ( - ("id", "name", "model"), - ((_id, ie[_id]["name"], ie[_id]["model"]) for _id in ie.keys()) - ) - - -class IntraExtensionDelete(Command): - """Delete an Intra_Extension.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(IntraExtensionDelete, self).get_parser(prog_name) - parser.add_argument( - 'uuid', - metavar='', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - self.app.get_url(self.app.url_prefix+"/intra_extensions/{}".format(parsed_args.uuid), - method="DELETE", - authtoken=True) - - -class IntraExtensionInit(Command): - """Initialize the root Intra_Extension (if needed).""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(IntraExtensionInit, self).get_parser(prog_name) - return parser - - def take_action(self, parsed_args): - self.app.get_url(self.app.url_prefix+"/intra_extensions/init", - method="GET", - authtoken=True) - - -class IntraExtensionShow(ShowOne): - """Show detail about one Intra_Extension.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(IntraExtensionShow, self).get_parser(prog_name) - parser.add_argument( - 'uuid', - metavar='', - help='IntraExtension UUID (put "selected" if you want to show the selected IntraExtension)', - default="selected" - ) - return parser - - def take_action(self, parsed_args): - intra_extension_id = parsed_args.uuid - if parsed_args.uuid == "selected": - intra_extension_id = self.app.intraextension - self.log.debug("self.app.intraextension={}".format(intra_extension_id)) - ie = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}".format(intra_extension_id), authtoken=True) - self.log.debug("ie={}".format(ie)) - if "id" not in ie: - self.log.error("Unknown intraextension {}".format(intra_extension_id)) - raise Exception() - try: - columns = ( - "id", - "name", - "description", - "model", - "genre" - ) - data = ( - ie["id"], - ie["name"], - ie["description"], - ie["model"], - ie["genre"] - ) - return columns, data - except Exception as e: - self.app.stdout.write(str(e)) diff --git a/moonclient/moonclient/logs.py b/moonclient/moonclient/logs.py deleted file mode 100644 index e65a530d..00000000 --- a/moonclient/moonclient/logs.py +++ /dev/null @@ -1,96 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import logging - -from cliff.lister import Lister -from cliff.command import Command -from cliff.show import ShowOne - - -class LogsList(Lister): - """List all logs.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(LogsList, self).get_parser(prog_name) - parser.add_argument( - '--filter', - metavar='', - help='Filter strings (example: "OK" or "authz")', - ) - parser.add_argument( - '--fromdate', - metavar='', - help='Filter logs by date (example: "2015-04-15-13:45:20")', - ) - parser.add_argument( - '--todate', - metavar='', - help='Filter logs by date (example: "2015-04-15-13:45:20")', - ) - parser.add_argument( - '--number', - metavar='', - help='Show only logs', - ) - return parser - - @staticmethod - def split_into_line(line, max_char=60): - """ Split a long line into multiple lines - - :param line: the line to split - :param max_char: maximal characters to have on one line - :return: a string with new lines - """ - words = line.split(" ") - return_line = "" - prev_modulo = 0 - while True: - try: - modulo = len(return_line) % max_char - if modulo < prev_modulo: - return_line += "\n" + words.pop(0) + " " - else: - return_line += words.pop(0) + " " - prev_modulo = modulo - except IndexError: - return return_line - - def split_time_message(self, line): - """Split a log string into a table (date, message) - - :param line: the line to split - :return: a table (date, message) - """ - _time, _blank, _message = line.split(" ", 2) - return _time, self.split_into_line(_message) - - def take_action(self, parsed_args): - filter_str = parsed_args.filter - from_date = parsed_args.fromdate - to_date = parsed_args.todate - number = parsed_args.number - options = list() - if filter_str: - options.append("filter={}".format(filter_str)) - if from_date: - options.append("from={}".format(from_date)) - if to_date: - options.append("to={}".format(to_date)) - if number: - options.append("event_number={}".format(number)) - if len(options) > 0: - url = self.app.url_prefix+"/logs/{}".format(",".join(options)) - else: - url = self.app.url_prefix+"/logs" - data = self.app.get_url(url, authtoken=True) - return ( - ("Time", "Message",), - (self.split_time_message(log) for log in data) - ) - diff --git a/moonclient/moonclient/metarules.py b/moonclient/moonclient/metarules.py deleted file mode 100644 index 6727711e..00000000 --- a/moonclient/moonclient/metarules.py +++ /dev/null @@ -1,214 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import logging - -from cliff.lister import Lister -from cliff.command import Command -from cliff.show import ShowOne - - -class AggregationAlgorithmsList(Lister): - """List all aggregation algorithms.""" - - log = logging.getLogger(__name__) - - def __get_aggregation_algorithm_from_id(self, algorithm_id): - algorithms = self.app.get_url(self.app.url_prefix+"/configuration/aggregation_algorithms", authtoken=True) - if algorithm_id in algorithms: - return algorithms[algorithm_id] - return dict() - - def get_parser(self, prog_name): - parser = super(AggregationAlgorithmsList, self).get_parser(prog_name) - parser.add_argument( - '--intraextension', - metavar='', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/aggregation_algorithm".format( - parsed_args.intraextension), - authtoken=True) - algorithm = self.__get_aggregation_algorithm_from_id(data['aggregation_algorithm']) - return ( - ("id", "name", "description"), - ((data['aggregation_algorithm'], algorithm["name"], algorithm["description"]), ) - ) - - -class AggregationAlgorithmSet(Command): - """Set the current aggregation algorithm.""" - - log = logging.getLogger(__name__) - - def __get_aggregation_algorithm_from_id(self, algorithm_id): - algorithms = self.app.get_url(self.app.url_prefix+"/configuration/aggregation_algorithms", authtoken=True) - if algorithm_id in algorithms: - return algorithms[algorithm_id] - return dict() - - def get_parser(self, prog_name): - parser = super(AggregationAlgorithmSet, self).get_parser(prog_name) - parser.add_argument( - 'aggregation_algorithm_id', - metavar='', - help='Aggregation algorithm UUID', - ) - parser.add_argument( - '--intraextension', - metavar='', - help='IntraExtension UUID', - ) - parser.add_argument( - '--description', - metavar='', - help='Action description', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/aggregation_algorithm".format( - parsed_args.intraextension), - post_data={ - "aggregation_algorithm_id": parsed_args.aggregation_algorithm_id, - "aggregation_algorithm_description": parsed_args.description}, - authtoken=True) - algorithm = self.__get_aggregation_algorithm_from_id(data['aggregation_algorithm']) - return ( - ("id",), - (algorithm,) - ) - - -class SubMetaRuleShow(Lister): - """Show the current sub meta rule.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(SubMetaRuleShow, self).get_parser(prog_name) - parser.add_argument( - '--intraextension', - metavar='', - help='IntraExtension UUID', - ) - return parser - - def __get_subject_category_name(self, intraextension, subject_category_id): - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/subject_categories".format(intraextension), - authtoken=True) - if subject_category_id in data: - return data[subject_category_id]["name"] - - def __get_object_category_name(self, intraextension, object_category_id): - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/object_categories".format(intraextension), - authtoken=True) - if object_category_id in data: - return data[object_category_id]["name"] - - def __get_action_category_name(self, intraextension, action_category_id): - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/action_categories".format(intraextension), - authtoken=True) - if action_category_id in data: - return data[action_category_id]["name"] - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/sub_meta_rules".format(parsed_args.intraextension), - authtoken=True) - return ( - ("id", "name", "algorithm", "subject categories", "object categories", "action categories"), - (( - key, - value["name"], - value["algorithm"], - ", ".join([self.__get_subject_category_name(parsed_args.intraextension, cat) for cat in value["subject_categories"]]), - ", ".join([self.__get_object_category_name(parsed_args.intraextension, cat) for cat in value["object_categories"]]), - ", ".join([self.__get_action_category_name(parsed_args.intraextension, cat) for cat in value["action_categories"]]), - ) for key, value in data.iteritems()) - ) - - -class SubMetaRuleSet(Command): - """Set the current sub meta rule.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(SubMetaRuleSet, self).get_parser(prog_name) - parser.add_argument( - 'submetarule_id', - metavar='', - help='Sub Meta Rule UUID (example: "12346")', - ) - parser.add_argument( - '--algorithm_name', - metavar='', - help='algorithm to use (example: "inclusion")', - ) - parser.add_argument( - '--name', - metavar='', - help='name to set (example: "my new sub meta rule")', - ) - parser.add_argument( - '--subject_category_id', - metavar='', - help='subject category UUID (example: "12346,")', - ) - parser.add_argument( - '--object_category_id', - metavar='', - help='object category UUID (example: "12346")', - ) - parser.add_argument( - '--action_category_id', - metavar='', - help='action category UUID (example: "12346,0987654")', - ) - parser.add_argument( - '--intraextension', - metavar='', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - subject_category_id = parsed_args.subject_category_id - if not subject_category_id: - subject_category_id = "" - object_category_id = parsed_args.object_category_id - if not object_category_id: - object_category_id = "" - action_category_id = parsed_args.action_category_id - if not action_category_id: - action_category_id = "" - subject_category_id = map(lambda x: x.strip(), subject_category_id.split(',')) - action_category_id = map(lambda x: x.strip(), action_category_id.split(',')) - object_category_id = map(lambda x: x.strip(), object_category_id.split(',')) - sub_meta_rule_id = parsed_args.submetarule_id - post_data = dict() - post_data["sub_meta_rule_name"] = parsed_args.name - post_data["sub_meta_rule_algorithm"] = parsed_args.algorithm_name - post_data["sub_meta_rule_subject_categories"] = filter(lambda x: x, subject_category_id) - post_data["sub_meta_rule_object_categories"] = filter(lambda x: x, object_category_id) - post_data["sub_meta_rule_action_categories"] = filter(lambda x: x, action_category_id) - self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/sub_meta_rules/{}".format(parsed_args.intraextension, - sub_meta_rule_id), - post_data=post_data, - method="POST", - authtoken=True) - - diff --git a/moonclient/moonclient/object_assignments.py b/moonclient/moonclient/object_assignments.py deleted file mode 100644 index 0942aa6f..00000000 --- a/moonclient/moonclient/object_assignments.py +++ /dev/null @@ -1,149 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import logging - -from cliff.lister import Lister -from cliff.command import Command - - -class ObjectAssignmentsList(Lister): - """List all object assignments.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ObjectAssignmentsList, self).get_parser(prog_name) - parser.add_argument( - 'object_id', - metavar='', - help='Object UUID', - ) - parser.add_argument( - 'object_category_id', - metavar='', - help='Object category UUID', - ) - parser.add_argument( - '--intraextension', - metavar='', - help='IntraExtension UUID', - ) - return parser - - def __get_scope_from_id(self, intraextension_id, object_category_id, object_scope_id): - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/object_scopes/{}".format( - intraextension_id, object_category_id), - authtoken=True) - if object_scope_id in data: - return data[object_scope_id] - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/object_assignments/{}/{}".format( - parsed_args.intraextension, parsed_args.object_id, parsed_args.object_category_id), - authtoken=True) - return ( - ("id", "name"), - ((_id, self.__get_scope_from_id(parsed_args.intraextension, - parsed_args.object_category_id, - _id)['name']) for _id in data) - ) - - -class ObjectAssignmentsAdd(Command): - """Add a new object assignment.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ObjectAssignmentsAdd, self).get_parser(prog_name) - parser.add_argument( - 'object_id', - metavar='', - help='Object UUID', - ) - parser.add_argument( - 'object_category_id', - metavar='', - help='Object category UUID', - ) - parser.add_argument( - 'object_scope_id', - metavar='', - help='Object scope UUID', - ) - parser.add_argument( - '--intraextension', - metavar='', - help='IntraExtension UUID', - ) - return parser - - def __get_scope_from_id(self, intraextension_id, object_category_id, object_scope_id): - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/object_scopes/{}".format( - intraextension_id, object_category_id), - authtoken=True) - if object_scope_id in data: - return data[object_scope_id] - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/object_assignments".format(parsed_args.intraextension), - post_data={ - "object_id": parsed_args.object_id, - "object_category_id": parsed_args.object_category_id, - "object_scope_id": parsed_args.object_scope_id}, - authtoken=True) - return ( - ("id", "name"), - ((_id, self.__get_scope_from_id(parsed_args.intraextension, - parsed_args.object_category_id, - _id)['name']) for _id in data) - ) - - -class ObjectAssignmentsDelete(Command): - """Delete an object assignment.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ObjectAssignmentsDelete, self).get_parser(prog_name) - parser.add_argument( - 'object_id', - metavar='', - help='Object UUID', - ) - parser.add_argument( - 'object_category_id', - metavar='', - help='Object category UUID', - ) - parser.add_argument( - 'object_scope_id', - metavar='', - help='Object scope UUID', - ) - parser.add_argument( - '--intraextension', - metavar='', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/object_assignments/{}/{}/{}".format( - parsed_args.intraextension, - parsed_args.object_id, - parsed_args.object_category_id, - parsed_args.object_scope_id), - method="DELETE", - authtoken=True - ) \ No newline at end of file diff --git a/moonclient/moonclient/object_categories.py b/moonclient/moonclient/object_categories.py deleted file mode 100644 index 5641f4bf..00000000 --- a/moonclient/moonclient/object_categories.py +++ /dev/null @@ -1,102 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import logging - -from cliff.lister import Lister -from cliff.command import Command - - -class ObjectCategoriesList(Lister): - """List all Intra_Extensions.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ObjectCategoriesList, self).get_parser(prog_name) - parser.add_argument( - '--intraextension', - metavar='', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/object_categories".format(parsed_args.intraextension), - authtoken=True) - return ( - ("id", "name", "description"), - ((_uuid, data[_uuid]["name"], data[_uuid]["description"]) for _uuid in data) - ) - - -class ObjectCategoriesAdd(Command): - """Add a new object category.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ObjectCategoriesAdd, self).get_parser(prog_name) - parser.add_argument( - 'object_category_name', - metavar='', - help='Object category name', - ) - parser.add_argument( - '--intraextension', - metavar='', - help='IntraExtension UUID', - ) - parser.add_argument( - '--description', - metavar='', - help='Object category description', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/object_categories".format(parsed_args.intraextension), - post_data={ - "object_category_name": parsed_args.object_category_name, - "object_category_description": parsed_args.description}, - authtoken=True) - return ( - ("id", "name", "description"), - ((_uuid, data[_uuid]["name"], data[_uuid]["description"]) for _uuid in data) - ) - - -class ObjectCategoriesDelete(Command): - """Delete an object category.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ObjectCategoriesDelete, self).get_parser(prog_name) - parser.add_argument( - 'object_category_id', - metavar='', - help='Object category UUID', - ) - parser.add_argument( - '--intraextension', - metavar='', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/object_categories/{}".format( - parsed_args.intraextension, - parsed_args.object_category_id), - method="DELETE", - authtoken=True - ) \ No newline at end of file diff --git a/moonclient/moonclient/object_scopes.py b/moonclient/moonclient/object_scopes.py deleted file mode 100644 index 41b9aef6..00000000 --- a/moonclient/moonclient/object_scopes.py +++ /dev/null @@ -1,123 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import logging - -from cliff.lister import Lister -from cliff.command import Command - - -class ObjectScopesList(Lister): - """List all object scopes.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ObjectScopesList, self).get_parser(prog_name) - parser.add_argument( - 'object_category_id', - metavar='', - help='Object category UUID', - ) - parser.add_argument( - '--intraextension', - metavar='', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/object_scopes/{}".format( - parsed_args.intraextension, parsed_args.object_category_id), - authtoken=True) - self.log.debug(data) # TODO: why log here? - return ( - ("id", "name", "description"), - ((_id, data[_id]["name"], data[_id]["description"]) for _id in data) - ) - - -class ObjectScopesAdd(Command): - """Add a new object scope.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ObjectScopesAdd, self).get_parser(prog_name) - parser.add_argument( - 'object_category_id', - metavar='', - help='Object category UUID', - ) - parser.add_argument( - 'object_scope_name', - metavar='', - help='Object scope name', - ) - parser.add_argument( - '--intraextension', - metavar='', - help='IntraExtension UUID', - ) - parser.add_argument( - '--description', - metavar='', - help='Description', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/object_scopes/{}".format( - parsed_args.intraextension, parsed_args.object_category_id), - post_data={ - "object_scope_name": parsed_args.object_scope_name, - "object_scope_description": parsed_args.description, - }, - authtoken=True) - return ( - ("id", "name", "description"), - ((_id, data[_id]["name"], data[_id]["description"]) for _id in data) - ) - - -class ObjectScopesDelete(Command): - """Delete an object scope.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ObjectScopesDelete, self).get_parser(prog_name) - parser.add_argument( - 'object_category_id', - metavar='', - help='Object category UUID', - ) - parser.add_argument( - 'object_scope_id', - metavar='', - help='Object scope UUID', - ) - parser.add_argument( - '--intraextension', - metavar='', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/object_scopes/{}/{}".format( - parsed_args.intraextension, - parsed_args.object_category_id, - parsed_args.object_scope_id - ), - method="DELETE", - authtoken=True - ) \ No newline at end of file diff --git a/moonclient/moonclient/objects.py b/moonclient/moonclient/objects.py deleted file mode 100644 index 0fc04ab8..00000000 --- a/moonclient/moonclient/objects.py +++ /dev/null @@ -1,102 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import logging - -from cliff.lister import Lister -from cliff.command import Command - - -class ObjectsList(Lister): - """List all objects.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ObjectsList, self).get_parser(prog_name) - parser.add_argument( - '--intraextension', - metavar='', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/objects".format(parsed_args.intraextension), - authtoken=True) - return ( - ("id", "name", "description"), - ((_uuid, data[_uuid]["name"], data[_uuid]["description"]) for _uuid in data) - ) - - -class ObjectsAdd(Command): - """Add a new object.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ObjectsAdd, self).get_parser(prog_name) - parser.add_argument( - 'object_name', - metavar='', - help='Object name', - ) - parser.add_argument( - '--intraextension', - metavar='', - help='IntraExtension UUID', - ) - parser.add_argument( - '--description', - metavar='', - help='Object description', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/objects".format(parsed_args.intraextension), - post_data={ - "object_name": parsed_args.object_name, - "object_description": parsed_args.description}, - authtoken=True) - return ( - ("id", "name", "description"), - ((_uuid, data[_uuid]["name"], data[_uuid]["description"]) for _uuid in data) - ) - - -class ObjectsDelete(Command): - """List all Intra_Extensions.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ObjectsDelete, self).get_parser(prog_name) - parser.add_argument( - 'object_id', - metavar='', - help='Object UUID', - ) - parser.add_argument( - '--intraextension', - metavar='', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/objects/{}".format( - parsed_args.intraextension, - parsed_args.object_id), - method="DELETE", - authtoken=True - ) \ No newline at end of file diff --git a/moonclient/moonclient/rules.py b/moonclient/moonclient/rules.py deleted file mode 100644 index 207533a8..00000000 --- a/moonclient/moonclient/rules.py +++ /dev/null @@ -1,242 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import logging - -from cliff.lister import Lister -from cliff.command import Command -from cliff.show import ShowOne - - -class RulesList(Lister): - """List all rules.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(RulesList, self).get_parser(prog_name) - parser.add_argument( - 'submetarule_id', - metavar='', - help='Sub Meta Rule UUID', - ) - parser.add_argument( - '--intraextension', - metavar='', - help='IntraExtension UUID', - ) - return parser - - def __get_subject_category_name(self, intraextension, category_id): - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/subject_categories".format(intraextension), - authtoken=True) - if category_id in data: - return data[category_id]["name"] - - def __get_object_category_name(self, intraextension, category_id): - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/object_categories".format(intraextension), - authtoken=True) - if category_id in data: - return data[category_id]["name"] - - def __get_action_category_name(self, intraextension, category_id): - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/action_categories".format(intraextension), - authtoken=True) - if category_id in data: - return data[category_id]["name"] - - def __get_subject_scope_name(self, intraextension, category_id, scope_id): - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/subject_scopes/{}".format(intraextension, category_id), - authtoken=True) - if scope_id in data: - return data[scope_id]["name"] - return scope_id - - def __get_object_scope_name(self, intraextension, category_id, scope_id): - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/object_scopes/{}".format(intraextension, category_id), - authtoken=True) - if scope_id in data: - return data[scope_id]["name"] - return scope_id - - def __get_action_scope_name(self, intraextension, category_id, scope_id): - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/action_scopes/{}".format(intraextension, category_id), - authtoken=True) - if scope_id in data: - return data[scope_id]["name"] - return scope_id - - def __get_headers(self, intraextension, submetarule_id): - headers = list() - headers.append("") - headers.append("id") - self.sub_meta_rules = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/sub_meta_rules".format(intraextension), - authtoken=True) - for cat in self.sub_meta_rules[submetarule_id]["subject_categories"]: - headers.append("s:" + self.__get_subject_category_name(intraextension, cat)) - for cat in self.sub_meta_rules[submetarule_id]["action_categories"]: - headers.append("a:" + self.__get_action_category_name(intraextension, cat)) - for cat in self.sub_meta_rules[submetarule_id]["object_categories"]: - headers.append("o:" + self.__get_object_category_name(intraextension, cat)) - headers.append("enabled") - return headers - - def __get_data(self, intraextension, submetarule_id, data_dict): - rules = list() - cpt = 0 - for key in data_dict: - sub_rule = list() - sub_rule.append(cpt) - cpt += 1 - sub_rule.append(key) - rule_item = list(data_dict[key]) - for cat in self.sub_meta_rules[submetarule_id]["subject_categories"]: - sub_rule.append(self.__get_subject_scope_name(intraextension, cat, rule_item.pop(0))) - for cat in self.sub_meta_rules[submetarule_id]["action_categories"]: - sub_rule.append(self.__get_action_scope_name(intraextension, cat, rule_item.pop(0))) - for cat in self.sub_meta_rules[submetarule_id]["object_categories"]: - sub_rule.append(self.__get_object_scope_name(intraextension, cat, rule_item.pop(0))) - sub_rule.append(rule_item.pop(0)) - rules.append(sub_rule) - return rules - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/rule/{}".format( - parsed_args.intraextension, - parsed_args.submetarule_id, - ), - authtoken=True) - self.log.debug(data) - headers = self.__get_headers(parsed_args.intraextension, parsed_args.submetarule_id) - data_list = self.__get_data(parsed_args.intraextension, parsed_args.submetarule_id, data) - return ( - headers, - data_list - ) - - -class RuleAdd(Command): - """Add a new rule.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(RuleAdd, self).get_parser(prog_name) - parser.add_argument( - 'submetarule_id', - metavar='', - help='Sub Meta Rule UUID', - ) - parser.add_argument( - 'rule', - metavar='', - help='Rule list (example: admin,start,servers) with that ordering: subject, action, object', - ) - parser.add_argument( - '--intraextension', - metavar='', - help='IntraExtension UUID', - ) - return parser - - def __get_subject_scope_id(self, intraextension, category_id, scope_name): - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/subject_scopes/{}".format(intraextension, category_id), - authtoken=True) - self.log.debug("__get_subject_scope_id {}".format(data)) - for scope_id in data: - if data[scope_id]["name"] == scope_name: - return scope_id - return scope_name - - def __get_object_scope_id(self, intraextension, category_id, scope_name): - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/object_scopes/{}".format(intraextension, category_id), - authtoken=True) - self.log.debug("__get_action_scope_id {}".format(data)) - for scope_id in data: - if data[scope_id]["name"] == scope_name: - return scope_id - return scope_name - - def __get_action_scope_id(self, intraextension, category_id, scope_name): - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/action_scopes/{}".format(intraextension, category_id), - authtoken=True) - self.log.debug("__get_object_scope_id {}".format(data)) - for scope_id in data: - if data[scope_id]["name"] == scope_name: - return scope_id - return scope_name - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - self.sub_meta_rules = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/sub_meta_rules".format( - parsed_args.intraextension), - authtoken=True) - new_rule = map(lambda x: x.strip(), parsed_args.rule.split(",")) - post = { - "subject_categories": [], - "object_categories": [], - "action_categories": [], - "enabled": True - } - for cat in self.sub_meta_rules[parsed_args.submetarule_id]["subject_categories"]: - self.log.debug("annalysing s {}".format(cat)) - post["subject_categories"].append(self.__get_subject_scope_id( - parsed_args.intraextension, cat, new_rule.pop(0)) - ) - for cat in self.sub_meta_rules[parsed_args.submetarule_id]["action_categories"]: - self.log.debug("annalysing a {}".format(cat)) - post["action_categories"].append(self.__get_action_scope_id( - parsed_args.intraextension, cat, new_rule.pop(0)) - ) - for cat in self.sub_meta_rules[parsed_args.submetarule_id]["object_categories"]: - self.log.debug("annalysing o {}".format(cat)) - post["object_categories"].append(self.__get_object_scope_id( - parsed_args.intraextension, cat, new_rule.pop(0)) - ) - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/rule/{}".format( - parsed_args.intraextension, parsed_args.submetarule_id), - post_data=post, - authtoken=True) - - -class RuleDelete(Command): - """Delete a new rule.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(RuleDelete, self).get_parser(prog_name) - parser.add_argument( - 'submetarule_id', - metavar='', - help='Sub Meta Rule UUID', - ) - parser.add_argument( - 'rule_id', - metavar='', - help='Rule UUID', - ) - parser.add_argument( - '--intraextension', - metavar='', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - self.app.get_url( - self.app.url_prefix+"/intra_extensions/{intra_extensions_id}/rule/{submetarule_id}/{rule_id}".format( - intra_extensions_id=parsed_args.intraextension, - submetarule_id=parsed_args.submetarule_id, - rule_id=parsed_args.rule_id - ), - method="DELETE", - authtoken=True - ) diff --git a/moonclient/moonclient/shell.py b/moonclient/moonclient/shell.py deleted file mode 100644 index 8be73621..00000000 --- a/moonclient/moonclient/shell.py +++ /dev/null @@ -1,264 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import logging -import sys -import json -import httplib -import os - -from cliff.app import App -from cliff.commandmanager import CommandManager -import moonclient - - -def get_env_creds(admin_token=False): - d = dict() - if 'OS_SERVICE_ENDPOINT' in os.environ.keys() or 'OS_USERNAME' in os.environ.keys(): - if admin_token: - d['endpoint'] = os.environ['OS_SERVICE_ENDPOINT'] - d['token'] = os.environ['OS_SERVICE_TOKEN'] - else: - d['username'] = os.environ['OS_USERNAME'] - d['password'] = os.environ['OS_PASSWORD'] - d['auth_url'] = os.environ['OS_AUTH_URL'] - d['tenant_name'] = os.environ['OS_TENANT_NAME'] - return d - - -class MoonClient(App): - - log = logging.getLogger(__name__) - x_subject_token = None - host = "localhost" - port = "35358" - tenant = None - _intraextension = None - _tenant_id = None - _tenant_name = None - secureprotocol = False - user_saving_file = ".moonclient" - url_prefix = "/moon" - _nb_error = 0 - post = { - "auth": { - "identity": { - "methods": [ - "password" - ], - "password": { - "user": { - "domain": { - "id": "Default" - }, - "name": "admin", - "password": "nomoresecrete" - } - } - }, - "scope": { - "project": { - "domain": { - "id": "Default" - }, - "name": "demo" - } - } - } - } - - def __init__(self): - super(MoonClient, self).__init__( - description='Moon Python Client', - version=moonclient.__version__, - command_manager=CommandManager('moon.client'), - ) - creds = get_env_creds() - self.post["auth"]["identity"]["password"]["user"]["password"] = creds["password"] - self.post["auth"]["identity"]["password"]["user"]["name"] = creds["username"] - self.post["auth"]["scope"]["project"]["name"] = creds["tenant_name"] - self.host = creds["auth_url"].replace("https://", "").replace("http://", "").split("/")[0].split(":")[0] - self.port = creds["auth_url"].replace("https://", "").replace("http://", "").split("/")[0].split(":")[1] - if "https" in creds["auth_url"]: - self.secureprotocol = True - else: - self.secureprotocol = False - self._tenant_name = creds["tenant_name"] - self.parser.add_argument( - '--username', - metavar='', - help='Force OpenStack username', - default=None - ) - self.parser.add_argument( - '--tenant', - metavar='', - help='Force OpenStack tenant', - default=None - ) - self.parser.add_argument( - '--password', - metavar='', - help='Force OpenStack password', - default=None - ) - self.parser.add_argument( - '--authurl', - metavar='', - help='Force OpenStack authentication URL', - default=None - ) - - @property - def tenant_id(self): - if not self._tenant_id: - self._tenant_id = self.get_url("/v3/projects?name={}".format(self._tenant_name), - authtoken=True, port=5000)["projects"][0]["id"] - return self._tenant_id - - @property - def tenant_name(self): - return self._tenant_name - - @property - def intraextension(self): - return open(os.path.join(os.getenv('HOME'), self.user_saving_file)).read().strip() - - @intraextension.setter - def intraextension(self, value): - self._intraextension = value - open(os.path.join(os.getenv('HOME'), self.user_saving_file), "w").write(value) - - @property - def nb_error(self): - return self._nb_error - - def incr_error(self, msg=""): - self._nb_error += 1 - if not msg: - print("INCREMENTING ERRORS {}".format(self._nb_error)) - else: - print("INCREMENTING ERRORS {} [{}]".format(self._nb_error, msg)) - - def get_tenant_uuid(self, tenant_name): - return self.get_url("/v3/projects?name={}".format(tenant_name), authtoken=True, port=5000)["projects"][0]["id"] - - def get_url(self, url, post_data=None, delete_data=None, method="GET", authtoken=None, port=None): - if post_data: - method = "POST" - if delete_data: - method = "DELETE" - self.log.debug("\033[32m{} {}\033[m".format(method, url)) - # TODO: we must manage authentication and requests with secure protocol (ie. HTTPS) - if not port: - port = self.port - conn = httplib.HTTPConnection(self.host, int(port)) - self.log.debug("Host: {}:{}".format(self.host, self.port)) - headers = { - "Content-type": "application/x-www-form-urlencoded", - "Accept": "text/plain,text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", - } - if authtoken: - if self.x_subject_token: - headers["X-Auth-Token"] = self.x_subject_token - if post_data: - method = "POST" - headers["Content-type"] = "application/json" - post_data = json.dumps(post_data) - conn.request(method, url, post_data, headers=headers) - elif delete_data: - method = "DELETE" - conn.request(method, url, json.dumps(delete_data), headers=headers) - else: - conn.request(method, url, headers=headers) - resp = conn.getresponse() - headers = resp.getheaders() - try: - self.x_subject_token = dict(headers)["x-subject-token"] - except KeyError: - pass - content = resp.read() - conn.close() - if len(content) == 0: - return {} - try: - content = json.loads(content) - if "error" in content: - try: - raise Exception("Getting an error while requiring {} ({}: {}, {})".format( - url, - content['error']['code'], - content['error']['title'], - content['error']['message'], - )) - except ValueError: - raise Exception("Bad error format while requiring {} ({})".format(url, content)) - return content - except ValueError: - raise Exception("Getting an error while requiring {} ({})".format(url, content)) - finally: - self.log.debug(str(content)) - - def auth_keystone(self, username=None, password=None, host=None, port=None, tenant=None): - """Send a new authentication request to Keystone - - :param username: user identification name - :return: - """ - if username: - self.post["auth"]["identity"]["password"]["user"]["name"] = username - if password: - self.post["auth"]["identity"]["password"]["user"]["password"] = password - if tenant: - self.post["auth"]["scope"]["project"]["name"] = tenant - if host: - self.host = host - if port: - self.port = port - data = self.get_url("/v3/auth/tokens", post_data=self.post) - if "token" not in data: - raise Exception("Authentication problem ({})".format(data)) - - def initialize_app(self, argv): - self.log.debug('initialize_app: {}'.format(argv)) - if self.options.username: - self.post["auth"]["identity"]["password"]["user"]["name"] = self.options.username - self.log.debug("change username {}".format(self.options.username)) - if self.options.password: - self.post["auth"]["identity"]["password"]["user"]["password"] = self.options.password - self.log.debug("change password") - if self.options.tenant: - self.post["auth"]["scope"]["project"]["name"] = self.options.tenant - self._tenant_name = self.options.tenant - self.log.debug("change tenant {}".format(self.options.tenant)) - if self.options.authurl: - self.host = self.options.authurl.replace("https://", "").replace("http://", "").split("/")[0].split(":")[0] - self.port = self.options.authurl.replace("https://", "").replace("http://", "").split("/")[0].split(":")[1] - if "https" in self.options.authurl: - self.secureprotocol = True - else: - self.secureprotocol = False - data = self.get_url("/v3/auth/tokens", post_data=self.post) - if "token" not in data: - raise Exception("Authentication problem ({})".format(data)) - - def prepare_to_run_command(self, cmd): - self.log.debug('prepare_to_run_command %s', cmd.__class__.__name__) - - def clean_up(self, cmd, result, err): - self.log.debug('clean_up %s', cmd.__class__.__name__) - if err: - self.log.debug('got an error: %s', err) - self.log.debug("result: {}".format(result)) - - -def main(argv=sys.argv[1:]): - myapp = MoonClient() - myapp.run(argv) - return myapp.nb_error - - -if __name__ == '__main__': - sys.exit(main(sys.argv[1:])) diff --git a/moonclient/moonclient/subject_assignments.py b/moonclient/moonclient/subject_assignments.py deleted file mode 100644 index ec5e9549..00000000 --- a/moonclient/moonclient/subject_assignments.py +++ /dev/null @@ -1,149 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import logging - -from cliff.lister import Lister -from cliff.command import Command - - -class SubjectAssignmentsList(Lister): - """List all subject assignments.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(SubjectAssignmentsList, self).get_parser(prog_name) - parser.add_argument( - 'subject_id', - metavar='', - help='Subject UUID', - ) - parser.add_argument( - 'subject_category_id', - metavar='', - help='Subject category UUID', - ) - parser.add_argument( - '--intraextension', - metavar='', - help='IntraExtension UUID', - ) - return parser - - def __get_scope_from_id(self, intraextension_id, subject_category_id, subject_scope_id): - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/subject_scopes/{}".format( - intraextension_id, subject_category_id), - authtoken=True) - if subject_scope_id in data: - return data[subject_scope_id] - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/subject_assignments/{}/{}".format( - parsed_args.intraextension, parsed_args.subject_id, parsed_args.subject_category_id), - authtoken=True) - return ( - ("id", "name"), - ((_id, self.__get_scope_from_id(parsed_args.intraextension, - parsed_args.subject_category_id, - _id)['name']) for _id in data) - ) - - -class SubjectAssignmentsAdd(Command): - """Add a new subject assignment.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(SubjectAssignmentsAdd, self).get_parser(prog_name) - parser.add_argument( - 'subject_id', - metavar='', - help='Subject UUID', - ) - parser.add_argument( - 'subject_category_id', - metavar='', - help='Subject category id', - ) - parser.add_argument( - 'subject_scope_id', - metavar='', - help='Subject scope UUID', - ) - parser.add_argument( - '--intraextension', - metavar='', - help='IntraExtension UUID', - ) - return parser - - def __get_scope_from_id(self, intraextension_id, subject_category_id, subject_scope_id): - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/subject_scopes/{}".format( - intraextension_id, subject_category_id), - authtoken=True) - if subject_scope_id in data: - return data[subject_scope_id] - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/subject_assignments".format(parsed_args.intraextension), - post_data={ - "subject_id": parsed_args.subject_id, - "subject_category_id": parsed_args.subject_category_id, - "subject_scope_id": parsed_args.subject_scope_id}, - authtoken=True) - return ( - ("id", "name"), - ((_id, self.__get_scope_from_id(parsed_args.intraextension, - parsed_args.subject_category_id, - _id)['name']) for _id in data) - ) - - -class SubjectAssignmentsDelete(Command): - """Delete a subject assignment.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(SubjectAssignmentsDelete, self).get_parser(prog_name) - parser.add_argument( - 'subject_id', - metavar='', - help='Subject UUID', - ) - parser.add_argument( - 'subject_category_id', - metavar='', - help='Subject category UUID', - ) - parser.add_argument( - 'subject_scope_id', - metavar='', - help='Subject scope UUID', - ) - parser.add_argument( - '--intraextension', - metavar='', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/subject_assignments/{}/{}/{}".format( - parsed_args.intraextension, - parsed_args.subject_id, - parsed_args.subject_category_id, - parsed_args.subject_scope_id), - method="DELETE", - authtoken=True - ) \ No newline at end of file diff --git a/moonclient/moonclient/subject_categories.py b/moonclient/moonclient/subject_categories.py deleted file mode 100644 index 810b0b5f..00000000 --- a/moonclient/moonclient/subject_categories.py +++ /dev/null @@ -1,102 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import logging - -from cliff.lister import Lister -from cliff.command import Command - - -class SubjectCategoriesList(Lister): - """List all subject categories.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(SubjectCategoriesList, self).get_parser(prog_name) - parser.add_argument( - '--intraextension', - metavar='', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/subject_categories".format(parsed_args.intraextension), - authtoken=True) - return ( - ("id", "name", "description"), - ((_uuid, data[_uuid]["name"], data[_uuid]["description"]) for _uuid in data) - ) - - -class SubjectCategoriesAdd(Command): - """Add a new subject category.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(SubjectCategoriesAdd, self).get_parser(prog_name) - parser.add_argument( - 'subject_category_name', - metavar='', - help='Subject category name', - ) - parser.add_argument( - '--intraextension', - metavar='', - help='IntraExtension UUID', - ) - parser.add_argument( - '--description', - metavar='', - help='Subject category description', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/subject_categories".format(parsed_args.intraextension), - post_data={ - "subject_category_name": parsed_args.subject_category_name, - "subject_category_description": parsed_args.description}, - authtoken=True) - return ( - ("id", "name", "description"), - ((_uuid, data[_uuid]["name"], data[_uuid]["description"]) for _uuid in data) - ) - - -class SubjectCategoriesDelete(Command): - """Delete a subject category.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(SubjectCategoriesDelete, self).get_parser(prog_name) - parser.add_argument( - 'subject_category_id', - metavar='', - help='Subject category UUID', - ) - parser.add_argument( - '--intraextension', - metavar='', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/subject_categories/{}".format( - parsed_args.intraextension, - parsed_args.subject_category_id), - method="DELETE", - authtoken=True - ) \ No newline at end of file diff --git a/moonclient/moonclient/subject_scopes.py b/moonclient/moonclient/subject_scopes.py deleted file mode 100644 index 90cc5dcc..00000000 --- a/moonclient/moonclient/subject_scopes.py +++ /dev/null @@ -1,123 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import logging - -from cliff.lister import Lister -from cliff.command import Command - - -class SubjectScopesList(Lister): - """List all subject scopes.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(SubjectScopesList, self).get_parser(prog_name) - parser.add_argument( - 'subject_category_id', - metavar='', - help='Subject category UUID', - ) - parser.add_argument( - '--intraextension', - metavar='', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/subject_scopes/{}".format( - parsed_args.intraextension, - parsed_args.subject_category_id), - authtoken=True) - return ( - ("id", "name", "description"), - ((_id, data[_id]["name"], data[_id]["description"]) for _id in data) - ) - - -class SubjectScopesAdd(Command): - """Add a new subject scope.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(SubjectScopesAdd, self).get_parser(prog_name) - parser.add_argument( - 'subject_category_id', - metavar='', - help='Subject category UUID', - ) - parser.add_argument( - 'subject_scope_name', - metavar='', - help='Subject scope Name', - ) - parser.add_argument( - '--description', - metavar='', - help='Description', - ) - parser.add_argument( - '--intraextension', - metavar='', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/subject_scopes/{}".format( - parsed_args.intraextension, parsed_args.subject_category_id), - post_data={ - "subject_scope_name": parsed_args.subject_scope_name, - "subject_scope_description": parsed_args.description, - }, - authtoken=True) - return ( - ("id", "name", "description"), - ((_id, data[_id]["name"], data[_id]["description"]) for _id in data) - ) - - -class SubjectScopesDelete(Command): - """Delete a subject scope.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(SubjectScopesDelete, self).get_parser(prog_name) - parser.add_argument( - 'subject_category_id', - metavar='', - help='Subject category UUID', - ) - parser.add_argument( - 'subject_scope_id', - metavar='', - help='Subject scope UUID', - ) - parser.add_argument( - '--intraextension', - metavar='', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/subject_scopes/{}/{}".format( - parsed_args.intraextension, - parsed_args.subject_category_id, - parsed_args.subject_scope_id - ), - method="DELETE", - authtoken=True - ) \ No newline at end of file diff --git a/moonclient/moonclient/subjects.py b/moonclient/moonclient/subjects.py deleted file mode 100644 index 678caf5b..00000000 --- a/moonclient/moonclient/subjects.py +++ /dev/null @@ -1,119 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import logging - -from cliff.lister import Lister -from cliff.command import Command -import getpass - - -class SubjectsList(Lister): - """List all subjects.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(SubjectsList, self).get_parser(prog_name) - parser.add_argument( - '--intraextension', - metavar='', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/subjects".format(parsed_args.intraextension), - authtoken=True) - return ( - ("id", "name", "Keystone ID"), - ((_uuid, data[_uuid]["name"], data[_uuid]["keystone_id"]) for _uuid in data) - ) - - -class SubjectsAdd(Command): - """add a new subject.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(SubjectsAdd, self).get_parser(prog_name) - parser.add_argument( - 'subject_name', - metavar='', - help='Subject name', - ) - parser.add_argument( - '--intraextension', - metavar='', - help='IntraExtension UUID', - ) - parser.add_argument( - '--description', - metavar='', - help='Subject description', - ) - parser.add_argument( - '--subject_pass', - metavar='', - help='Password for subject (if not given, user will be prompted for one)', - ) - parser.add_argument( - '--email', - metavar='', - help='Email for the user', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - if not parsed_args.subject_pass: - parsed_args.password = getpass.getpass("Password for user {}:".format(parsed_args.subject_name)) - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/subjects".format(parsed_args.intraextension), - post_data={ - "subject_name": parsed_args.subject_name, - "subject_description": parsed_args.description, - "subject_password": parsed_args.subject_pass, - "subject_email": parsed_args.email - }, - authtoken=True) - return ( - ("id", "name", "Keystone ID"), - ((_uuid, data[_uuid]["name"], data[_uuid]["keystone_id"]) for _uuid in data) - ) - - -class SubjectsDelete(Command): - """Delete a subject.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(SubjectsDelete, self).get_parser(prog_name) - parser.add_argument( - 'subject_id', - metavar='', - help='Subject UUID', - ) - parser.add_argument( - '--intraextension', - metavar='', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/subjects/{}".format( - parsed_args.intraextension, - parsed_args.subject_id - ), - method="DELETE", - authtoken=True - ) \ No newline at end of file diff --git a/moonclient/moonclient/tenants.py b/moonclient/moonclient/tenants.py deleted file mode 100644 index 99c6e501..00000000 --- a/moonclient/moonclient/tenants.py +++ /dev/null @@ -1,200 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import logging - -from cliff.lister import Lister -from cliff.command import Command - - -class TenantList(Lister): - """List all tenants.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(TenantList, self).get_parser(prog_name) - return parser - - def take_action(self, parsed_args): - tenants = self.app.get_url(self.app.url_prefix+"/tenants", authtoken=True) - self.log.debug(tenants) - return ( - ("id", "name", "description", "intra_authz_extension_id", "intra_admin_extension_id"), - (( - tenant_id, - tenants[tenant_id]["name"], - tenants[tenant_id]["description"], - tenants[tenant_id]["intra_authz_extension_id"], - tenants[tenant_id]["intra_admin_extension_id"], - ) - for tenant_id in tenants) - ) - - -class TenantAdd(Command): - """Add a tenant.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(TenantAdd, self).get_parser(prog_name) - parser.add_argument( - 'tenant_name', - metavar='', - help='Tenant name', - ) - parser.add_argument( - '--authz', - metavar='', - help='Authz IntraExtension UUID', - ) - parser.add_argument( - '--admin', - metavar='', - help='Admin IntraExtension UUID', - ) - parser.add_argument( - '--desc', - metavar='', - help='Tenant description', - ) - return parser - - def take_action(self, parsed_args): - post_data = dict() - post_data["tenant_name"] = parsed_args.tenant_name - if parsed_args.authz: - post_data["tenant_intra_authz_extension_id"] = parsed_args.authz - if parsed_args.admin: - post_data["tenant_intra_admin_extension_id"] = parsed_args.admin - if parsed_args.desc: - post_data["tenant_description"] = parsed_args.desc - tenants = self.app.get_url(self.app.url_prefix+"/tenants", - post_data=post_data, - authtoken=True) - return ( - ("id", "name", "description", "intra_authz_extension_id", "intra_admin_extension_id"), - (( - tenant_id, - tenants[tenant_id]["name"], - tenants[tenant_id]["description"], - tenants[tenant_id]["intra_authz_extension_id"], - tenants[tenant_id]["intra_admin_extension_id"], - ) - for tenant_id in tenants) - ) - - -class TenantShow(Command): - """Show information of one tenant.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(TenantShow, self).get_parser(prog_name) - parser.add_argument( - 'tenant_name', - metavar='', - help='Tenant name', - ) - return parser - - def take_action(self, parsed_args): - tenants = self.app.get_url(self.app.url_prefix+"/tenants/{}".format(parsed_args.tenant_name), - authtoken=True) - return ( - ("id", "name", "description", "intra_authz_extension_id", "intra_admin_extension_id"), - (( - tenant_id, - tenants[tenant_id]["name"], - tenants[tenant_id]["description"], - tenants[tenant_id]["intra_authz_extension_id"], - tenants[tenant_id]["intra_admin_extension_id"], - ) - for tenant_id in tenants) - ) - - -class TenantSet(Command): - """Modify a tenant.""" - - log = logging.getLogger(__name__) - - # TODO: could use a PATCH method also - def get_parser(self, prog_name): - parser = super(TenantSet, self).get_parser(prog_name) - parser.add_argument( - 'tenant_id', - metavar='', - help='Tenant UUID', - ) - parser.add_argument( - '--name', - metavar='', - help='Tenant name', - ) - parser.add_argument( - '--authz', - metavar='', - help='Authz IntraExtension UUID', - ) - parser.add_argument( - '--admin', - metavar='', - help='Admin IntraExtension UUID', - ) - parser.add_argument( - '--desc', - metavar='', - help='Tenant description', - ) - return parser - - def take_action(self, parsed_args): - post_data = dict() - post_data["tenant_id"] = parsed_args.tenant_id - if parsed_args.name: - post_data["tenant_name"] = parsed_args.tenant_name - if parsed_args.authz is not None: - post_data["tenant_intra_authz_extension_id"] = parsed_args.authz - if parsed_args.admin is not None: - post_data["tenant_intra_admin_extension_id"] = parsed_args.admin - if parsed_args.desc is not None: - post_data["tenant_description"] = parsed_args.desc - tenants = self.app.get_url(self.app.url_prefix+"/tenants/{}".format(post_data["tenant_id"]), - post_data=post_data, - authtoken=True) - return ( - ("id", "name", "description", "authz", "admin"), - (( - tenant_id, - tenants[tenant_id]["name"], - tenants[tenant_id]["description"], - tenants[tenant_id]["intra_authz_extension_id"], - tenants[tenant_id]["intra_admin_extension_id"], - ) - for tenant_id in tenants) - ) - - -class TenantDelete(Command): - """Delete a tenant.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(TenantDelete, self).get_parser(prog_name) - parser.add_argument( - 'tenant_id', - metavar='', - help='Tenant UUID', - ) - return parser - - def take_action(self, parsed_args): - self.app.get_url(self.app.url_prefix+"/tenants/{}".format(parsed_args.tenant_id), - method="DELETE", - authtoken=True) diff --git a/moonclient/moonclient/tests.py b/moonclient/moonclient/tests.py deleted file mode 100644 index b2c02f11..00000000 --- a/moonclient/moonclient/tests.py +++ /dev/null @@ -1,251 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import logging -import json -import shlex -import re -from cliff.lister import Lister -from cliff.command import Command -from uuid import uuid4 -import os -import time -import subprocess -import glob - - -class TestsLaunch(Lister): - """Tests launcher.""" - - log = logging.getLogger(__name__) - result_vars = dict() - logfile_name = "/tmp/moonclient_test_{}.log".format(time.strftime("%Y%m%d-%H%M%S")) - logfile = open(logfile_name, "w") - TIME_FORMAT = '%Y-%m-%d %H:%M:%S' - - def get_parser(self, prog_name): - parser = super(TestsLaunch, self).get_parser(prog_name) - parser.add_argument( - '--stop-on-error', action="store_true", - help='Stop the test on the first error', - ) - parser.add_argument( - '--self', action="store_true", - help='Execute all internal tests', - ) - parser.add_argument( - 'testfile', - metavar='', - nargs='?', - help='Filenames that contains tests to run ' - '(examples: /path/to/test.json, /path/to/directory/, ' - '"/path/to/*-file.json" -- don\'t forget the quote)', - ) - parser.add_argument( - '--logfile', - metavar='', - help='Force Log filename.', - default=None - ) - return parser - - def __replace_var_in_str(self, data_str): - self.log.debug("__replace_var_in_str " + data_str) - for exp in re.findall("\$\w+", data_str): - self.log.debug("--->" + exp + str(self.result_vars)) - if exp.replace("$", "") in self.result_vars: - data_str = re.sub(exp.replace("$", "\$") + "(?!\w)", self.result_vars[exp.replace("$", "")], data_str) - self.log.debug("__replace_var_in_str " + data_str) - return data_str - - def __compare_results(self, expected, observed): - match = re.search(expected, observed) - if match: - self.result_vars.update(match.groupdict()) - return True - return False - - def take_action(self, parsed_args): - if parsed_args.logfile: - self.logfile_name = parsed_args.logfile - self.log.info("Write tests output to {}".format(self.logfile_name)) - if parsed_args.self: - import sys - import moonclient # noqa - parsed_args.testfile = os.path.join(sys.modules['moonclient'].__path__[0], "tests") - if parsed_args.testfile and os.path.isfile(parsed_args.testfile): - return self.test_file(parsed_args.testfile) - else: - cpt = 1 - filenames = [] - global_result = {} - if os.path.isdir(parsed_args.testfile): - filenames = glob.glob(parsed_args.testfile + "/*.json") - else: - filenames = glob.glob(parsed_args.testfile) - for filename in filenames: - if os.path.isfile(filename): - self.log.info("\n\033[1m\033[32mExecuting {} ({}/{})\033[m".format(filename, cpt, len(filenames))) - global_result[filename] = self.test_file(filename) - cpt += 1 - results = [] - for result_id, result_values in global_result.iteritems(): - result_ok = True - # self.log.info(result_id) - # self.log.info(result_values[1]) - log_filename = "" - for value in result_values[1]: - if "False" in value[2]: - result_ok = False - if "Overall results" in value[1]: - log_filename = value[3] - if result_ok: - results.append((result_id, "\033[32mTrue\033[m", log_filename)) - else: - results.append((result_id, "\033[1m\033[31mFalse\033[m", log_filename)) - return ( - ("filename", "results", "log file"), - results - ) - - def test_file(self, testfile): - if not self.logfile_name: - self.logfile_name = "/tmp/moonclient_test_{}.log".format(time.strftime("%Y%m%d-%H%M%S")) - self.logfile = open(self.logfile_name, "a") - self.logfile.write(80*"=" + "\n") - self.logfile.write(testfile + "\n\n") - stdout_back = self.app.stdout - tests_dict = json.load(open(testfile)) - self.log.debug("tests_dict = {}".format(tests_dict)) - global_command_options = "" - if "command_options" in tests_dict: - global_command_options = tests_dict["command_options"] - data = list() - for group_name, tests_list in tests_dict["tests_group"].iteritems(): - overall_result = True - self.log.info("\n\033[1mgroup {}\033[0m".format(group_name)) - self.logfile.write("{}:\n\n".format(group_name)) - test_count = len(tests_list) - for test in tests_list: - result_str = "" - error_str = "" - if "auth_name" in test or "auth_password" in test or "auth_url" in test: - username = None - password = None - tenant = None - host = None - port = None - description = "" - if "auth_name" in test: - username = test["auth_name"] - os.environ["OS_USERNAME"] = test["auth_name"] - if "auth_password" in test: - password = test["auth_password"] - os.environ["OS_PASSWORD"] = test["auth_password"] - if "auth_tenant" in test: - tenant = test["auth_tenant"] - os.environ["OS_TENANT_NAME"] = test["auth_tenant"] - if "auth_host" in test: - host = test["auth_host"] - if "auth_port" in test: - port = test["auth_port"] - if "description" in test: - description = test["description"] - self.app.auth_keystone(username, password, host, port, tenant) - title = "Change auth to " - if username: - title += username - if host: - title += "@" + host - if port: - title += ":" + port - title += "\n" - self.logfile.write(time.strftime(self.TIME_FORMAT) + " " + title + "\n") - self.log.info(title.strip()) - data_tmp = list() - data_tmp.append("") - data_tmp.append(title.strip()) - data_tmp.append("\033[32mOK\033[m") - data_tmp.append(description.strip()) - data.append(data_tmp) - continue - data_tmp = list() - tmp_filename = os.path.join("/tmp", "moon_{}.tmp".format(uuid4().hex)) - tmp_filename_fd = open(tmp_filename, "w") - self.log.debug("test={}".format(test)) - if "command" not in test: - if "external_command" in test: - ext_command = test["external_command"] - else: - continue - ext_command = self.__replace_var_in_str(ext_command) - self.logfile.write(time.strftime(self.TIME_FORMAT) + " " + "-----> {}\n".format(ext_command)) - self.log.info(" \\-executing external \"{}\"".format(ext_command)) - pipe = subprocess.Popen(shlex.split(ext_command), stdout=subprocess.PIPE, stderr=subprocess.PIPE) - com = pipe.communicate() - result_str = com[0] - error_str = com[1] - self.logfile.write("stdout: {}\n".format(result_str)) - self.logfile.write("stderr: {}\n".format(error_str)) - if "command" in test: - if "command_options" in test: - command = test["command"] + " " + test["command_options"] - else: - command = test["command"] + " " + global_command_options - command = self.__replace_var_in_str(command) - self.logfile.write(time.strftime(self.TIME_FORMAT) + " " + - test["name"] + " " + - "-----> {}\n".format(command)) - self.log.info(" \\-executing {}".format(command)) - self.app.stdout = tmp_filename_fd - result_id = self.app.run_subcommand(shlex.split(command)) - tmp_filename_fd.close() - self.app.stdout = stdout_back - result_str = open(tmp_filename, "r").read() - self.logfile.write("{}".format(result_str)) - os.unlink(tmp_filename) - data_tmp.append(group_name) - data_tmp.append(test["name"]) - if "result" in test: - compare = self.__compare_results(self.__replace_var_in_str(test["result"]), result_str) - self.logfile.write("\\---->{}: {}\n\n".format(compare, self.__replace_var_in_str(test["result"]))) - else: - compare = not self.__compare_results(self.__replace_var_in_str(test["no_result"]), result_str) - self.logfile.write("\\---->{}: not {}\n\n".format(compare, self.__replace_var_in_str(test["no_result"]))) - if error_str: - if compare: - compare = "\033[33mTrue\033[m" - overall_result = overall_result and True - else: - compare = "\033[1m\033[31mFalse\033[m" - self.app.incr_error(error_str) - overall_result = overall_result and False - else: - overall_result = overall_result and compare - if compare: - if overall_result: - compare = "\033[32mTrue\033[m" - else: - compare = "\033[mTrue\033[m" - else: - compare = "\033[1m\033[31mFalse\033[m" - self.app.incr_error() - data_tmp.append(compare) - data_tmp.append(test["description"]) - data.append(data_tmp) - data_tmp = list() - data_tmp.append("\033[1m" + group_name + "\033[m") - data_tmp.append("\033[1mOverall results ({})\033[m".format(test_count)) - if overall_result: - data_tmp.append("\033[1m\033[32mTrue\033[m") - else: - data_tmp.append("\033[1m\033[31mFalse\033[m") - data_tmp.append(self.logfile_name) - data.append(data_tmp) - - return ( - ("group_name", "test_name", "result", "description"), - data - ) diff --git a/moonclient/moonclient/tests/functional_tests.sh b/moonclient/moonclient/tests/functional_tests.sh deleted file mode 100644 index 505980cc..00000000 --- a/moonclient/moonclient/tests/functional_tests.sh +++ /dev/null @@ -1,131 +0,0 @@ -#!/bin/sh - -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - - -PROG=moon -OS_TENANT_NAME=demo -DEMO_USER=$(keystone user-list | awk '/ demo / {print $2}') - -# must be authenticated with Keystone -# ie. : "cd ~/devstack; . openrc admin" - -function test_cmd { - echo -e "\033[33m$PROG $1\033[m" - $PROG $1 | tee /tmp/_ - if [ $? != 0 ]; then - echo -e "\033[31mError for test \"$1\" \033[m" - exit 1 - fi -} - -test_cmd "intraextension list" -test_cmd "intraextension add --policy_model policy_rbac func_test" -uuid=$(cat /tmp/_ | cut -d " " -f 3) -test_cmd "intraextension tenant set $uuid $OS_TENANT_NAME" -test_cmd "intraextension show $uuid" - -test_cmd "subjects list" -test_cmd "subjects add $DEMO_USER" -test_cmd "subjects list" - -test_cmd "objects list" -test_cmd "objects add my_obj" -test_cmd "objects list" - -test_cmd "actions list" -test_cmd "actions add my_action" -test_cmd "actions list" - -# Category - -test_cmd "subject categories list" -test_cmd "subject categories add my_cat" -test_cmd "subject categories list" - -test_cmd "object categories list" -test_cmd "object categories add my_cat" -test_cmd "object categories list" - -test_cmd "action categories list" -test_cmd "action categories add my_cat" -test_cmd "action categories list" - -# Category scope - -test_cmd "subject category scope list" -test_cmd "subject category scope add my_cat my_scope" -test_cmd "subject category scope list" - -test_cmd "object category scope list" -test_cmd "object category scope add my_cat my_scope" -test_cmd "object category scope list" - -test_cmd "action category scope list" -test_cmd "action category scope add my_cat my_scope" -test_cmd "action category scope list" - -# Assignments - -test_cmd "subject assignments list" -test_cmd "subject assignments add $DEMO_USER my_cat my_scope" -test_cmd "subject assignments list" - -test_cmd "object assignments list" -test_cmd "object assignments add my_obj my_cat my_scope" -test_cmd "object assignments list" - -test_cmd "action assignments list" -test_cmd "action assignments add my_action my_cat my_scope" -test_cmd "action assignments list" - -# Sub meta rules - -test_cmd "aggregation algorithms list" -test_cmd "aggregation algorithm show" -test_cmd "aggregation algorithm set test_aggregation" -test_cmd "aggregation algorithm show" -test_cmd "submetarule show" -test_cmd "submetarule set relation_super subject_security_level,my_cat computing_action,my_cat object_security_level,my_cat" -test_cmd "submetarule show" -test_cmd "submetarule relation list" - -# Rules - -test_cmd "rules list" -test_cmd "rules add relation_super high,my_scope,vm_access,my_scope,high,my_scope" -test_cmd "rules delete relation_super high,my_scope,vm_access,my_scope,high,my_scope" - -#Delete all -test_cmd "subject assignments delete $DEMO_USER my_cat my_scope" -test_cmd "subject assignments list" -test_cmd "object assignments delete my_obj my_cat my_scope" -test_cmd "object assignments list" -test_cmd "action assignments delete my_action my_cat my_scope" -test_cmd "action assignments list" - -test_cmd "subject category scope delete my_cat my_scope" -test_cmd "subject category scope list" -test_cmd "object category scope delete my_cat my_scope" -test_cmd "object category scope list" -test_cmd "action category scope delete my_cat my_scope" -test_cmd "action category scope list" - -test_cmd "subjects delete $DEMO_USER" -test_cmd "subjects list" -test_cmd "objects delete my_obj" -test_cmd "objects list" -test_cmd "actions delete my_action" -test_cmd "actions list" -test_cmd "subject categories delete my_cat" -test_cmd "subject categories list" -test_cmd "object categories delete my_cat" -test_cmd "object categories list" -test_cmd "action categories delete my_cat" -test_cmd "action categories list" - - -test_cmd "intraextension delete $uuid" \ No newline at end of file diff --git a/moonclient/moonclient/tests/tests_action_assignments.json b/moonclient/moonclient/tests/tests_action_assignments.json deleted file mode 100644 index f5cabbbb..00000000 --- a/moonclient/moonclient/tests/tests_action_assignments.json +++ /dev/null @@ -1,371 +0,0 @@ -{ - "command_options": "-f value", - "tests_group": { - "authz": [ - { - "auth_name": "admin", - "description": "Change user to admin (just in case...)" - }, - - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "add_action", - "command": "action add boot", - "result": "", - "description": "Add the new action category boot", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P\\w+)\\s+boot", - "description": "Check that boot action was added." - }, - { - "name": "add_action_category", - "command": "action category add my_new_action_category", - "result": "", - "description": "Add the new action category my_new_action_category", - "command_options": "" - }, - { - "name": "list_action_category", - "command": "action category list", - "result": "(?P\\w+)\\s+my_new_action_category", - "description": "Check that my_new_action_category action_category was added." - }, - { - "name": "add_scope", - "command": "action scope add $uuid_action_category testers --description \"test engineers\"", - "result": "^$", - "description": "Add one scope to action category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "action scope list $uuid_action_category", - "result": "(?P\\w+)\\s+testers\\s+test engineers", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_assignment", - "command": "action assignment add $uuid_action $uuid_action_category $uuid_action_scope", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action $uuid_action_category", - "result": "$uuid_action_scope testers", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "delete_assignment", - "command": "action assignment delete $uuid_action $uuid_action_category $uuid_action_scope", - "result": "^$", - "description": "Delete the added assignment", - "command_options": "" - }, - { - "name": "check_deleted_assignment", - "command": "action assignment list $uuid_action $uuid_action_category", - "no_result": "$uuid_action_scope", - "description": "Check deleted assignment.", - "command_options": "-c id -f value" - }, - - { - "name": "delete_scope", - "command": "action scope delete $uuid_action_category $uuid_action_scope", - "result": "^$", - "description": "Delete one scope from action category role", - "command_options": "" - }, - { - "name": "delete_action_category", - "command": "action category delete $uuid_action_category", - "result": "^$", - "description": "Delete my_new_action_category action_category.", - "command_options": "" - }, - { - "name": "list_action_category", - "command": "action category list", - "no_result": "$uuid_action_category", - "description": "Check that my_new_action_category action_category was deleted." - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ], - "authz_and_admin": [ - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "create_intraextension_admin", - "command": "intraextension add --policy_model policy_rbac_admin admin_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an admin intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_admin", - "command": "intraextension list", - "result": "$uuid_admin", - "description": "Check the existence of that admin intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant demo", - "command_options": "" - }, - { - "name": "set_tenant_admin", - "command": "tenant set --admin $uuid_admin $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "check tenant alt_demo and authz ie", - "command": "tenant list", - "result": "alt_demo $uuid_authz", - "description": "Check that authz intra extension has been correctly added to the tenant.", - "command_options": "-c name -c intra_authz_extension_id -f value" - }, - { - "name": "check tenant alt_demo and admin ie", - "command": "tenant list", - "result": "$uuid_admin", - "description": "Check that admin intra extension has been correctly added to the tenant.", - "command_options": "-c intra_admin_extension_id -f value" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "add_action", - "command": "action add boot", - "result": "", - "description": "Add the new action category boot", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P\\w+)\\s+boot", - "description": "Check that boot action was added." - }, - { - "name": "add_action_category", - "command": "action category add my_new_action_category", - "result": "", - "description": "Add the new action category my_new_action_category", - "command_options": "" - }, - { - "name": "list_action_category", - "command": "action category list", - "result": "(?P\\w+)\\s+my_new_action_category", - "description": "Check that my_new_action_category action_category was added." - }, - { - "name": "add_scope", - "command": "action scope add $uuid_action_category testers --description \"test engineers\"", - "result": "^$", - "description": "Add one scope to action category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "action scope list $uuid_action_category", - "result": "(?P\\w+)\\s+testers\\s+test engineers", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_assignment", - "command": "action assignment add $uuid_action $uuid_action_category $uuid_action_scope", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action $uuid_action_category", - "result": "$uuid_action_scope testers", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "delete_assignment", - "command": "action assignment delete $uuid_action $uuid_action_category $uuid_action_scope", - "result": "^$", - "description": "Delete the added assignment", - "command_options": "" - }, - { - "name": "check_deleted_assignment", - "command": "action assignment list $uuid_action $uuid_action_category", - "no_result": "$uuid_action_scope", - "description": "Check deleted assignment.", - "command_options": "-c id -f value" - }, - - { - "name": "delete_scope", - "command": "action scope delete $uuid_action_category $uuid_action_scope", - "result": "^$", - "description": "Delete one scope from action category role", - "command_options": "" - }, - { - "name": "delete_action_category", - "command": "action category delete $uuid_action_category", - "result": "^$", - "description": "Delete my_new_action_category action_category.", - "command_options": "" - }, - { - "name": "list_action_category", - "command": "action category list", - "no_result": "$uuid_action_category", - "description": "Check that my_new_action_category action_category was deleted." - }, - { - "name": "delete_admin_intra_extension", - "command": "intraextension delete $uuid_admin", - "result": "", - "description": "Delete the admin intra extension", - "command_options": "" - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ] - } -} \ No newline at end of file diff --git a/moonclient/moonclient/tests/tests_action_categories.json b/moonclient/moonclient/tests/tests_action_categories.json deleted file mode 100644 index 1932ffc0..00000000 --- a/moonclient/moonclient/tests/tests_action_categories.json +++ /dev/null @@ -1,241 +0,0 @@ -{ - "command_options": "-f value", - "tests_group": { - "authz": [ - { - "auth_name": "admin", - "description": "Change user to admin (just in case...)" - }, - - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "add_action_category", - "command": "action category add my_new_action_category", - "result": "", - "description": "Add the new action category my_new_action_category", - "command_options": "" - }, - { - "name": "list_action_category", - "command": "action category list", - "result": "(?P\\w+)\\s+my_new_action_category", - "description": "Check that my_new_action_category action_category was added." - }, - { - "name": "delete_action_category", - "command": "action category delete $uuid_action_category", - "result": "^$", - "description": "Delete my_new_action_category action_category.", - "command_options": "" - }, - { - "name": "list_action_category", - "command": "action category list", - "no_result": "$uuid_action_category", - "description": "Check that my_new_action_category action_category was deleted." - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ], - "authz_and_admin": [ - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "create_intraextension_admin", - "command": "intraextension add --policy_model policy_rbac_admin admin_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an admin intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_admin", - "command": "intraextension list", - "result": "$uuid_admin", - "description": "Check the existence of that admin intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant demo", - "command_options": "" - }, - { - "name": "set_tenant_admin", - "command": "tenant set --admin $uuid_admin $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "check tenant alt_demo and authz ie", - "command": "tenant list", - "result": "alt_demo $uuid_authz", - "description": "Check that authz intra extension has been correctly added to the tenant.", - "command_options": "-c name -c intra_authz_extension_id -f value" - }, - { - "name": "check tenant alt_demo and admin ie", - "command": "tenant list", - "result": "$uuid_admin", - "description": "Check that admin intra extension has been correctly added to the tenant.", - "command_options": "-c intra_admin_extension_id -f value" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "add_action_category", - "command": "action category add my_new_action_category", - "result": "", - "description": "Add the new action category my_new_action_category", - "command_options": "" - }, - { - "name": "list_action_category", - "command": "action category list", - "result": "(?P\\w+)\\s+my_new_action_category", - "description": "Check that my_new_action_category action_category was added." - }, - { - "name": "delete_action_category", - "command": "action category delete $uuid_action_category", - "result": "^$", - "description": "Delete my_new_action_category action_category.", - "command_options": "" - }, - { - "name": "list_action_category", - "command": "action category list", - "no_result": "$uuid_action_category", - "description": "Check that my_new_action_category action_category was deleted." - }, - { - "name": "delete_admin_intra_extension", - "command": "intraextension delete $uuid_admin", - "result": "", - "description": "Delete the admin intra extension", - "command_options": "" - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ] - } -} \ No newline at end of file diff --git a/moonclient/moonclient/tests/tests_action_scopes.json b/moonclient/moonclient/tests/tests_action_scopes.json deleted file mode 100644 index 069af73e..00000000 --- a/moonclient/moonclient/tests/tests_action_scopes.json +++ /dev/null @@ -1,259 +0,0 @@ -{ - "command_options": "-f value", - "tests_group": { - "authz": [ - { - "auth_name": "admin", - "description": "Change user to admin (just in case...)" - }, - - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "get_one_action_category", - "command": "action category list", - "result": "(?P\\w+)\\s+resource_action", - "description": "Get one action_category for next tests.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_scope", - "command": "action scope add $uuid_action_category testers --description \"test engineers\"", - "result": "^$", - "description": "Add one scope to action category resource_action", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "action scope list $uuid_action_category", - "result": "(?P\\w+)\\s+testers\\s+test engineers", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "delete_scope", - "command": "action scope delete $uuid_action_category $uuid_action_scope", - "result": "^$", - "description": "Delete one scope from action category resource_action", - "command_options": "" - }, - { - "name": "check_deleted_scope", - "command": "action scope list $uuid_action_category", - "no_result": "$uuid_action_scope", - "description": "Check deleted scope.", - "command_options": "-c id -f value" - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ], - "authz_and_admin": [ - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "create_intraextension_admin", - "command": "intraextension add --policy_model policy_rbac_admin admin_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an admin intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_admin", - "command": "intraextension list", - "result": "$uuid_admin", - "description": "Check the existence of that admin intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant demo", - "command_options": "" - }, - { - "name": "set_tenant_admin", - "command": "tenant set --admin $uuid_admin $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "check tenant alt_demo and authz ie", - "command": "tenant list", - "result": "alt_demo $uuid_authz", - "description": "Check that authz intra extension has been correctly added to the tenant.", - "command_options": "-c name -c intra_authz_extension_id -f value" - }, - { - "name": "check tenant alt_demo and admin ie", - "command": "tenant list", - "result": "$uuid_admin", - "description": "Check that admin intra extension has been correctly added to the tenant.", - "command_options": "-c intra_admin_extension_id -f value" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "get_one_action_category", - "command": "action category list", - "result": "(?P\\w+)\\s+resource_action", - "description": "Get one action_category for next tests.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_scope", - "command": "action scope add $uuid_action_category testers --description \"test engineers\"", - "result": "^$", - "description": "Add one scope to action category resource_action", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "action scope list $uuid_action_category", - "result": "(?P\\w+)\\s+testers\\s+test engineers", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "delete_scope", - "command": "action scope delete $uuid_action_category $uuid_action_scope", - "result": "^$", - "description": "Delete one scope from action category resource_action", - "command_options": "" - }, - { - "name": "check_deleted_scope", - "command": "action scope list $uuid_action_category", - "no_result": "$uuid_action_scope", - "description": "Check deleted scope.", - "command_options": "-c id -f value" - }, - { - "name": "delete_admin_intra_extension", - "command": "intraextension delete $uuid_admin", - "result": "", - "description": "Delete the admin intra extension", - "command_options": "" - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ] - } -} \ No newline at end of file diff --git a/moonclient/moonclient/tests/tests_actions.json b/moonclient/moonclient/tests/tests_actions.json deleted file mode 100644 index 07de9cc0..00000000 --- a/moonclient/moonclient/tests/tests_actions.json +++ /dev/null @@ -1,241 +0,0 @@ -{ - "command_options": "-f value", - "tests_group": { - "authz": [ - { - "auth_name": "admin", - "description": "Change user to admin (just in case...)" - }, - - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "add_action", - "command": "action add new_action_1", - "result": "", - "description": "Add a new action.", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P\\w+)\\s+new_action_1", - "description": "Check that new_action_1 action was added." - }, - { - "name": "delete_action", - "command": "action delete $uuid_action", - "result": "^$", - "description": "Delete new_action_1 action.", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "no_result": "$uuid_action", - "description": "Check that new_action_1 action was deleted." - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ], - "authz_and_admin": [ - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "create_intraextension_admin", - "command": "intraextension add --policy_model policy_rbac_admin admin_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an admin intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_admin", - "command": "intraextension list", - "result": "$uuid_admin", - "description": "Check the existence of that admin intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant demo", - "command_options": "" - }, - { - "name": "set_tenant_admin", - "command": "tenant set --admin $uuid_admin $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "check tenant alt_demo and authz ie", - "command": "tenant list", - "result": "alt_demo $uuid_authz", - "description": "Check that authz intra extension has been correctly added to the tenant.", - "command_options": "-c name -c intra_authz_extension_id -f value" - }, - { - "name": "check tenant alt_demo and admin ie", - "command": "tenant list", - "result": "$uuid_admin", - "description": "Check that admin intra extension has been correctly added to the tenant.", - "command_options": "-c intra_admin_extension_id -f value" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "add_action", - "command": "action add new_action_1", - "result": "", - "description": "Add a new action.", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P\\w+)\\s+new_action_1", - "description": "Check that new_action_1 action was added." - }, - { - "name": "delete_action", - "command": "action delete $uuid_action", - "result": "^$", - "description": "Delete new_action_1 action.", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "no_result": "$uuid_action", - "description": "Check that new_action_1 action was deleted." - }, - { - "name": "delete_admin_intra_extension", - "command": "intraextension delete $uuid_admin", - "result": "", - "description": "Delete the admin intra extension", - "command_options": "" - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ] - } -} \ No newline at end of file diff --git a/moonclient/moonclient/tests/tests_admin_intraextensions.json b/moonclient/moonclient/tests/tests_admin_intraextensions.json deleted file mode 100644 index 16a47348..00000000 --- a/moonclient/moonclient/tests/tests_admin_intraextensions.json +++ /dev/null @@ -1,128 +0,0 @@ -{ - "command_options": "-f value", - "tests_group": { - "main": [ - { - "auth_name": "admin", - "description": "Change user to admin (just in case...)" - }, - - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "List all tenants (must be empty)" - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_admin", - "command": "intraextension add --policy_model policy_rbac_admin admin_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an admin intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_admin", - "command": "intraextension list", - "result": "$uuid_admin", - "description": "Check the existence of that admin intra extension" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "check authz ie for tenant alt_demo", - "command": "tenant list", - "result": "alt_demo $uuid_authz", - "description": "Check that authz ie has been correctly added for tenant alt_demo ", - "command_options": "-c name -c intra_authz_extension_id -f value" - }, - { - "name": "set_tenant_admin", - "command": "tenant set --admin $uuid_admin $uuid", - "result": "", - "description": "Connect the admin intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "check admin ie for tenant alt_demo", - "command": "tenant list", - "result": "alt_demo $uuid_admin", - "description": "Check that admin ie has been correctly added for tenant alt_demo ", - "command_options": "-c name -c intra_admin_extension_id -f value" - }, - - { - "name": "select admin ie", - "command": "intraextension select $uuid_admin", - "result": "Select $uuid_admin IntraExtension.", - "description": "Select the admin intra extension to work with", - "command_options": "" - }, - { - "name": "check_admin_user", - "command": "subject list", - "result": "admin", - "description": "Check that admin user was added" - }, - { - "name": "check_submetarule", - "command": "submetarule show", - "result": "rbac", - "description": "Check that submetarule was added" - }, - - - { - "name": "delete_admin_intra_extension", - "command": "intraextension delete $uuid_admin", - "result": "", - "description": "Delete the admin intra extension", - "command_options": "" - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ] - } -} \ No newline at end of file diff --git a/moonclient/moonclient/tests/tests_configuration.json b/moonclient/moonclient/tests/tests_configuration.json deleted file mode 100644 index de16ec9d..00000000 --- a/moonclient/moonclient/tests/tests_configuration.json +++ /dev/null @@ -1,235 +0,0 @@ -{ - "command_options": "-f value", - "tests_group": { - "authz": [ - { - "auth_name": "admin", - "description": "Change user to admin (just in case...)" - }, - - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - - { - "name": "list template", - "command": "template list", - "result": "policy_root", - "description": "Check that we have the root policy templates", - "command_options": "-c id -f value" - }, - { - "name": "list aggregation_algorithm", - "command": "aggregation algorithm list", - "result": "all_true", - "description": "Check that the aggregation algorithm all_true exists.", - "command_options": "-c name -f value" - }, - { - "name": "list submetarule_algorithm", - "command": "submetarule algorithm list", - "result": "comparison", - "description": "Check that the aggregation algorithm all_true exists.", - "command_options": "-c name -f value" - }, - - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ], - "authz_and_admin": [ - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "create_intraextension_admin", - "command": "intraextension add --policy_model policy_rbac_admin admin_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an admin intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_admin", - "command": "intraextension list", - "result": "$uuid_admin", - "description": "Check the existence of that admin intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant demo", - "command_options": "" - }, - { - "name": "set_tenant_admin", - "command": "tenant set --admin $uuid_admin $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "check tenant alt_demo and authz ie", - "command": "tenant list", - "result": "alt_demo $uuid_authz", - "description": "Check that authz intra extension has been correctly added to the tenant.", - "command_options": "-c name -c intra_authz_extension_id -f value" - }, - { - "name": "check tenant alt_demo and admin ie", - "command": "tenant list", - "result": "$uuid_admin", - "description": "Check that admin intra extension has been correctly added to the tenant.", - "command_options": "-c intra_admin_extension_id -f value" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - - { - "name": "lst template", - "command": "template list", - "result": "policy_root", - "description": "Check that we have the root policy templates", - "command_options": "-c id -f value" - }, - { - "name": "list aggregation_algorithm", - "command": "aggregation algorithm list", - "result": "all_true", - "description": "Check that the aggregation algorithm all_true exists.", - "command_options": "-c name -f value" - }, - { - "name": "list submetarule_algorithm", - "command": "submetarule algorithm list", - "result": "comparison", - "description": "Check that the aggregation algorithm all_true exists.", - "command_options": "-c name -f value" - }, - - { - "name": "delete_admin_intra_extension", - "command": "intraextension delete $uuid_admin", - "result": "", - "description": "Delete the admin intra extension", - "command_options": "" - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ] - } -} \ No newline at end of file diff --git a/moonclient/moonclient/tests/tests_object_assignments.json b/moonclient/moonclient/tests/tests_object_assignments.json deleted file mode 100644 index 3ae555c2..00000000 --- a/moonclient/moonclient/tests/tests_object_assignments.json +++ /dev/null @@ -1,385 +0,0 @@ -{ - "command_options": "-f value", - "tests_group": { - "authz": [ - { - "auth_name": "admin", - "description": "Change user to admin (just in case...)" - }, - - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "add_object", - "command": "object add nova_server_1", - "result": "", - "description": "Add the new object category nova_server_1", - "command_options": "" - }, - { - "name": "list_object", - "command": "object list", - "result": "(?P\\w+)\\s+nova_server_1", - "description": "Check that nova_server_1 object was added." - }, - { - "name": "add_object_category", - "command": "object category add my_new_object_category", - "result": "", - "description": "Add the new object category my_new_object_category", - "command_options": "" - }, - { - "name": "list_object_category", - "command": "object category list", - "result": "(?P\\w+)\\s+my_new_object_category", - "description": "Check that my_new_object_category object_category was added." - }, - { - "name": "add_scope", - "command": "object scope add $uuid_object_category scope1 --description \"scope1 description\"", - "result": "^$", - "description": "Add one scope to object category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category", - "result": "(?P\\w+)\\s+scope1\\s+scope1 description", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object $uuid_object_category $uuid_object_scope", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object $uuid_object_category", - "result": "$uuid_object_scope scope1", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "delete_assignment", - "command": "object assignment delete $uuid_object $uuid_object_category $uuid_object_scope", - "result": "^$", - "description": "Delete the added assignment", - "command_options": "" - }, - { - "name": "check_deleted_assignment", - "command": "object assignment list $uuid_object $uuid_object_category", - "no_result": "$uuid_object_scope", - "description": "Check deleted assignment.", - "command_options": "-c id -f value" - }, - - { - "name": "delete_scope", - "command": "object scope delete $uuid_object_category $uuid_object_scope", - "result": "^$", - "description": "Delete one scope from object category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category", - "no_result": "$uuid_object_scope", - "description": "Check added scope was deleted.", - "command_options": "-c id -f value" - }, - { - "name": "delete_object_category", - "command": "object category delete $uuid_object_category", - "result": "^$", - "description": "Delete my_new_object_category object_category.", - "command_options": "" - }, - { - "name": "list_object_category", - "command": "object category list", - "no_result": "$uuid_object_category", - "description": "Check that my_new_object_category object_category was deleted." - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ], - "authz_and_admin": [ - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "create_intraextension_admin", - "command": "intraextension add --policy_model policy_rbac_admin admin_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an admin intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_admin", - "command": "intraextension list", - "result": "$uuid_admin", - "description": "Check the existence of that admin intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant demo", - "command_options": "" - }, - { - "name": "set_tenant_admin", - "command": "tenant set --admin $uuid_admin $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "check tenant alt_demo and authz ie", - "command": "tenant list", - "result": "alt_demo $uuid_authz", - "description": "Check that authz intra extension has been correctly added to the tenant.", - "command_options": "-c name -c intra_authz_extension_id -f value" - }, - { - "name": "check tenant alt_demo and admin ie", - "command": "tenant list", - "result": "$uuid_admin", - "description": "Check that admin intra extension has been correctly added to the tenant.", - "command_options": "-c intra_admin_extension_id -f value" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "add_object", - "command": "object add nova_server_1", - "result": "", - "description": "Add the new object category nova_server_1", - "command_options": "" - }, - { - "name": "list_object", - "command": "object list", - "result": "(?P\\w+)\\s+nova_server_1", - "description": "Check that nova_server_1 object was added." - }, - { - "name": "add_object_category", - "command": "object category add my_new_object_category", - "result": "", - "description": "Add the new object category my_new_object_category", - "command_options": "" - }, - { - "name": "list_object_category", - "command": "object category list", - "result": "(?P\\w+)\\s+my_new_object_category", - "description": "Check that my_new_object_category object_category was added." - }, - { - "name": "add_scope", - "command": "object scope add $uuid_object_category scope1 --description \"scope1 description\"", - "result": "^$", - "description": "Add one scope to object category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category", - "result": "(?P\\w+)\\s+scope1\\s+scope1 description", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object $uuid_object_category $uuid_object_scope", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object $uuid_object_category", - "result": "$uuid_object_scope scope1", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "delete_assignment", - "command": "object assignment delete $uuid_object $uuid_object_category $uuid_object_scope", - "result": "^$", - "description": "Delete the added assignment", - "command_options": "" - }, - { - "name": "check_deleted_assignment", - "command": "object assignment list $uuid_object $uuid_object_category", - "no_result": "$uuid_object_scope", - "description": "Check deleted assignment.", - "command_options": "-c id -f value" - }, - - { - "name": "delete_scope", - "command": "object scope delete $uuid_object_category $uuid_object_scope", - "result": "^$", - "description": "Delete one scope from object category role", - "command_options": "" - }, - { - "name": "check_deleted_scope", - "command": "object scope list $uuid_object_category", - "no_result": "$uuid_object_scope", - "description": "Check added scope was deleted.", - "command_options": "-c id -f value" - }, - { - "name": "delete_object_category", - "command": "object category delete $uuid_object_category", - "result": "^$", - "description": "Delete my_new_object_category object_category.", - "command_options": "" - }, - { - "name": "list_object_category", - "command": "object category list", - "no_result": "$uuid_object_category", - "description": "Check that my_new_object_category object_category was deleted." - }, - { - "name": "delete_admin_intra_extension", - "command": "intraextension delete $uuid_admin", - "result": "", - "description": "Delete the admin intra extension", - "command_options": "" - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ] - } -} \ No newline at end of file diff --git a/moonclient/moonclient/tests/tests_object_categories.json b/moonclient/moonclient/tests/tests_object_categories.json deleted file mode 100644 index ac067a89..00000000 --- a/moonclient/moonclient/tests/tests_object_categories.json +++ /dev/null @@ -1,241 +0,0 @@ -{ - "command_options": "-f value", - "tests_group": { - "authz": [ - { - "auth_name": "admin", - "description": "Change user to admin (just in case...)" - }, - - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "add_object_category", - "command": "object category add my_new_object_category", - "result": "", - "description": "Add the new object category my_new_object_category", - "command_options": "" - }, - { - "name": "list_object_category", - "command": "object category list", - "result": "(?P\\w+)\\s+my_new_object_category", - "description": "Check that my_new_object_category object_category was added." - }, - { - "name": "delete_object_category", - "command": "object category delete $uuid_object_category", - "result": "^$", - "description": "Delete my_new_object_category object_category.", - "command_options": "" - }, - { - "name": "list_object_category", - "command": "object category list", - "no_result": "$uuid_object_category", - "description": "Check that my_new_object_category object_category was deleted." - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ], - "authz_and_admin": [ - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "create_intraextension_admin", - "command": "intraextension add --policy_model policy_rbac_admin admin_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an admin intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_admin", - "command": "intraextension list", - "result": "$uuid_admin", - "description": "Check the existence of that admin intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant demo", - "command_options": "" - }, - { - "name": "set_tenant_admin", - "command": "tenant set --admin $uuid_admin $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "check tenant alt_demo and authz ie", - "command": "tenant list", - "result": "alt_demo $uuid_authz", - "description": "Check that authz intra extension has been correctly added to the tenant.", - "command_options": "-c name -c intra_authz_extension_id -f value" - }, - { - "name": "check tenant alt_demo and admin ie", - "command": "tenant list", - "result": "$uuid_admin", - "description": "Check that admin intra extension has been correctly added to the tenant.", - "command_options": "-c intra_admin_extension_id -f value" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "add_object_category", - "command": "object category add my_new_object_category", - "result": "", - "description": "Add the new object category my_new_object_category", - "command_options": "" - }, - { - "name": "list_object_category", - "command": "object category list", - "result": "(?P\\w+)\\s+my_new_object_category", - "description": "Check that my_new_object_category object_category was added." - }, - { - "name": "delete_object_category", - "command": "object category delete $uuid_object_category", - "result": "^$", - "description": "Delete my_new_object_category object_category.", - "command_options": "" - }, - { - "name": "list_object_category", - "command": "object category list", - "no_result": "$uuid_object_category", - "description": "Check that my_new_object_category object_category was deleted." - }, - { - "name": "delete_admin_intra_extension", - "command": "intraextension delete $uuid_admin", - "result": "", - "description": "Delete the admin intra extension", - "command_options": "" - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ] - } -} \ No newline at end of file diff --git a/moonclient/moonclient/tests/tests_object_scopes.json b/moonclient/moonclient/tests/tests_object_scopes.json deleted file mode 100644 index 52ac12fd..00000000 --- a/moonclient/moonclient/tests/tests_object_scopes.json +++ /dev/null @@ -1,259 +0,0 @@ -{ - "command_options": "-f value", - "tests_group": { - "authz": [ - { - "auth_name": "admin", - "description": "Change user to admin (just in case...)" - }, - - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "get_one_object_category", - "command": "object category list", - "result": "(?P\\w+)\\s+object_id", - "description": "Get one object_category for next tests.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_scope", - "command": "object scope add $uuid_object_category testers --description \"test engineers\"", - "result": "^$", - "description": "Add one scope to object category object_id", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category", - "result": "(?P\\w+)\\s+testers\\s+test engineers", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "delete_scope", - "command": "object scope delete $uuid_object_category $uuid_object_scope", - "result": "^$", - "description": "Delete one scope from object category object_id", - "command_options": "" - }, - { - "name": "check_deleted_scope", - "command": "object scope list $uuid_object_category", - "no_result": "$uuid_object_scope", - "description": "Check deleted scope.", - "command_options": "-c id -f value" - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ], - "authz_and_admin": [ - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "create_intraextension_admin", - "command": "intraextension add --policy_model policy_rbac_admin admin_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an admin intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_admin", - "command": "intraextension list", - "result": "$uuid_admin", - "description": "Check the existence of that admin intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant demo", - "command_options": "" - }, - { - "name": "set_tenant_admin", - "command": "tenant set --admin $uuid_admin $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "check tenant alt_demo and authz ie", - "command": "tenant list", - "result": "alt_demo $uuid_authz", - "description": "Check that authz intra extension has been correctly added to the tenant.", - "command_options": "-c name -c intra_authz_extension_id -f value" - }, - { - "name": "check tenant alt_demo and admin ie", - "command": "tenant list", - "result": "$uuid_admin", - "description": "Check that admin intra extension has been correctly added to the tenant.", - "command_options": "-c intra_admin_extension_id -f value" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "get_one_object_category", - "command": "object category list", - "result": "(?P\\w+)\\s+object_id", - "description": "Get one object_category for next tests.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_scope", - "command": "object scope add $uuid_object_category testers --description \"test engineers\"", - "result": "^$", - "description": "Add one scope to object category object_id", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category", - "result": "(?P\\w+)\\s+testers\\s+test engineers", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "delete_scope", - "command": "object scope delete $uuid_object_category $uuid_object_scope", - "result": "^$", - "description": "Delete one scope from object category object_id", - "command_options": "" - }, - { - "name": "check_deleted_scope", - "command": "object scope list $uuid_object_category", - "no_result": "$uuid_object_scope", - "description": "Check deleted scope.", - "command_options": "-c id -f value" - }, - { - "name": "delete_admin_intra_extension", - "command": "intraextension delete $uuid_admin", - "result": "", - "description": "Delete the admin intra extension", - "command_options": "" - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ] - } -} \ No newline at end of file diff --git a/moonclient/moonclient/tests/tests_objects.json b/moonclient/moonclient/tests/tests_objects.json deleted file mode 100644 index ef17dd60..00000000 --- a/moonclient/moonclient/tests/tests_objects.json +++ /dev/null @@ -1,241 +0,0 @@ -{ - "command_options": "-f value", - "tests_group": { - "authz": [ - { - "auth_name": "admin", - "description": "Change user to admin (just in case...)" - }, - - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "add_object", - "command": "object add nova_server_1", - "result": "", - "description": "Add a new object.", - "command_options": "" - }, - { - "name": "list_object", - "command": "object list", - "result": "(?P\\w+)\\s+nova_server_1", - "description": "Check that nova_server_1 object was added." - }, - { - "name": "delete_object", - "command": "object delete $uuid_object", - "result": "^$", - "description": "Delete nova_server_1 object.", - "command_options": "" - }, - { - "name": "list_object", - "command": "object list", - "no_result": "$uuid_object", - "description": "Check that nova_server_1 object was deleted." - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ], - "authz_and_admin": [ - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "create_intraextension_admin", - "command": "intraextension add --policy_model policy_rbac_admin admin_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an admin intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_admin", - "command": "intraextension list", - "result": "$uuid_admin", - "description": "Check the existence of that admin intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant demo", - "command_options": "" - }, - { - "name": "set_tenant_admin", - "command": "tenant set --admin $uuid_admin $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "check tenant alt_demo and authz ie", - "command": "tenant list", - "result": "alt_demo $uuid_authz", - "description": "Check that authz intra extension has been correctly added to the tenant.", - "command_options": "-c name -c intra_authz_extension_id -f value" - }, - { - "name": "check tenant alt_demo and admin ie", - "command": "tenant list", - "result": "$uuid_admin", - "description": "Check that admin intra extension has been correctly added to the tenant.", - "command_options": "-c intra_admin_extension_id -f value" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "add_object", - "command": "object add nova_server_1", - "result": "", - "description": "Add a new object.", - "command_options": "" - }, - { - "name": "list_object", - "command": "object list", - "result": "(?P\\w+)\\s+nova_server_1", - "description": "Check that nova_server_1 object was added." - }, - { - "name": "delete_object", - "command": "object delete $uuid_object", - "result": "^$", - "description": "Delete nova_server_1 object.", - "command_options": "" - }, - { - "name": "list_object", - "command": "object list", - "no_result": "$uuid_object", - "description": "Check that nova_server_1 object was deleted." - }, - { - "name": "delete_admin_intra_extension", - "command": "intraextension delete $uuid_admin", - "result": "", - "description": "Delete the admin intra extension", - "command_options": "" - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ] - } -} \ No newline at end of file diff --git a/moonclient/moonclient/tests/tests_root_intraextensions.json b/moonclient/moonclient/tests/tests_root_intraextensions.json deleted file mode 100644 index e24151d1..00000000 --- a/moonclient/moonclient/tests/tests_root_intraextensions.json +++ /dev/null @@ -1,47 +0,0 @@ -{ - "command_options": "-f value", - "tests_group": { - "main": [ - { - "auth_name": "admin", - "description": "Change user to admin (just in case...)" - }, - - { - "name": "list_intraextension", - "command": "intraextension list", - "result": "(?P\\w+)\\s+policy_root", - "description": "Check the existence of the root intra extension", - "command_options": "-c id -c name -f value" - }, - - { - "name": "select root ie", - "command": "intraextension select $uuid_root", - "result": "Select $uuid_root IntraExtension.", - "description": "Select the root intra extension to work with", - "command_options": "" - }, - { - "name": "check_admin_user", - "command": "subject list", - "result": "admin", - "description": "Check that admin user was added" - }, - { - "name": "check_submetarule", - "command": "submetarule show", - "result": "(?P\\w+)\\s+rbac_rule", - "description": "Check that submetarule was added" - }, - { - "name": "check_rule", - "command": "rule list $uuid_submetarule", - "result": "root_role", - "description": "Check that rules were added" - } - - - ] - } -} \ No newline at end of file diff --git a/moonclient/moonclient/tests/tests_rules.json b/moonclient/moonclient/tests/tests_rules.json deleted file mode 100644 index 1950a1e3..00000000 --- a/moonclient/moonclient/tests/tests_rules.json +++ /dev/null @@ -1,378 +0,0 @@ -{ - "command_options": "-f value", - "tests_group": { - "authz": [ - { - "auth_name": "admin", - "description": "Change user to admin (just in case...)" - }, - - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - - { - "name": "check_submetarules", - "command": "submetarule show", - "result": "(?P\\w+)\\s+subject_security_level", - "description": "Get one submetarule ID", - "command_options": "-c id -c \"subject categories\" -f value" - }, - { - "name": "list_subject_categories", - "command": "subject category list", - "result": "(?P\\w+)\\s+subject_security_level", - "description": "Get one subject category.", - "command_options": "-c id -c name -f value" - }, - { - "name": "list_action_categories", - "command": "action category list", - "result": "(?P\\w+)\\s+resource_action", - "description": "Get one action category.", - "command_options": "-c id -c name -f value" - }, - { - "name": "list_object_categories", - "command": "object category list", - "result": "(?P\\w+)\\s+object_security_level", - "description": "Get one object category.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_subject_scope", - "command": "subject scope add $category_slevel_uuid very_high", - "result": "^$", - "description": "Add one new scope.", - "command_options": "" - }, - { - "name": "check_added_subject_scope", - "command": "subject scope list $category_slevel_uuid", - "result": "(?P\\s+very_high)", - "description": "Get the ID of the new scope.", - "command_options": "-c id -c name -f value" - }, - { - "name": "get_one_action_scope", - "command": "action scope list $category_action_uuid", - "result": "(?P\\s+storage_admin)", - "description": "Get the ID of one action scope.", - "command_options": "-c id -c name -f value" - }, - { - "name": "get_one_object_scope", - "command": "object scope list $category_object_uuid", - "result": "(?P\\s+high)", - "description": "Get the ID of one object scope.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"very_high,storage_admin,high\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P\\w+)\\s+very_high\\s+storage_admin\\s+high", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "delete_added_rule", - "command": "rule delete $submetarule_uuid $rule_id", - "result": "^$", - "description": "Delete the added rule.", - "command_options": "" - }, - { - "name": "check_deleted_rule", - "command": "rule list $submetarule_uuid", - "no_result": "very_high", - "description": "Check that the rule was correctly deleted.", - "command_options": "-c s:subject_security_level -f value" - }, - - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "no_result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - }, - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - } - ], - "authz_and_admin": [ - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "create_intraextension_admin", - "command": "intraextension add --policy_model policy_rbac_admin admin_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an admin intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_admin", - "command": "intraextension list", - "result": "$uuid_admin", - "description": "Check the existence of that admin intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant demo", - "command_options": "" - }, - { - "name": "set_tenant_admin", - "command": "tenant set --admin $uuid_admin $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "check tenant alt_demo and authz ie", - "command": "tenant list", - "result": "alt_demo $uuid_authz", - "description": "Check that authz intra extension has been correctly added to the tenant.", - "command_options": "-c name -c intra_authz_extension_id -f value" - }, - { - "name": "check tenant alt_demo and admin ie", - "command": "tenant list", - "result": "$uuid_admin", - "description": "Check that admin intra extension has been correctly added to the tenant.", - "command_options": "-c intra_admin_extension_id -f value" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - - { - "name": "check_submetarules", - "command": "submetarule show", - "result": "(?P\\w+)\\s+subject_security_level", - "description": "Get one submetarule ID", - "command_options": "-c id -c \"subject categories\" -f value" - }, - { - "name": "list_subject_categories", - "command": "subject category list", - "result": "(?P\\w+)\\s+subject_security_level", - "description": "Get one subject category.", - "command_options": "-c id -c name -f value" - }, - { - "name": "list_action_categories", - "command": "action category list", - "result": "(?P\\w+)\\s+resource_action", - "description": "Get one action category.", - "command_options": "-c id -c name -f value" - }, - { - "name": "list_object_categories", - "command": "object category list", - "result": "(?P\\w+)\\s+object_security_level", - "description": "Get one object category.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_subject_scope", - "command": "subject scope add $category_slevel_uuid very_high", - "result": "^$", - "description": "Add one new scope.", - "command_options": "" - }, - { - "name": "check_added_subject_scope", - "command": "subject scope list $category_slevel_uuid", - "result": "(?P\\s+very_high)", - "description": "Get the ID of the new scope.", - "command_options": "-c id -c name -f value" - }, - { - "name": "get_one_action_scope", - "command": "action scope list $category_action_uuid", - "result": "(?P\\s+storage_admin)", - "description": "Get the ID of one action scope.", - "command_options": "-c id -c name -f value" - }, - { - "name": "get_one_object_scope", - "command": "object scope list $category_object_uuid", - "result": "(?P\\s+high)", - "description": "Get the ID of one object scope.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"very_high,storage_admin,high\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P\\w+)\\s+very_high\\s+storage_admin\\s+high", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "delete_added_rule", - "command": "rule delete $submetarule_uuid $rule_id", - "result": "^$", - "description": "Delete the added rule.", - "command_options": "" - }, - { - "name": "check_deleted_rule", - "command": "rule list $submetarule_uuid", - "no_result": "very_high", - "description": "Check that the rule was correctly deleted.", - "command_options": "-c s:subject_security_level -f value" - }, - - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "no_result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - }, - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - } - ] - } -} \ No newline at end of file diff --git a/moonclient/moonclient/tests/tests_subject_assignments.json b/moonclient/moonclient/tests/tests_subject_assignments.json deleted file mode 100644 index e4615500..00000000 --- a/moonclient/moonclient/tests/tests_subject_assignments.json +++ /dev/null @@ -1,371 +0,0 @@ -{ - "command_options": "-f value", - "tests_group": { - "authz": [ - { - "auth_name": "admin", - "description": "Change user to admin (just in case...)" - }, - - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "add_subject", - "command": "subject add alt_demo --subject_pass nomoresecrete", - "result": "", - "description": "Add the new subject category alt_demo", - "command_options": "" - }, - { - "name": "list_subject", - "command": "subject list", - "result": "(?P\\w+)\\s+alt_demo", - "description": "Check that alt_demo subject was added." - }, - { - "name": "add_subject_category", - "command": "subject category add my_new_subject_category", - "result": "", - "description": "Add the new subject category my_new_subject_category", - "command_options": "" - }, - { - "name": "list_subject_category", - "command": "subject category list", - "result": "(?P\\w+)\\s+my_new_subject_category", - "description": "Check that my_new_subject_category subject_category was added." - }, - { - "name": "add_scope", - "command": "subject scope add $uuid_subject_category testers --description \"test engineers\"", - "result": "^$", - "description": "Add one scope to subject category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "subject scope list $uuid_subject_category", - "result": "(?P\\w+)\\s+testers\\s+test engineers", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_assignment", - "command": "subject assignment add $uuid_subject $uuid_subject_category $uuid_subject_scope", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "subject assignment list $uuid_subject $uuid_subject_category", - "result": "$uuid_subject_scope testers", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "delete_assignment", - "command": "subject assignment delete $uuid_subject $uuid_subject_category $uuid_subject_scope", - "result": "^$", - "description": "Delete the added assignment", - "command_options": "" - }, - { - "name": "check_deleted_assignment", - "command": "subject assignment list $uuid_subject $uuid_subject_category", - "no_result": "$uuid_subject_scope", - "description": "Check deleted assignment.", - "command_options": "-c id -f value" - }, - - { - "name": "delete_scope", - "command": "subject scope delete $uuid_subject_category $uuid_subject_scope", - "result": "^$", - "description": "Delete one scope from subject category role", - "command_options": "" - }, - { - "name": "delete_subject_category", - "command": "subject category delete $uuid_subject_category", - "result": "^$", - "description": "Delete my_new_subject_category subject_category.", - "command_options": "" - }, - { - "name": "list_subject_category", - "command": "subject category list", - "no_result": "$uuid_subject_category", - "description": "Check that my_new_subject_category subject_category was deleted." - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ], - "authz_and_admin": [ - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "create_intraextension_admin", - "command": "intraextension add --policy_model policy_rbac_admin admin_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an admin intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_admin", - "command": "intraextension list", - "result": "$uuid_admin", - "description": "Check the existence of that admin intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant demo", - "command_options": "" - }, - { - "name": "set_tenant_admin", - "command": "tenant set --admin $uuid_admin $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "check tenant alt_demo and authz ie", - "command": "tenant list", - "result": "alt_demo $uuid_authz", - "description": "Check that authz intra extension has been correctly added to the tenant.", - "command_options": "-c name -c intra_authz_extension_id -f value" - }, - { - "name": "check tenant alt_demo and admin ie", - "command": "tenant list", - "result": "$uuid_admin", - "description": "Check that admin intra extension has been correctly added to the tenant.", - "command_options": "-c intra_admin_extension_id -f value" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "add_subject", - "command": "subject add alt_demo --subject_pass nomoresecrete", - "result": "", - "description": "Add the new subject category alt_demo", - "command_options": "" - }, - { - "name": "list_subject", - "command": "subject list", - "result": "(?P\\w+)\\s+alt_demo", - "description": "Check that alt_demo subject was added." - }, - { - "name": "add_subject_category", - "command": "subject category add my_new_subject_category", - "result": "", - "description": "Add the new subject category my_new_subject_category", - "command_options": "" - }, - { - "name": "list_subject_category", - "command": "subject category list", - "result": "(?P\\w+)\\s+my_new_subject_category", - "description": "Check that my_new_subject_category subject_category was added." - }, - { - "name": "add_scope", - "command": "subject scope add $uuid_subject_category testers --description \"test engineers\"", - "result": "^$", - "description": "Add one scope to subject category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "subject scope list $uuid_subject_category", - "result": "(?P\\w+)\\s+testers\\s+test engineers", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_assignment", - "command": "subject assignment add $uuid_subject $uuid_subject_category $uuid_subject_scope", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "subject assignment list $uuid_subject $uuid_subject_category", - "result": "$uuid_subject_scope testers", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "delete_assignment", - "command": "subject assignment delete $uuid_subject $uuid_subject_category $uuid_subject_scope", - "result": "^$", - "description": "Delete the added assignment", - "command_options": "" - }, - { - "name": "check_deleted_assignment", - "command": "subject assignment list $uuid_subject $uuid_subject_category", - "no_result": "$uuid_subject_scope", - "description": "Check deleted assignment.", - "command_options": "-c id -f value" - }, - - { - "name": "delete_scope", - "command": "subject scope delete $uuid_subject_category $uuid_subject_scope", - "result": "^$", - "description": "Delete one scope from subject category role", - "command_options": "" - }, - { - "name": "delete_subject_category", - "command": "subject category delete $uuid_subject_category", - "result": "^$", - "description": "Delete my_new_subject_category subject_category.", - "command_options": "" - }, - { - "name": "list_subject_category", - "command": "subject category list", - "no_result": "$uuid_subject_category", - "description": "Check that my_new_subject_category subject_category was deleted." - }, - { - "name": "delete_admin_intra_extension", - "command": "intraextension delete $uuid_admin", - "result": "", - "description": "Delete the admin intra extension", - "command_options": "" - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ] - } -} \ No newline at end of file diff --git a/moonclient/moonclient/tests/tests_subject_categories.json b/moonclient/moonclient/tests/tests_subject_categories.json deleted file mode 100644 index cd2be2d1..00000000 --- a/moonclient/moonclient/tests/tests_subject_categories.json +++ /dev/null @@ -1,241 +0,0 @@ -{ - "command_options": "-f value", - "tests_group": { - "authz": [ - { - "auth_name": "admin", - "description": "Change user to admin (just in case...)" - }, - - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "add_subject_category", - "command": "subject category add my_new_subject_category", - "result": "", - "description": "Add the new subject category my_new_subject_category", - "command_options": "" - }, - { - "name": "list_subject_category", - "command": "subject category list", - "result": "(?P\\w+)\\s+my_new_subject_category", - "description": "Check that my_new_subject_category subject_category was added." - }, - { - "name": "delete_subject_category", - "command": "subject category delete $uuid_subject_category", - "result": "^$", - "description": "Delete my_new_subject_category subject_category.", - "command_options": "" - }, - { - "name": "list_subject_category", - "command": "subject category list", - "no_result": "$uuid_subject_category", - "description": "Check that my_new_subject_category subject_category was deleted." - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ], - "authz_and_admin": [ - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "create_intraextension_admin", - "command": "intraextension add --policy_model policy_rbac_admin admin_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an admin intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_admin", - "command": "intraextension list", - "result": "$uuid_admin", - "description": "Check the existence of that admin intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant demo", - "command_options": "" - }, - { - "name": "set_tenant_admin", - "command": "tenant set --admin $uuid_admin $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "check tenant alt_demo and authz ie", - "command": "tenant list", - "result": "alt_demo $uuid_authz", - "description": "Check that authz intra extension has been correctly added to the tenant.", - "command_options": "-c name -c intra_authz_extension_id -f value" - }, - { - "name": "check tenant alt_demo and admin ie", - "command": "tenant list", - "result": "$uuid_admin", - "description": "Check that admin intra extension has been correctly added to the tenant.", - "command_options": "-c intra_admin_extension_id -f value" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "add_subject_category", - "command": "subject category add my_new_subject_category", - "result": "", - "description": "Add the new subject category my_new_subject_category", - "command_options": "" - }, - { - "name": "list_subject_category", - "command": "subject category list", - "result": "(?P\\w+)\\s+my_new_subject_category", - "description": "Check that my_new_subject_category subject_category was added." - }, - { - "name": "delete_subject_category", - "command": "subject category delete $uuid_subject_category", - "result": "^$", - "description": "Delete my_new_subject_category subject_category.", - "command_options": "" - }, - { - "name": "list_subject_category", - "command": "subject category list", - "no_result": "$uuid_subject_category", - "description": "Check that my_new_subject_category subject_category was deleted." - }, - { - "name": "delete_admin_intra_extension", - "command": "intraextension delete $uuid_admin", - "result": "", - "description": "Delete the admin intra extension", - "command_options": "" - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ] - } -} \ No newline at end of file diff --git a/moonclient/moonclient/tests/tests_subject_scopes.json b/moonclient/moonclient/tests/tests_subject_scopes.json deleted file mode 100644 index bbf31c11..00000000 --- a/moonclient/moonclient/tests/tests_subject_scopes.json +++ /dev/null @@ -1,259 +0,0 @@ -{ - "command_options": "-f value", - "tests_group": { - "authz": [ - { - "auth_name": "admin", - "description": "Change user to admin (just in case...)" - }, - - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "get_one_subject_category", - "command": "subject category list", - "result": "(?P\\w+)\\s+role", - "description": "Get one subject_category for next tests.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_scope", - "command": "subject scope add $uuid_subject_category testers --description \"test engineers\"", - "result": "^$", - "description": "Add one scope to subject category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "subject scope list $uuid_subject_category", - "result": "(?P\\w+)\\s+testers\\s+test engineers", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "delete_scope", - "command": "subject scope delete $uuid_subject_category $uuid_subject_scope", - "result": "^$", - "description": "Delete one scope from subject category role", - "command_options": "" - }, - { - "name": "check_deleted_scope", - "command": "subject scope list $uuid_subject_category", - "no_result": "$uuid_subject_scope", - "description": "Check deleted scope.", - "command_options": "-c id -f value" - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ], - "authz_and_admin": [ - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "create_intraextension_admin", - "command": "intraextension add --policy_model policy_rbac_admin admin_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an admin intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_admin", - "command": "intraextension list", - "result": "$uuid_admin", - "description": "Check the existence of that admin intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant demo", - "command_options": "" - }, - { - "name": "set_tenant_admin", - "command": "tenant set --admin $uuid_admin $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "check tenant alt_demo and authz ie", - "command": "tenant list", - "result": "alt_demo $uuid_authz", - "description": "Check that authz intra extension has been correctly added to the tenant.", - "command_options": "-c name -c intra_authz_extension_id -f value" - }, - { - "name": "check tenant alt_demo and admin ie", - "command": "tenant list", - "result": "$uuid_admin", - "description": "Check that admin intra extension has been correctly added to the tenant.", - "command_options": "-c intra_admin_extension_id -f value" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "get_one_subject_category", - "command": "subject category list", - "result": "(?P\\w+)\\s+role", - "description": "Get one subject_category for next tests.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_scope", - "command": "subject scope add $uuid_subject_category testers --description \"test engineers\"", - "result": "^$", - "description": "Add one scope to subject category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "subject scope list $uuid_subject_category", - "result": "(?P\\w+)\\s+testers\\s+test engineers", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "delete_scope", - "command": "subject scope delete $uuid_subject_category $uuid_subject_scope", - "result": "^$", - "description": "Delete one scope from subject category role", - "command_options": "" - }, - { - "name": "check_deleted_scope", - "command": "subject scope list $uuid_subject_category", - "no_result": "$uuid_subject_scope", - "description": "Check deleted scope.", - "command_options": "-c id -f value" - }, - { - "name": "delete_admin_intra_extension", - "command": "intraextension delete $uuid_admin", - "result": "", - "description": "Delete the admin intra extension", - "command_options": "" - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ] - } -} \ No newline at end of file diff --git a/moonclient/moonclient/tests/tests_subjects.json b/moonclient/moonclient/tests/tests_subjects.json deleted file mode 100644 index 97a45da6..00000000 --- a/moonclient/moonclient/tests/tests_subjects.json +++ /dev/null @@ -1,241 +0,0 @@ -{ - "command_options": "-f value", - "tests_group": { - "authz": [ - { - "auth_name": "admin", - "description": "Change user to admin (just in case...)" - }, - - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "add_subject", - "command": "subject add alt_demo --subject_pass password", - "result": "", - "description": "Add the alt_demo subject", - "command_options": "" - }, - { - "name": "list_subject", - "command": "subject list", - "result": "(?P\\w+)\\s+alt_demo", - "description": "Check that alt_demo subject was added." - }, - { - "name": "delete_subject", - "command": "subject delete $uuid_subject", - "result": "^$", - "description": "Delete alt_demo subject.", - "command_options": "" - }, - { - "name": "list_subject", - "command": "subject list", - "no_result": "$uuid_subject", - "description": "Check that alt_demo subject was deleted." - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ], - "authz_and_admin": [ - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "create_intraextension_admin", - "command": "intraextension add --policy_model policy_rbac_admin admin_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an admin intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_admin", - "command": "intraextension list", - "result": "$uuid_admin", - "description": "Check the existence of that admin intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant demo", - "command_options": "" - }, - { - "name": "set_tenant_admin", - "command": "tenant set --admin $uuid_admin $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "check tenant alt_demo and authz ie", - "command": "tenant list", - "result": "alt_demo $uuid_authz", - "description": "Check that authz intra extension has been correctly added to the tenant.", - "command_options": "-c name -c intra_authz_extension_id -f value" - }, - { - "name": "check tenant alt_demo and admin ie", - "command": "tenant list", - "result": "$uuid_admin", - "description": "Check that admin intra extension has been correctly added to the tenant.", - "command_options": "-c intra_admin_extension_id -f value" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "add_subject", - "command": "subject add alt_demo --subject_pass password", - "result": "", - "description": "Add the alt_demo subject", - "command_options": "" - }, - { - "name": "list_subject", - "command": "subject list", - "result": "(?P\\w+)\\s+alt_demo", - "description": "Check that alt_demo subject was added." - }, - { - "name": "delete_subject", - "command": "subject delete $uuid_subject", - "result": "^$", - "description": "Delete alt_demo subject.", - "command_options": "" - }, - { - "name": "list_subject", - "command": "subject list", - "no_result": "$uuid_subject", - "description": "Check that alt_demo subject was deleted." - }, - { - "name": "delete_admin_intra_extension", - "command": "intraextension delete $uuid_admin", - "result": "", - "description": "Delete the admin intra extension", - "command_options": "" - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ] - } -} \ No newline at end of file diff --git a/moonclient/moonclient/tests/tests_submetarules.json b/moonclient/moonclient/tests/tests_submetarules.json deleted file mode 100644 index cde01c27..00000000 --- a/moonclient/moonclient/tests/tests_submetarules.json +++ /dev/null @@ -1,294 +0,0 @@ -{ - "command_options": "-f value", - "tests_group": { - "authz": [ - { - "auth_name": "admin", - "description": "Change user to admin (just in case...)" - }, - - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - - { - "name": "check_submetarules", - "command": "submetarule show", - "result": "(?P\\w+)\\s+subject_security_level", - "description": "Get one submetarule ID", - "command_options": "-c id -c \"subject categories\" -f value" - }, - { - "name": "list_subject_categories", - "command": "subject category list", - "result": "(?P\\w+)\\s+domain", - "description": "Get one subject category.", - "command_options": "-c id -c name -f value" - }, - { - "name": "list_subject_categories", - "command": "subject category list", - "result": "(?P\\w+)\\s+subject_security_level", - "description": "Get one subject category.", - "command_options": "-c id -c name -f value" - }, - { - "name": "set_submetarule", - "command": "submetarule set $submetarule_uuid --subject_category_id=\"$category_level_uuid,$category_domain_uuid\"", - "result": "^$", - "description": "Set a new submetarule", - "command_options": "" - }, - { - "name": "check_submetarule", - "command": "submetarule show", - "result": "$submetarule_uuid \\s*subject_security_level,\\s+domain", - "description": "Check the new submetarule", - "command_options": "-c id -c \"subject categories\" -f value" - }, - { - "name": "check_submetarule", - "command": "submetarule show", - "result": "$submetarule_uuid \\s*object_security_level", - "description": "Check the new submetarule", - "command_options": "-c id -c \"object categories\" -f value" - }, - - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "no_result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - }, - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - } - ], - "authz_and_admin": [ - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "create_intraextension_admin", - "command": "intraextension add --policy_model policy_rbac_admin admin_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an admin intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_admin", - "command": "intraextension list", - "result": "$uuid_admin", - "description": "Check the existence of that admin intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant demo", - "command_options": "" - }, - { - "name": "set_tenant_admin", - "command": "tenant set --admin $uuid_admin $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "check tenant alt_demo and authz ie", - "command": "tenant list", - "result": "alt_demo $uuid_authz", - "description": "Check that authz intra extension has been correctly added to the tenant.", - "command_options": "-c name -c intra_authz_extension_id -f value" - }, - { - "name": "check tenant alt_demo and admin ie", - "command": "tenant list", - "result": "$uuid_admin", - "description": "Check that admin intra extension has been correctly added to the tenant.", - "command_options": "-c intra_admin_extension_id -f value" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - - { - "name": "check_submetarules", - "command": "submetarule show", - "result": "(?P\\w+)\\s+subject_security_level", - "description": "Get one submetarule ID", - "command_options": "-c id -c \"subject categories\" -f value" - }, - { - "name": "list_subject_categories", - "command": "subject category list", - "result": "(?P\\w+)\\s+domain", - "description": "Get one subject category.", - "command_options": "-c id -c name -f value" - }, - { - "name": "list_subject_categories", - "command": "subject category list", - "result": "(?P\\w+)\\s+subject_security_level", - "description": "Get one subject category.", - "command_options": "-c id -c name -f value" - }, - { - "name": "set_submetarule", - "command": "submetarule set $submetarule_uuid --subject_category_id=\"$category_level_uuid,$category_domain_uuid\"", - "result": "^$", - "description": "Set a new submetarule", - "command_options": "" - }, - { - "name": "check_submetarule", - "command": "submetarule show", - "result": "$submetarule_uuid \\s*subject_security_level,\\s+domain", - "description": "Check the new submetarule", - "command_options": "-c id -c \"subject categories\" -f value" - }, - { - "name": "check_submetarule", - "command": "submetarule show", - "result": "$submetarule_uuid \\s*object_security_level", - "description": "Check the new submetarule", - "command_options": "-c id -c \"object categories\" -f value" - }, - - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "no_result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - }, - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - } - ] - } -} \ No newline at end of file diff --git a/moonclient/moonclient/tests/tests_tenants.json b/moonclient/moonclient/tests/tests_tenants.json deleted file mode 100644 index 719cdbfc..00000000 --- a/moonclient/moonclient/tests/tests_tenants.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "command_options": "-f value", - "tests_group": { - "main": [ - { - "auth_name": "admin", - "description": "Change user to admin (just in case...)" - }, - - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "List all tenants (must be empty)" - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_admin", - "command": "intraextension add --policy_model policy_rbac_admin admin_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an admin intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_admin", - "command": "intraextension list", - "result": "$uuid_admin", - "description": "Check the existence of that admin intra extension" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "check authz ie for tenant alt_demo", - "command": "tenant list", - "result": "alt_demo $uuid_authz", - "description": "Check that authz ie has been correctly added for tenant alt_demo ", - "command_options": "-c name -c intra_authz_extension_id -f value" - }, - { - "name": "set_tenant_admin", - "command": "tenant set --admin $uuid_admin $uuid", - "result": "", - "description": "Connect the admin intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "check admin ie for tenant alt_demo", - "command": "tenant list", - "result": "alt_demo $uuid_admin", - "description": "Check that admin ie has been correctly added for tenant alt_demo ", - "command_options": "-c name -c intra_admin_extension_id -f value" - }, - { - "name": "delete_admin_intra_extension", - "command": "intraextension delete $uuid_admin", - "result": "", - "description": "Delete the admin intra extension", - "command_options": "" - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ] - } -} \ No newline at end of file diff --git a/moonclient/moonclient/tests/todo/tests_empty_policy_new_user.json b/moonclient/moonclient/tests/todo/tests_empty_policy_new_user.json deleted file mode 100644 index ad9d7e52..00000000 --- a/moonclient/moonclient/tests/todo/tests_empty_policy_new_user.json +++ /dev/null @@ -1,3627 +0,0 @@ -{ - "command_options": "-f value", - "tests_group": { - "authz": [ - { - "auth_name": "admin", - "auth_password": "console", - "auth_tenant": "admin", - "description": "Change user to admin (just in case...)" - }, - - { - "name": "get cirros image", - "external_command": "wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img -o /tmp/cirros.img", - "result": "", - "description": "Download a Cirros image" - }, - { - "name": "install cirros image", - "external_command": "glance image-create --name \"cirros\" --disk-format qcow2 --file /tmp/cirros.img --container-format bare", - "result": "", - "description": "Upload the Cirros image in glance" - }, - { - "name": "create secgroup", - "external_command": "nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0", - "result": "", - "description": "Create a new secgroup in Nova" - }, - { - "name": "create secgroup", - "external_command": "nova secgroup-add-rule default tcp 22 22 0.0.0.0/0", - "result": "", - "description": "Create a new secgroup in Nova" - }, - { - "name": "create router", - "external_command": "neutron router-create demo-router", - "result": "", - "description": "Create a new router" - }, - { - "name": "set router", - "external_command": "neutron router-gateway-set demo-router ext-net", - "result": "", - "description": "Configure the new router" - }, - { - "name": "set router", - "external_command": "neutron net-create demo-net", - "result": "", - "description": "Configure the new router" - }, - { - "name": "set router", - "external_command": "neutron subnet-create demo-net 192.168.1.0/24 --name demo-subnet --gateway 192.168.1.1", - "result": "", - "description": "Configure the new router" - }, - { - "name": "set router", - "external_command": "neutron router-interface-add demo-router demo-subnet", - "result": "", - "description": "Configure the new router" - }, - { - "name": "openstack image list", - "external_command": "nova image-list", - "result": "(?P[\\w-]+)\\s+\\| cirros", - "description": "Get an Image ID" - }, - { - "name": "create tenant test", - "external_command": "openstack project create test_moonclient", - "result": "", - "description": "Create a new tenant" - }, - { - "name": "create user demo", - "external_command": "openstack user create --password console demo", - "result": "", - "description": "Create user demo" - }, - { - "name": "add role admin to demo", - "external_command": "openstack role add --project admin --user demo admin", - "result": "", - "description": "Force the admin role for the user demo on the project admin (for testing purpose)." - }, - { - "name": "neutron net-list", - "external_command": "neutron net-list", - "result": "(?P[\\w-]+)\\s+\\| demo-net", - "description": "Get an Net ID" - }, - { - "name": "nova boot new server", - "external_command": "nova boot --flavor m1.tiny --image $uuid_image --nic net-id=$uuid_net --security-group default test_moonclient", - "result": "", - "description": "Get an Image ID" - }, - { - "name": "sleep", - "external_command": "sleep 10", - "result": "", - "description": "time for server to really boot" - }, - { - "name": "nova get new server", - "external_command": "nova list", - "result": "\\| (?P[\\w\\-]+)\\s+\\| test_moonclient\\s+\\| ACTIVE\\s+\\| [\\w\\-]+\\s+\\| Running", - "description": "Get the ID of the new server" - }, - { - "name": "list tenant", - "command": "tenant list", - "no_result": "demo", - "description": "Check if tenant demo is used." - }, - { - "name": "add tenant demo", - "command": "tenant add demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant demo", - "command": "tenant list", - "result": "(?P\\w+)\\s+demo", - "description": "Check that tenant demo has been correctly added" - }, - { - "name": "add role admin to demo", - "external_command": "openstack role add --project demo --user demo admin ", - "result": "", - "description": "Add role admin to user demo (an error may occurred)" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_empty_authz empty_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant demo", - "command_options": "" - }, - { - "name": "list tenant", - "command": "tenant list", - "result": "demo", - "description": "Check if tenant demo is used." - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "add_subject", - "command": "subject add admin --subject_pass console", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_subject", - "command": "subject list", - "result": "(?P\\w+)\\s+admin", - "description": "Check that admin subject was added." - }, - { - "name": "add_subject", - "command": "subject add demo --subject_pass console", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_subject", - "command": "subject list", - "result": "(?P\\w+)\\s+demo", - "description": "Check that demo subject was added." - }, - { - "name": "add_object", - "command": "object add servers", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_object", - "command": "object list", - "result": "(?P\\w+)\\s+servers", - "description": "Check that servers subject was added." - }, - { - "name": "add_action", - "command": "action add pause", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P\\w+)\\s+pause", - "description": "Check that pause action was added." - }, - { - "name": "add_action", - "command": "action add unpause", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P\\w+)\\s+unpause", - "description": "Check that unpause action was added." - }, - { - "name": "add_action", - "command": "action add list", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P\\w+)\\s+list", - "description": "Check that list action was added." - }, - { - "name": "add_action", - "command": "action add start", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P\\w+)\\s+start", - "description": "Check that start action was added." - }, - { - "name": "add_action", - "command": "action add stop", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P\\w+)\\s+stop", - "description": "Check that stop action was added." - }, - { - "name": "add_action", - "command": "action add create", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P\\w+)\\s+create", - "description": "Check that create action was added." - }, - { - "name": "add_action", - "command": "action add upload", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P\\w+)\\s+upload", - "description": "Check that upload action was added." - }, - { - "name": "add_action", - "command": "action add download", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P\\w+)\\s+download", - "description": "Check that download action was added." - }, - { - "name": "add_action", - "command": "action add post", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P\\w+)\\s+post", - "description": "Check that post action was added." - }, - { - "name": "add_action", - "command": "action add storage_list", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P\\w+)\\s+storage_list", - "description": "Check that storage_list action was added." - }, - - { - "name": "add_subject_category", - "command": "subject category add subject_security_level", - "result": "", - "description": "Add the new subject category subject_security_level", - "command_options": "" - }, - { - "name": "list_subject_category", - "command": "subject category list", - "result": "(?P\\w+)\\s+subject_security_level", - "description": "Check that subject_security_level subject_category was added." - }, - { - "name": "add_object_category", - "command": "object category add object_security_level", - "result": "", - "description": "Add the new object category object_security_level", - "command_options": "" - }, - { - "name": "list_object_category", - "command": "object category list", - "result": "(?P\\w+)\\s+object_security_level", - "description": "Check that object_security_level object_category was added." - }, - { - "name": "add_action_category", - "command": "action category add resource_action", - "result": "", - "description": "Add the new action category resource_action", - "command_options": "" - }, - { - "name": "list_subject_category", - "command": "action category list", - "result": "(?P\\w+)\\s+resource_action", - "description": "Check that resource_action action_category was added." - }, - - { - "name": "add_scope", - "command": "subject scope add $uuid_subject_category_authz high --description \"high\"", - "result": "^$", - "description": "Add one scope to subject category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "subject scope list $uuid_subject_category_authz", - "result": "(?P\\w+)\\s+high\\s+high", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "subject scope add $uuid_subject_category_authz medium --description \"medium\"", - "result": "^$", - "description": "Add one scope to subject category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "subject scope list $uuid_subject_category_authz", - "result": "(?P\\w+)\\s+medium\\s+medium", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "subject scope add $uuid_subject_category_authz low --description \"low\"", - "result": "^$", - "description": "Add one scope to subject category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "subject scope list $uuid_subject_category_authz", - "result": "(?P\\w+)\\s+low\\s+low", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_authz high --description \"high\"", - "result": "^$", - "description": "Add one scope to object category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_authz", - "result": "(?P\\w+)\\s+high\\s+high", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_authz medium --description \"medium\"", - "result": "^$", - "description": "Add one scope to object category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_authz", - "result": "(?P\\w+)\\s+medium\\s+medium", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_authz low --description \"low\"", - "result": "^$", - "description": "Add one scope to object category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_authz", - "result": "(?P\\w+)\\s+low\\s+low", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "action scope add $uuid_action_category_authz vm_admin --description \"vm_admin\"", - "result": "^$", - "description": "Add one scope to action category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "action scope list $uuid_action_category_authz", - "result": "(?P\\w+)\\s+vm_admin\\s+vm_admin", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "action scope add $uuid_action_category_authz vm_access --description \"vm_access\"", - "result": "^$", - "description": "Add one scope to action category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "action scope list $uuid_action_category_authz", - "result": "(?P\\w+)\\s+vm_access\\s+vm_access", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "action scope add $uuid_action_category_authz storage_admin --description \"storage_admin\"", - "result": "^$", - "description": "Add one scope to action category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "action scope list $uuid_action_category_authz", - "result": "(?P\\w+)\\s+storage_admin\\s+storage_admin", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "action scope add $uuid_action_category_authz storage_access --description \"storage_access\"", - "result": "^$", - "description": "Add one scope to action category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "action scope list $uuid_action_category_authz", - "result": "(?P\\w+)\\s+storage_access\\s+storage_access", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_assignment", - "command": "subject assignment add $uuid_subject_admin $uuid_subject_category_authz $uuid_subject_scope_high", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "subject assignment list $uuid_subject_admin $uuid_subject_category_authz", - "result": "$uuid_subject_scope_high high", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "subject assignment add $uuid_subject_demo $uuid_subject_category_authz $uuid_subject_scope_medium", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "subject assignment list $uuid_subject_demo $uuid_subject_category_authz", - "result": "$uuid_subject_scope_medium medium", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_servers $uuid_object_category_authz $uuid_object_scope_low", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_servers $uuid_object_category_authz", - "result": "$uuid_object_scope_low low", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_pause $uuid_action_category_authz $uuid_action_scope_vm_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_pause $uuid_action_category_authz", - "result": "$uuid_action_scope_vm_admin vm_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_unpause $uuid_action_category_authz $uuid_action_scope_vm_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_unpause $uuid_action_category_authz", - "result": "$uuid_action_scope_vm_admin vm_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_start $uuid_action_category_authz $uuid_action_scope_vm_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_start $uuid_action_category_authz", - "result": "$uuid_action_scope_vm_admin vm_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_stop $uuid_action_category_authz $uuid_action_scope_vm_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_stop $uuid_action_category_authz", - "result": "$uuid_action_scope_vm_admin vm_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_list $uuid_action_category_authz $uuid_action_scope_vm_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_list $uuid_action_category_authz", - "result": "$uuid_action_scope_vm_admin vm_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_list $uuid_action_category_authz $uuid_action_scope_vm_access", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_list $uuid_action_category_authz", - "result": "$uuid_action_scope_vm_access vm_access", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_create $uuid_action_category_authz $uuid_action_scope_vm_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_create $uuid_action_category_authz", - "result": "$uuid_action_scope_vm_admin vm_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_storage_list $uuid_action_category_authz $uuid_action_scope_storage_access", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_storage_list $uuid_action_category_authz", - "result": "$uuid_action_scope_storage_access storage_access", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_download $uuid_action_category_authz $uuid_action_scope_storage_access", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_download $uuid_action_category_authz", - "result": "$uuid_action_scope_storage_access storage_access", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_upload $uuid_action_category_authz $uuid_action_scope_storage_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_upload $uuid_action_category_authz", - "result": "$uuid_action_scope_storage_admin storage_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_post $uuid_action_category_authz $uuid_action_scope_storage_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_post $uuid_action_category_authz", - "result": "$uuid_action_scope_storage_admin storage_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "check_submetarules", - "command": "submetarule show", - "result": "(?P\\w+)", - "description": "Get one submetarule ID", - "command_options": "-c id -f value" - }, - { - "name": "set_submetarule", - "command": "submetarule set $submetarule_uuid_authz --subject_category_id=\"$uuid_subject_category_authz\" --object_category_id=\"$uuid_object_category_authz\" --action_category_id=\"$uuid_action_category_authz\"", - "result": "^$", - "description": "Set a new submetarule", - "command_options": "" - }, - { - "name": "check_submetarule", - "command": "submetarule show", - "result": "$submetarule_uuid_authz \\s*subject_security_level", - "description": "Check the new submetarule", - "command_options": "-c id -c \"subject categories\" -f value" - }, - { - "name": "check_submetarule", - "command": "submetarule show", - "result": "$submetarule_uuid_authz \\s*object_security_level", - "description": "Check the new submetarule", - "command_options": "-c id -c \"object categories\" -f value" - }, - { - "name": "check_submetarule", - "command": "submetarule show", - "result": "$submetarule_uuid_authz \\s*resource_action", - "description": "Check the new submetarule", - "command_options": "-c id -c \"action categories\" -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_authz \"high,vm_admin,medium\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_authz", - "result": "(?P\\w+)\\s+high\\s+vm_admin\\s+medium", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_authz \"high,vm_admin,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_authz", - "result": "(?P\\w+)\\s+high\\s+vm_admin\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_authz \"medium,vm_admin,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_authz", - "result": "(?P\\w+)\\s+medium\\s+vm_admin\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_authz \"high,vm_access,medium\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_authz", - "result": "(?P\\w+)\\s+high\\s+vm_access\\s+medium", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_authz \"high,vm_access,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_authz", - "result": "(?P\\w+)\\s+high\\s+vm_access\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_authz \"medium,vm_access,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_authz", - "result": "(?P\\w+)\\s+medium\\s+vm_access\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_authz \"high,storage_admin,medium\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_authz", - "result": "(?P\\w+)\\s+high\\s+storage_admin\\s+medium", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_authz \"high,storage_admin,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_authz", - "result": "(?P\\w+)\\s+high\\s+storage_admin\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_authz \"medium,storage_admin,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_authz", - "result": "(?P\\w+)\\s+medium\\s+storage_admin\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_authz \"high,storage_access,medium\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_authz", - "result": "(?P\\w+)\\s+high\\s+storage_access\\s+medium", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_authz \"high,storage_access,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_authz", - "result": "(?P\\w+)\\s+high\\s+storage_access\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_authz \"medium,storage_access,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_authz", - "result": "(?P\\w+)\\s+medium\\s+storage_access\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "get aggregation algorithm", - "command": "aggregation algorithm list", - "result": "(?P\\w+)\\s+one_true", - "description": "Get aggregation algorithm.", - "command_options": "-c id -c name -f value" - }, - { - "name": "set aggregation algorithm", - "command": "aggregation algorithm set $uuid_aggregation", - "result": "", - "description": "Set aggregation algorithm to one_true.", - "command_options": "" - }, - { - "name": "get aggregation algorithm", - "command": "aggregation algorithm show", - "result": "$uuid_aggregation\\s+one_true", - "description": "Check aggregation algorithm.", - "command_options": "-c id -c name -f value" - }, - { - "name": "get submetarule algorithm", - "command": "submetarule algorithm list", - "result": "(?P\\w+)\\s+inclusion", - "description": "Get submetarule algorithm named inclusion.", - "command_options": "-c id -c name -f value" - }, - { - "name": "set submetarule algorithm", - "command": "submetarule set --algorithm_name inclusion $submetarule_uuid_authz", - "result": "", - "description": "Set submetarule algorithm to inclusion.", - "command_options": "" - }, - - { - "name": "create_intraextension_admin", - "command": "intraextension add --policy_model policy_empty_admin empty_admin_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an admin intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_admin", - "description": "Check the existence of that admin intra extension" - }, - { - "name": "set_tenant_admin", - "command": "tenant set --admin $uuid_admin $uuid", - "result": "", - "description": "Connect the admin intra extension to the tenant demo", - "command_options": "" - }, - { - "name": "list tenant", - "command": "tenant list", - "result": "demo", - "description": "Check if tenant demo is used." - }, - { - "name": "select_admin_ie", - "command": "intraextension select $uuid_admin", - "result": "Select $uuid_admin IntraExtension.", - "description": "Select the admin IntraExtension", - "command_options": "" - }, - { - "name": "check_select_admin_ie", - "command": "intraextension show selected", - "result": "$uuid_admin", - "description": "Check the selected admin IntraExtension", - "command_options": "-c id -f value" - }, - - { - "name": "add_subject", - "command": "subject add admin --subject_pass console", - "result": "", - "description": "Add admin subject.", - "command_options": "" - }, - { - "name": "list_subject", - "command": "subject list", - "result": "(?P\\w+)\\s+admin", - "description": "Check that admin subject was already there." - }, - { - "name": "list_object", - "command": "object list", - "result": "(?P\\w+)\\s+authz.subjects", - "description": "Check that authz_subjects subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P\\w+)\\s+authz.objects", - "description": "Check that authz_objects subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P\\w+)\\s+authz.actions", - "description": "Check that authz_actions subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P\\w+)\\s+authz.subject_categories", - "description": "Check that authz_subject_categories subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P\\w+)\\s+authz.object_categories", - "description": "Check that authz_object_categories subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P\\w+)\\s+authz.action_categories", - "description": "Check that authz_action_categories subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P\\w+)\\s+authz.subject_scopes", - "description": "Check that authz_subject_scopes subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P\\w+)\\s+authz.object_scopes", - "description": "Check that authz_object_scopes subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P\\w+)\\s+authz.action_scopes", - "description": "Check that authz_action_scopes subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P\\w+)\\s+authz.subject_assignments", - "description": "Check that authz_subject_assignments subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P\\w+)\\s+authz.object_assignments", - "description": "Check that authz_object_assignments subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P\\w+)\\s+authz.action_assignments", - "description": "Check that authz_action_assignments subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P\\w+)\\s+authz.aggregation_algorithm", - "description": "Check that authz_aggregation_algorithm subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P\\w+)\\s+authz.sub_meta_rules", - "description": "Check that authz_sub_meta_rules subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P\\w+)\\s+authz.rules", - "description": "Check that authz_rules subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P\\w+)\\s+admin.subjects", - "description": "Check that admin_subjects subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P\\w+)\\s+admin.objects", - "description": "Check that admin_objects subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P\\w+)\\s+admin.actions", - "description": "Check that admin_actions subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P\\w+)\\s+admin.subject_categories", - "description": "Check that admin_subject_categories subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P\\w+)\\s+admin.object_categories", - "description": "Check that admin_object_categories subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P\\w+)\\s+admin.action_categories", - "description": "Check that admin_action_categories subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P\\w+)\\s+admin.subject_scopes", - "description": "Check that admin_subject_scopes subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P\\w+)\\s+admin.object_scopes", - "description": "Check that admin_object_scopes subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P\\w+)\\s+admin.action_scopes", - "description": "Check that admin_action_scopes subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P\\w+)\\s+admin.subject_assignments", - "description": "Check that admin_subject_assignments subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P\\w+)\\s+admin.object_assignments", - "description": "Check that admin_object_assignments subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P\\w+)\\s+admin.action_assignments", - "description": "Check that admin_action_assignments subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P\\w+)\\s+admin.aggregation_algorithm", - "description": "Check that admin_aggregation_algorithm subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P\\w+)\\s+admin.sub_meta_rules", - "description": "Check that admin_sub_meta_rules subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P\\w+)\\s+admin.rules", - "description": "Check that admin_rules subject was already there." - }, - - { - "name": "list_action", - "command": "action list", - "result": "(?P\\w+)\\s+read", - "description": "Check that read action was already there." - }, - - { - "name": "list_action", - "command": "action list", - "result": "(?P\\w+)\\s+write", - "description": "Check that write action was already there." - }, - - { - "name": "add_subject_category", - "command": "subject category add role", - "result": "", - "description": "Add the new subject category role", - "command_options": "" - }, - { - "name": "list_subject_category", - "command": "subject category list", - "result": "(?P\\w+)\\s+role", - "description": "Check that role subject_category was added." - }, - { - "name": "add_object_category", - "command": "object category add object_id", - "result": "", - "description": "Add the new object category object_id", - "command_options": "" - }, - { - "name": "list_object_category", - "command": "object category list", - "result": "(?P\\w+)\\s+object_id", - "description": "Check that object_id object_category was added." - }, - { - "name": "add_action_category", - "command": "action category add action_id", - "result": "", - "description": "Add the new action category action_id", - "command_options": "" - }, - { - "name": "list_subject_category", - "command": "action category list", - "result": "(?P\\w+)\\s+action_id", - "description": "Check that action_id action_category was added." - }, - - { - "name": "add_scope", - "command": "subject scope add $uuid_subject_category_admin root_role --description \"root role\"", - "result": "^$", - "description": "Add one scope to subject category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "subject scope list $uuid_subject_category_admin", - "result": "(?P\\w+)\\s+root_role\\s+root role", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "subject scope add $uuid_subject_category_admin dev_role --description \"dev role\"", - "result": "^$", - "description": "Add one scope to subject category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "subject scope list $uuid_subject_category_admin", - "result": "(?P\\w+)\\s+dev_role\\s+dev role", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin authz_subjects --description \"authz subjects\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P\\w+)\\s+authz.subjects\\s+authz subjects", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin authz_objects --description \"authz objects\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P\\w+)\\s+authz.objects\\s+authz objects", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin authz_actions --description \"authz actions\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P\\w+)\\s+authz.actions\\s+authz actions", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin authz_subject_categories --description \"authz subject categories\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P\\w+)\\s+authz.subject_categories\\s+authz subject categories", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin authz_object_categories --description \"authz object categories\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P\\w+)\\s+authz.object_categories\\s+authz object categories", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin authz_action_categories --description \"authz action categories\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P\\w+)\\s+authz.action_categories\\s+authz action categories", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin authz_subject_scopes --description \"authz subject scopes\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P\\w+)\\s+authz.subject_scopes\\s+authz subject scopes", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin authz_object_scopes --description \"authz object scopes\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P\\w+)\\s+authz.object_scopes\\s+authz object scopes", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin authz_action_scopes --description \"authz action scopes\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P\\w+)\\s+authz.action_scopes\\s+authz action scopes", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin authz_subject_assignments --description \"authz subject assignments\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P\\w+)\\s+authz.subject_assignments\\s+authz subject assignments", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin authz_object_assignments --description \"authz object assignments\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P\\w+)\\s+authz.object_assignments\\s+authz object assignments", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin authz_action_assignments --description \"authz action assignments\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P\\w+)\\s+authz.action_assignments\\s+authz action assignments", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin authz_aggregation_algorithm --description \"authz aggregation algorithm\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P\\w+)\\s+authz.aggregation_algorithm\\s+authz aggregation algorithm", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin authz_sub_meta_rules --description \"authz sub meta rules\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P\\w+)\\s+authz.sub_meta_rules\\s+authz sub meta rules", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin authz_rules --description \"authz rules\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P\\w+)\\s+authz.rules\\s+authz rules", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin admin_subjects --description \"admin subjects\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P\\w+)\\s+admin.subjects\\s+admin subjects", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin admin_objects --description \"admin objects\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P\\w+)\\s+admin.objects\\s+admin objects", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin admin_actions --description \"admin actions\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P\\w+)\\s+admin.actions\\s+admin actions", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin admin_subject_categories --description \"admin subject categories\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P\\w+)\\s+admin.subject_categories\\s+admin subject categories", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin admin_object_categories --description \"admin object categories\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P\\w+)\\s+admin.object_categories\\s+admin object categories", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin admin_action_categories --description \"admin action categories\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P\\w+)\\s+admin.action_categories\\s+admin action categories", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin admin_subject_scopes --description \"admin subject scopes\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P\\w+)\\s+admin.subject_scopes\\s+admin subject scopes", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin admin_object_scopes --description \"admin object scopes\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P\\w+)\\s+admin.object_scopes\\s+admin object scopes", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin admin_action_scopes --description \"admin action scopes\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P\\w+)\\s+admin.action_scopes\\s+admin action scopes", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin admin_subject_assignments --description \"admin subject assignments\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P\\w+)\\s+admin.subject_assignments\\s+admin subject assignments", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin admin_object_assignments --description \"admin object assignments\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P\\w+)\\s+admin.object_assignments\\s+admin object assignments", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin admin_action_assignments --description \"admin action assignments\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P\\w+)\\s+admin.action_assignments\\s+admin action assignments", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin admin_aggregation_algorithm --description \"admin aggregation algorithm\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P\\w+)\\s+admin.aggregation_algorithm\\s+admin aggregation algorithm", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin admin_sub_meta_rules --description \"admin sub meta rules\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P\\w+)\\s+admin.sub_meta_rules\\s+admin sub meta rules", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin admin_rules --description \"admin rules\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P\\w+)\\s+admin.rules\\s+admin rules", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "action scope add $uuid_action_category_admin read --description \"read\"", - "result": "^$", - "description": "Add one scope to action category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "action scope list $uuid_action_category_admin", - "result": "(?P\\w+)\\s+read\\s+read", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "action scope add $uuid_action_category_admin write --description \"write\"", - "result": "^$", - "description": "Add one scope to action category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "action scope list $uuid_action_category_admin", - "result": "(?P\\w+)\\s+write\\s+write", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_assignment", - "command": "subject assignment add $uuid_subject_admin $uuid_subject_category_admin $uuid_subject_scope_root_role", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "subject assignment list $uuid_subject_admin $uuid_subject_category_admin", - "result": "$uuid_subject_scope_root_role root_role", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_authz_subjects $uuid_object_category_admin $uuid_object_scope_authz_subjects", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_authz_subjects $uuid_object_category_admin", - "result": "$uuid_object_scope_authz_subjects authz_subjects", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_authz_objects $uuid_object_category_admin $uuid_object_scope_authz_objects", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_authz_objects $uuid_object_category_admin", - "result": "$uuid_object_scope_authz_objects authz_objects", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_authz_actions $uuid_object_category_admin $uuid_object_scope_authz_actions", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_authz_actions $uuid_object_category_admin", - "result": "$uuid_object_scope_authz_actions authz_actions", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_authz_subject_categories $uuid_object_category_admin $uuid_object_scope_authz_subject_categories", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_authz_subject_categories $uuid_object_category_admin", - "result": "$uuid_object_scope_authz_subject_categories authz_subject_categories", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_authz_object_categories $uuid_object_category_admin $uuid_object_scope_authz_object_categories", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_authz_object_categories $uuid_object_category_admin", - "result": "$uuid_object_scope_authz_object_categories authz_object_categories", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_authz_action_categories $uuid_object_category_admin $uuid_object_scope_authz_action_categories", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_authz_action_categories $uuid_object_category_admin", - "result": "$uuid_object_scope_authz_action_categories authz_action_categories", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_authz_subject_scopes $uuid_object_category_admin $uuid_object_scope_authz_subject_scopes", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_authz_subject_scopes $uuid_object_category_admin", - "result": "$uuid_object_scope_authz_subject_scopes authz_subject_scopes", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_authz_object_scopes $uuid_object_category_admin $uuid_object_scope_authz_object_scopes", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_authz_object_scopes $uuid_object_category_admin", - "result": "$uuid_object_scope_authz_object_scopes authz_object_scopes", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_authz_action_scopes $uuid_object_category_admin $uuid_object_scope_authz_action_scopes", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_authz_action_scopes $uuid_object_category_admin", - "result": "$uuid_object_scope_authz_action_scopes authz_action_scopes", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_authz_subject_assignments $uuid_object_category_admin $uuid_object_scope_authz_subject_assignments", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_authz_subject_assignments $uuid_object_category_admin", - "result": "$uuid_object_scope_authz_subject_assignments authz_subject_assignments", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_authz_object_assignments $uuid_object_category_admin $uuid_object_scope_authz_object_assignments", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_authz_object_assignments $uuid_object_category_admin", - "result": "$uuid_object_scope_authz_object_assignments authz_object_assignments", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_authz_action_assignments $uuid_object_category_admin $uuid_object_scope_authz_action_assignments", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_authz_action_assignments $uuid_object_category_admin", - "result": "$uuid_object_scope_authz_action_assignments authz_action_assignments", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_authz_aggregation_algorithm $uuid_object_category_admin $uuid_object_scope_authz_aggregation_algorithm", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_authz_aggregation_algorithm $uuid_object_category_admin", - "result": "$uuid_object_scope_authz_aggregation_algorithm authz_aggregation_algorithm", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_authz_sub_meta_rules $uuid_object_category_admin $uuid_object_scope_authz_sub_meta_rules", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_authz_sub_meta_rules $uuid_object_category_admin", - "result": "$uuid_object_scope_authz_sub_meta_rules authz_sub_meta_rules", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_authz_rules $uuid_object_category_admin $uuid_object_scope_authz_rules", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_authz_rules $uuid_object_category_admin", - "result": "$uuid_object_scope_authz_rules authz_rules", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_admin_subjects $uuid_object_category_admin $uuid_object_scope_admin_subjects", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_admin_subjects $uuid_object_category_admin", - "result": "$uuid_object_scope_admin_subjects admin_subjects", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_admin_objects $uuid_object_category_admin $uuid_object_scope_admin_objects", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_admin_objects $uuid_object_category_admin", - "result": "$uuid_object_scope_admin_objects admin_objects", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_admin_actions $uuid_object_category_admin $uuid_object_scope_admin_actions", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_admin_actions $uuid_object_category_admin", - "result": "$uuid_object_scope_admin_actions admin_actions", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_admin_subject_categories $uuid_object_category_admin $uuid_object_scope_admin_subject_categories", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_admin_subject_categories $uuid_object_category_admin", - "result": "$uuid_object_scope_admin_subject_categories admin_subject_categories", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_admin_object_categories $uuid_object_category_admin $uuid_object_scope_admin_object_categories", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_admin_object_categories $uuid_object_category_admin", - "result": "$uuid_object_scope_admin_object_categories admin_object_categories", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_admin_action_categories $uuid_object_category_admin $uuid_object_scope_admin_action_categories", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_admin_action_categories $uuid_object_category_admin", - "result": "$uuid_object_scope_admin_action_categories admin_action_categories", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_admin_subject_scopes $uuid_object_category_admin $uuid_object_scope_admin_subject_scopes", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_admin_subject_scopes $uuid_object_category_admin", - "result": "$uuid_object_scope_admin_subject_scopes admin_subject_scopes", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_admin_object_scopes $uuid_object_category_admin $uuid_object_scope_admin_object_scopes", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_admin_object_scopes $uuid_object_category_admin", - "result": "$uuid_object_scope_admin_object_scopes admin_object_scopes", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_admin_action_scopes $uuid_object_category_admin $uuid_object_scope_admin_action_scopes", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_admin_action_scopes $uuid_object_category_admin", - "result": "$uuid_object_scope_admin_action_scopes admin_action_scopes", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_admin_subject_assignments $uuid_object_category_admin $uuid_object_scope_admin_subject_assignments", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_admin_subject_assignments $uuid_object_category_admin", - "result": "$uuid_object_scope_admin_subject_assignments admin_subject_assignments", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_admin_object_assignments $uuid_object_category_admin $uuid_object_scope_admin_object_assignments", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_admin_object_assignments $uuid_object_category_admin", - "result": "$uuid_object_scope_admin_object_assignments admin_object_assignments", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_admin_action_assignments $uuid_object_category_admin $uuid_object_scope_admin_action_assignments", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_admin_action_assignments $uuid_object_category_admin", - "result": "$uuid_object_scope_admin_action_assignments admin_action_assignments", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_admin_aggregation_algorithm $uuid_object_category_admin $uuid_object_scope_admin_aggregation_algorithm", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_admin_aggregation_algorithm $uuid_object_category_admin", - "result": "$uuid_object_scope_admin_aggregation_algorithm admin_aggregation_algorithm", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_admin_sub_meta_rules $uuid_object_category_admin $uuid_object_scope_admin_sub_meta_rules", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_admin_sub_meta_rules $uuid_object_category_admin", - "result": "$uuid_object_scope_admin_sub_meta_rules admin_sub_meta_rules", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_admin_rules $uuid_object_category_admin $uuid_object_scope_admin_rules", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_admin_rules $uuid_object_category_admin", - "result": "$uuid_object_scope_admin_rules admin_rules", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_read $uuid_action_category_admin $uuid_action_scope_read", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_read $uuid_action_category_admin", - "result": "$uuid_action_scope_read read", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_write $uuid_action_category_admin $uuid_action_scope_write", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_write $uuid_action_category_admin", - "result": "$uuid_action_scope_write write", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "check_submetarules", - "command": "submetarule show", - "result": "(?P\\w+)", - "description": "Get one submetarule ID", - "command_options": "-c id -f value" - }, - { - "name": "set_submetarule", - "command": "submetarule set $submetarule_uuid_admin --subject_category_id=\"$uuid_subject_category_admin\" --object_category_id=\"$uuid_object_category_admin\" --action_category_id=\"$uuid_action_category_admin\"", - "result": "^$", - "description": "Set a new submetarule", - "command_options": "" - }, - { - "name": "check_submetarule", - "command": "submetarule show", - "result": "$submetarule_uuid_admin \\s*role", - "description": "Check the new submetarule", - "command_options": "-c id -c \"subject categories\" -f value" - }, - { - "name": "check_submetarule", - "command": "submetarule show", - "result": "$submetarule_uuid_admin \\s*object_id", - "description": "Check the new submetarule", - "command_options": "-c id -c \"object categories\" -f value" - }, - { - "name": "check_submetarule", - "command": "submetarule show", - "result": "$submetarule_uuid_admin \\s*action_id", - "description": "Check the new submetarule", - "command_options": "-c id -c \"action categories\" -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_subjects\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+read\\s+authz.subjects", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_objects\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+read\\s+authz.objects", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_actions\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+read\\s+authz.actions", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_subject_categories\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+read\\s+authz.subject_categories", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_object_categories\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+read\\s+authz.object_categories", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_action_categories\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+read\\s+authz.action_categories", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_subject_scopes\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+read\\s+authz.subject_scopes", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_object_scopes\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+read\\s+authz.object_scopes", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_action_scopes\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+read\\s+authz.action_scopes", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_subject_assignments\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+read\\s+authz.subject_assignments", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_object_assignments\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+read\\s+authz.object_assignments", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_action_assignments\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+read\\s+authz.action_assignments", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_aggregation_algorithm\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+read\\s+authz.aggregation_algorithm", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_sub_meta_rules\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+read\\s+authz.sub_meta_rules", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_rules\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+read\\s+authz.rules", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_subjects\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+write\\s+authz.subjects", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_objects\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+write\\s+authz.objects", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_actions\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+write\\s+authz.actions", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_subject_categories\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+write\\s+authz.subject_categories", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_object_categories\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+write\\s+authz.object_categories", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_action_categories\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+write\\s+authz.action_categories", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_subject_scopes\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+write\\s+authz.subject_scopes", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_object_scopes\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+write\\s+authz.object_scopes", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_action_scopes\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+write\\s+authz.action_scopes", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_subject_assignments\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+write\\s+authz.subject_assignments", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_object_assignments\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+write\\s+authz.object_assignments", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_action_assignments\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+write\\s+authz.action_assignments", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_aggregation_algorithm\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+write\\s+authz.aggregation_algorithm", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_sub_meta_rules\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+write\\s+authz.sub_meta_rules", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_rules\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+write\\s+authz.rules", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_subjects\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+read\\s+admin.subjects", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_objects\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+read\\s+admin.objects", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_actions\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+read\\s+admin.actions", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_subject_categories\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+read\\s+admin.subject_categories", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_object_categories\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+read\\s+admin.object_categories", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_action_categories\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+read\\s+admin.action_categories", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_subject_scopes\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+read\\s+admin.subject_scopes", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_object_scopes\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+read\\s+admin.object_scopes", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_action_scopes\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+read\\s+admin.action_scopes", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_subject_assignments\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+read\\s+admin.subject_assignments", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_object_assignments\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+read\\s+admin.object_assignments", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_action_assignments\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+read\\s+admin.action_assignments", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_aggregation_algorithm\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+read\\s+admin.aggregation_algorithm", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_sub_meta_rules\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+read\\s+admin.sub_meta_rules", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_rules\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+read\\s+admin.rules", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_subjects\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+write\\s+admin.subjects", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_objects\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+write\\s+admin.objects", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_actions\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+write\\s+admin.actions", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_subject_categories\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+write\\s+admin.subject_categories", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_object_categories\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+write\\s+admin.object_categories", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_action_categories\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+write\\s+admin.action_categories", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_subject_scopes\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+write\\s+admin.subject_scopes", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_object_scopes\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+write\\s+admin.object_scopes", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_action_scopes\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+write\\s+admin.action_scopes", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_subject_assignments\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+write\\s+admin.subject_assignments", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_object_assignments\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+write\\s+admin.object_assignments", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_action_assignments\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+write\\s+admin.action_assignments", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_aggregation_algorithm\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+write\\s+admin.aggregation_algorithm", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_sub_meta_rules\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+write\\s+admin.sub_meta_rules", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_rules\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+root_role\\s+write\\s+admin.rules", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - { - "name": "get aggregation algorithm", - "command": "aggregation algorithm list", - "result": "(?P\\w+)\\s+one_true", - "description": "Get aggregation algorithm.", - "command_options": "-c id -c name -f value" - }, - { - "name": "set aggregation algorithm", - "command": "aggregation algorithm set $uuid_aggregation", - "result": "", - "description": "Set aggregation algorithm to one_true.", - "command_options": "" - }, - { - "name": "get aggregation algorithm", - "command": "aggregation algorithm show", - "result": "$uuid_aggregation\\s+one_true", - "description": "Check aggregation algorithm.", - "command_options": "-c id -c name -f value" - }, - { - "name": "get submetarule algorithm", - "command": "submetarule algorithm list", - "result": "(?P\\w+)\\s+inclusion", - "description": "Get submetarule algorithm named inclusion.", - "command_options": "-c id -c name -f value" - }, - { - "name": "set submetarule algorithm", - "command": "submetarule set --algorithm_name inclusion $submetarule_uuid_admin", - "result": "", - "description": "Set submetarule algorithm to inclusion.", - "command_options": "" - }, - - { - "name": "select_admin_ie", - "command": "intraextension select $uuid_admin", - "result": "Select $uuid_admin IntraExtension.", - "description": "Select the admin IntraExtension", - "command_options": "" - }, - { - "name": "check_select_admin_ie", - "command": "intraextension show selected", - "result": "$uuid_admin", - "description": "Check the selected admin IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "add_subject", - "command": "subject add demo --subject_pass console", - "result": "", - "description": "Add demo subject.", - "command_options": "" - }, - { - "name": "list_subject", - "command": "subject list", - "result": "(?P\\w+)\\s+demo", - "description": "Check that demo subject was added." - }, - { - "name": "add_new_role", - "command": "subject scope add $uuid_subject_category_admin demo_role", - "result": "", - "description": "Add demo_role to demo subject.", - "command_options": "" - }, - { - "name": "check_new_role", - "command": "subject scope list $uuid_subject_category_admin", - "result": "(?P\\w+)\\s+demo_role", - "description": "Check that demo_role was added." - }, - { - "name": "add_new_assignment", - "command": "subject assignment add $uuid_subject_demo_admin $uuid_subject_category_admin $uuid_subject_scope_demo_role", - "result": "", - "description": "Link the demo subject to the demo_role scope.", - "command_options": "" - }, - { - "name": "check_new_assignment", - "command": "subject assignment list $uuid_subject_demo_admin $uuid_subject_category_admin", - "result": "$uuid_subject_scope_demo_role demo_role", - "description": "Check that assignment was added.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"demo_role,read,authz_objects\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+demo_role\\s+read\\s+authz_objects", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"demo_role,write,authz_objects\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+demo_role\\s+write\\s+authz_objects", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"demo_role,read,authz_object_assignments\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+demo_role\\s+read\\s+authz_object_assignments", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"demo_role,write,authz_object_assignments\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+demo_role\\s+write\\s+authz_object_assignments", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"demo_role,read,authz_object_scopes\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+demo_role\\s+read\\s+authz_object_scopes", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"demo_role,write,authz_object_scopes\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+demo_role\\s+write\\s+authz_object_scopes", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"demo_role,read,authz_object_categories\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+demo_role\\s+read\\s+authz_object_categories", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"demo_role,write,authz_object_categories\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P\\w+)\\s+demo_role\\s+write\\s+authz_object_categories", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected admin IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "add_subject", - "command": "subject add demo --subject_pass console", - "result": "", - "description": "Add demo subject.", - "command_options": "" - }, - { - "name": "list_subject", - "command": "subject list", - "result": "(?P\\w+)\\s+demo", - "description": "Check that admin subject was added." - }, - - { - "name": "demo: check nova command", - "external_command": "nova --os-user-name demo --os-project-name demo --os-password console list", - "result": "test_moonclient", - "description": "Check demo can list nova servers due to the current rules" - }, - { - "name": "demo: try to pause nova instance", - "external_command": "nova --os-username demo --os-project-name demo --os-password console pause $uuid_server", - "result": "^$", - "description": "Pausing the server must be impossible due to the current rules" - }, - { - "name": "check nova command", - "external_command": "nova --os-user-name demo --os-project-name demo --os-password console list", - "result": "\\| (?P[\\w\\-]+)\\s+\\| test_moonclient\\s+\\| ACTIVE\\s+\\| [\\w\\-]+\\s+\\| Running", - "description": "Check that nova server is still in running state." - }, - - { - "name": "list tenant", - "command": "tenant list", - "result": "demo", - "description": "Check if tenant demo is used." - }, - - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - - { - "auth_name": "demo", - "auth_password": "console", - "auth_tenant": "demo", - "description": "Change user to demo" - }, - - { - "name": "add_object", - "command": "object add $uuid_server", - "result": "", - "description": "Add the new nova server", - "command_options": "" - }, - { - "name": "list_object", - "command": "object list", - "result": "(?P\\w+)\\s+$uuid_server", - "description": "Check that the new nova server was added." - }, - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_nova_server $uuid_object_category_authz $uuid_object_scope_low", - "result": "^$", - "description": "Set the assignment 'low' to nova server", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_nova_server $uuid_object_category_authz", - "result": "$uuid_object_scope_low low", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "check nova command", - "external_command": "nova list", - "result": "\\| (?P[\\w\\-]+)\\s+\\| test_moonclient\\s+\\| ACTIVE\\s+\\| [\\w\\-]+\\s+\\| Running", - "description": "Check that we can now list nova servers due to the current rules" - }, - { - "name": "try to pause nova instance", - "external_command": "nova pause $uuid_server", - "result": "^$", - "description": "Pausing the server must be possible now" - }, - { - "name": "check nova command", - "external_command": "nova list", - "result": "\\| (?P[\\w\\-]+)\\s+\\| test_moonclient\\s+\\| PAUSED\\s+\\| [\\w\\-]+\\s+\\| Paused", - "description": "Check that we can still list nova servers due to the current rules" - }, - { - "name": "reactivate nova instance", - "external_command": "nova unpause $uuid_server", - "result": "^$", - "description": "Unpausing the server for next tests" - }, - - { - "name": "del_assignment", - "command": "object assignment delete $uuid_object_nova_server $uuid_object_category_authz $uuid_object_scope_low", - "result": "^$", - "description": "Delete the assignment 'low' to nova server", - "command_options": "" - }, - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_nova_server $uuid_object_category_authz $uuid_object_scope_high", - "result": "^$", - "description": "Set the assignment 'high' to nova server", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_nova_server $uuid_object_category_authz", - "result": "$uuid_object_scope_high high", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "check nova command", - "external_command": "nova list", - "result": "\\| (?P[\\w\\-]+)\\s+\\| test_moonclient\\s+\\| ACTIVE\\s+\\| [\\w\\-]+\\s+\\| Running", - "description": "Check that we can now list nova servers due to the current rules" - }, - { - "name": "try to pause nova instance", - "external_command": "nova pause $uuid_server", - "result": "^$", - "description": "Pausing the server must be not possible now" - }, - { - "name": "check nova command", - "external_command": "nova list", - "result": "\\| (?P[\\w\\-]+)\\s+\\| test_moonclient\\s+\\| ACTIVE\\s+\\| [\\w\\-]+\\s+\\| Running", - "description": "Check that we can still list nova servers due to the current rules" - }, - - - { - "auth_name": "admin", - "auth_tenant": "admin", - "description": "Change user to admin" - }, - - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_admin_intra_extension", - "command": "intraextension delete $uuid_admin", - "result": "", - "description": "Delete the admin intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant demo", - "command_options": "" - }, - { - "name": "nova delete new server", - "external_command": "nova delete $uuid_server", - "result": "", - "description": "Delete the new server" - } - ] - } -} diff --git a/moonclient/moonclient/tests/todo/tests_empty_policy_nova.json b/moonclient/moonclient/tests/todo/tests_empty_policy_nova.json deleted file mode 100644 index 399710be..00000000 --- a/moonclient/moonclient/tests/todo/tests_empty_policy_nova.json +++ /dev/null @@ -1,1079 +0,0 @@ -{ - "command_options": "-f value", - "tests_group": { - "authz": [ - { - "auth_name": "admin", - "description": "Change user to admin (just in case...)" - }, - - { - "name": "get cirros image", - "external_command": "wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img -o /tmp/cirros.img", - "result": "", - "description": "Download a Cirros image" - }, - { - "name": "install cirros image", - "external_command": "glance image-create --name \"cirros\" --disk-format qcow2 --file /tmp/cirros.img --container-format bare", - "result": "", - "description": "Upload the Cirros image in glance" - }, - { - "name": "create secgroup", - "external_command": "nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0", - "result": "", - "description": "Create a new secgroup in Nova" - }, - { - "name": "create secgroup", - "external_command": "nova secgroup-add-rule default tcp 22 22 0.0.0.0/0", - "result": "", - "description": "Create a new secgroup in Nova" - }, - { - "name": "create router", - "external_command": "neutron router-create demo-router", - "result": "", - "description": "Create a new router" - }, - { - "name": "set router", - "external_command": "neutron router-gateway-set demo-router ext-net", - "result": "", - "description": "Configure the new router" - }, - { - "name": "set router", - "external_command": "neutron net-create demo-net", - "result": "", - "description": "Configure the new router" - }, - { - "name": "set router", - "external_command": "neutron subnet-create demo-net 192.168.1.0/24 --name demo-subnet --gateway 192.168.1.1", - "result": "", - "description": "Configure the new router" - }, - { - "name": "set router", - "external_command": "neutron router-interface-add demo-router demo-subnet", - "result": "", - "description": "Configure the new router" - }, - { - "name": "nova image-list", - "external_command": "nova image-list", - "result": "(?P[\\w-]+)\\s+\\| cirros", - "description": "Get an Image ID" - }, - { - "name": "neutron net-list", - "external_command": "neutron net-list", - "result": "(?P[\\w-]+)\\s+\\| ext-net", - "description": "Get an Net ID" - }, - { - "name": "nova boot new server", - "external_command": "nova boot --flavor m1.tiny --image $uuid_image --nic net-id=$uuid_net --security-group default test_moonclient", - "result": "", - "description": "Get an Image ID" - }, - { - "name": "sleep", - "external_command": "sleep 10", - "result": "", - "description": "time for server to really boot" - }, - { - "name": "nova get new server", - "external_command": "nova list", - "result": "\\| (?P[\\w\\-]+)\\s+\\| test_moonclient\\s+\\| ACTIVE\\s+\\| [\\w\\-]+\\s+\\| Running", - "description": "Get the ID of the new server" - }, - { - "name": "list tenant", - "command": "tenant list", - "no_result": "demo", - "description": "Check if tenant demo is used." - }, - { - "name": "add tenant demo", - "command": "tenant add demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant demo", - "command": "tenant list", - "result": "(?P\\w+)\\s+demo", - "description": "Check that tenant demo has been correctly added" - }, - - { - "name": "check nova command", - "external_command": "nova list", - "no_result": "test_moonclient", - "description": "Check that we cannot list nova servers due to the current rules" - }, - { - "name": "try to pause nova instance", - "external_command": "nova pause $uuid_server", - "result": "^$", - "description": "Pausing the server must be impossible due to the current rules" - }, - - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_empty_authz empty_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant demo", - "command_options": "" - }, - { - "name": "list tenant", - "command": "tenant list", - "result": "demo", - "description": "Check if tenant demo is used." - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "add_subject", - "command": "subject add admin --subject_pass password", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_subject", - "command": "subject list", - "result": "(?P\\w+)\\s+admin", - "description": "Check that admin subject was added." - }, - { - "name": "add_subject", - "command": "subject add demo --subject_pass password", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_subject", - "command": "subject list", - "result": "(?P\\w+)\\s+demo", - "description": "Check that demo subject was added." - }, - { - "name": "add_object", - "command": "object add servers", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_object", - "command": "object list", - "result": "(?P\\w+)\\s+servers", - "description": "Check that servers subject was added." - }, - { - "name": "add_action", - "command": "action add pause", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P\\w+)\\s+pause", - "description": "Check that pause action was added." - }, - { - "name": "add_action", - "command": "action add unpause", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P\\w+)\\s+unpause", - "description": "Check that unpause action was added." - }, - { - "name": "add_action", - "command": "action add list", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P\\w+)\\s+list", - "description": "Check that list action was added." - }, - { - "name": "add_action", - "command": "action add start", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P\\w+)\\s+start", - "description": "Check that start action was added." - }, - { - "name": "add_action", - "command": "action add stop", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P\\w+)\\s+stop", - "description": "Check that stop action was added." - }, - { - "name": "add_action", - "command": "action add create", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P\\w+)\\s+create", - "description": "Check that create action was added." - }, - { - "name": "add_action", - "command": "action add upload", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P\\w+)\\s+upload", - "description": "Check that upload action was added." - }, - { - "name": "add_action", - "command": "action add download", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P\\w+)\\s+download", - "description": "Check that download action was added." - }, - { - "name": "add_action", - "command": "action add post", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P\\w+)\\s+post", - "description": "Check that post action was added." - }, - { - "name": "add_action", - "command": "action add storage_list", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P\\w+)\\s+storage_list", - "description": "Check that storage_list action was added." - }, - - { - "name": "add_subject_category", - "command": "subject category add subject_security_level", - "result": "", - "description": "Add the new subject category subject_security_level", - "command_options": "" - }, - { - "name": "list_subject_category", - "command": "subject category list", - "result": "(?P\\w+)\\s+subject_security_level", - "description": "Check that subject_security_level subject_category was added." - }, - { - "name": "add_object_category", - "command": "object category add object_security_level", - "result": "", - "description": "Add the new object category object_security_level", - "command_options": "" - }, - { - "name": "list_object_category", - "command": "object category list", - "result": "(?P\\w+)\\s+object_security_level", - "description": "Check that object_security_level object_category was added." - }, - { - "name": "add_action_category", - "command": "action category add resource_action", - "result": "", - "description": "Add the new action category resource_action", - "command_options": "" - }, - { - "name": "list_subject_category", - "command": "action category list", - "result": "(?P\\w+)\\s+resource_action", - "description": "Check that resource_action action_category was added." - }, - - { - "name": "add_scope", - "command": "subject scope add $uuid_subject_category high --description \"high\"", - "result": "^$", - "description": "Add one scope to subject category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "subject scope list $uuid_subject_category", - "result": "(?P\\w+)\\s+high\\s+high", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "subject scope add $uuid_subject_category medium --description \"medium\"", - "result": "^$", - "description": "Add one scope to subject category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "subject scope list $uuid_subject_category", - "result": "(?P\\w+)\\s+medium\\s+medium", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "subject scope add $uuid_subject_category low --description \"low\"", - "result": "^$", - "description": "Add one scope to subject category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "subject scope list $uuid_subject_category", - "result": "(?P\\w+)\\s+low\\s+low", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "object scope add $uuid_object_category high --description \"high\"", - "result": "^$", - "description": "Add one scope to object category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category", - "result": "(?P\\w+)\\s+high\\s+high", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "object scope add $uuid_object_category medium --description \"medium\"", - "result": "^$", - "description": "Add one scope to object category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category", - "result": "(?P\\w+)\\s+medium\\s+medium", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "object scope add $uuid_object_category low --description \"low\"", - "result": "^$", - "description": "Add one scope to object category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category", - "result": "(?P\\w+)\\s+low\\s+low", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "action scope add $uuid_action_category vm_admin --description \"vm_admin\"", - "result": "^$", - "description": "Add one scope to action category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "action scope list $uuid_action_category", - "result": "(?P\\w+)\\s+vm_admin\\s+vm_admin", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "action scope add $uuid_action_category vm_access --description \"vm_access\"", - "result": "^$", - "description": "Add one scope to action category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "action scope list $uuid_action_category", - "result": "(?P\\w+)\\s+vm_access\\s+vm_access", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "action scope add $uuid_action_category storage_admin --description \"storage_admin\"", - "result": "^$", - "description": "Add one scope to action category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "action scope list $uuid_action_category", - "result": "(?P\\w+)\\s+storage_admin\\s+storage_admin", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "action scope add $uuid_action_category storage_access --description \"storage_access\"", - "result": "^$", - "description": "Add one scope to action category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "action scope list $uuid_action_category", - "result": "(?P\\w+)\\s+storage_access\\s+storage_access", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_assignment", - "command": "subject assignment add $uuid_subject_admin $uuid_subject_category $uuid_subject_scope_high", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "subject assignment list $uuid_subject_admin $uuid_subject_category", - "result": "$uuid_subject_scope_high high", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "subject assignment add $uuid_subject_demo $uuid_subject_category $uuid_subject_scope_medium", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "subject assignment list $uuid_subject_demo $uuid_subject_category", - "result": "$uuid_subject_scope_medium medium", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_servers $uuid_object_category $uuid_object_scope_low", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_servers $uuid_object_category", - "result": "$uuid_object_scope_low low", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_pause $uuid_action_category $uuid_action_scope_vm_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_pause $uuid_action_category", - "result": "$uuid_action_scope_vm_admin vm_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_unpause $uuid_action_category $uuid_action_scope_vm_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_unpause $uuid_action_category", - "result": "$uuid_action_scope_vm_admin vm_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_start $uuid_action_category $uuid_action_scope_vm_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_start $uuid_action_category", - "result": "$uuid_action_scope_vm_admin vm_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_stop $uuid_action_category $uuid_action_scope_vm_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_stop $uuid_action_category", - "result": "$uuid_action_scope_vm_admin vm_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_list $uuid_action_category $uuid_action_scope_vm_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_list $uuid_action_category", - "result": "$uuid_action_scope_vm_admin vm_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_list $uuid_action_category $uuid_action_scope_vm_access", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_list $uuid_action_category", - "result": "$uuid_action_scope_vm_access vm_access", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_create $uuid_action_category $uuid_action_scope_vm_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_create $uuid_action_category", - "result": "$uuid_action_scope_vm_admin vm_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_storage_list $uuid_action_category $uuid_action_scope_storage_access", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_storage_list $uuid_action_category", - "result": "$uuid_action_scope_storage_access storage_access", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_download $uuid_action_category $uuid_action_scope_storage_access", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_download $uuid_action_category", - "result": "$uuid_action_scope_storage_access storage_access", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_upload $uuid_action_category $uuid_action_scope_storage_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_upload $uuid_action_category", - "result": "$uuid_action_scope_storage_admin storage_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_post $uuid_action_category $uuid_action_scope_storage_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_post $uuid_action_category", - "result": "$uuid_action_scope_storage_admin storage_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "check_submetarules", - "command": "submetarule show", - "result": "(?P\\w+)", - "description": "Get one submetarule ID", - "command_options": "-c id -f value" - }, - { - "name": "set_submetarule", - "command": "submetarule set $submetarule_uuid --subject_category_id=\"$uuid_subject_category\" --object_category_id=\"$uuid_object_category\" --action_category_id=\"$uuid_action_category\"", - "result": "^$", - "description": "Set a new submetarule", - "command_options": "" - }, - { - "name": "check_submetarule", - "command": "submetarule show", - "result": "$submetarule_uuid \\s*subject_security_level", - "description": "Check the new submetarule", - "command_options": "-c id -c \"subject categories\" -f value" - }, - { - "name": "check_submetarule", - "command": "submetarule show", - "result": "$submetarule_uuid \\s*object_security_level", - "description": "Check the new submetarule", - "command_options": "-c id -c \"object categories\" -f value" - }, - { - "name": "check_submetarule", - "command": "submetarule show", - "result": "$submetarule_uuid \\s*resource_action", - "description": "Check the new submetarule", - "command_options": "-c id -c \"action categories\" -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"high,vm_admin,medium\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P\\w+)\\s+high\\s+vm_admin\\s+medium", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"high,vm_admin,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P\\w+)\\s+high\\s+vm_admin\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"medium,vm_admin,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P\\w+)\\s+medium\\s+vm_admin\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"high,vm_access,medium\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P\\w+)\\s+high\\s+vm_access\\s+medium", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"high,vm_access,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P\\w+)\\s+high\\s+vm_access\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"medium,vm_access,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P\\w+)\\s+medium\\s+vm_access\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"high,storage_admin,medium\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P\\w+)\\s+high\\s+storage_admin\\s+medium", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"high,storage_admin,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P\\w+)\\s+high\\s+storage_admin\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"medium,storage_admin,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P\\w+)\\s+medium\\s+storage_admin\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"high,storage_access,medium\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P\\w+)\\s+high\\s+storage_access\\s+medium", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"high,storage_access,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P\\w+)\\s+high\\s+storage_access\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"medium,storage_access,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P\\w+)\\s+medium\\s+storage_access\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "get aggregation algorithm", - "command": "aggregation algorithm list", - "result": "(?P\\w+)\\s+one_true", - "description": "Get aggregation algorithm.", - "command_options": "-c id -c name -f value" - }, - { - "name": "set aggregation algorithm", - "command": "aggregation algorithm set $uuid_aggregation", - "result": "", - "description": "Set aggregation algorithm to one_true.", - "command_options": "" - }, - { - "name": "get aggregation algorithm", - "command": "aggregation algorithm show", - "result": "$uuid_aggregation\\s+one_true", - "description": "Check aggregation algorithm.", - "command_options": "-c id -c name -f value" - }, - { - "name": "get submetarule algorithm", - "command": "submetarule algorithm list", - "result": "(?P\\w+)\\s+inclusion", - "description": "Get submetarule algorithm named inclusion.", - "command_options": "-c id -c name -f value" - }, - { - "name": "set submetarule algorithm", - "command": "submetarule set --algorithm_name inclusion $submetarule_uuid", - "result": "", - "description": "Set submetarule algorithm to inclusion.", - "command_options": "" - }, - - { - "name": "list tenant", - "command": "tenant list", - "result": "demo", - "description": "Check if tenant demo is used." - }, - - { - "name": "add_object", - "command": "object add $uuid_server", - "result": "", - "description": "Add the new nova server", - "command_options": "" - }, - { - "name": "list_object", - "command": "object list", - "result": "(?P\\w+)\\s+$uuid_server", - "description": "Check that the new nova server was added." - }, - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_nova_server $uuid_object_category $uuid_object_scope_low", - "result": "^$", - "description": "Set the assignment 'low' to nova server", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_nova_server $uuid_object_category", - "result": "$uuid_object_scope_low low", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "check nova command", - "external_command": "nova list", - "result": "\\| (?P[\\w\\-]+)\\s+\\| test_moonclient\\s+\\| ACTIVE\\s+\\| [\\w\\-]+\\s+\\| Running", - "description": "Check that we can now list nova servers due to the current rules" - }, - { - "name": "try to pause nova instance", - "external_command": "nova pause $uuid_server", - "result": "^$", - "description": "Pausing the server must be possible now" - }, - { - "name": "check nova command", - "external_command": "nova list", - "result": "\\| (?P[\\w\\-]+)\\s+\\| test_moonclient\\s+\\| PAUSED\\s+\\| [\\w\\-]+\\s+\\| Paused", - "description": "Check that we can still list nova servers due to the current rules" - }, - { - "name": "reactivate nova instance", - "external_command": "nova unpause $uuid_server", - "result": "^$", - "description": "Unpausing the server for next tests" - }, - - { - "name": "del_assignment", - "command": "object assignment delete $uuid_object_nova_server $uuid_object_category $uuid_object_scope_low", - "result": "^$", - "description": "Delete the assignment 'low' to nova server", - "command_options": "" - }, - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_nova_server $uuid_object_category $uuid_object_scope_high", - "result": "^$", - "description": "Set the assignment 'high' to nova server", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_nova_server $uuid_object_category", - "result": "$uuid_object_scope_high high", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "check nova command", - "external_command": "nova list", - "result": "\\| (?P[\\w\\-]+)\\s+\\| test_moonclient\\s+\\| ACTIVE\\s+\\| [\\w\\-]+\\s+\\| Running", - "description": "Check that we can now list nova servers due to the current rules" - }, - { - "name": "try to pause nova instance", - "external_command": "nova pause $uuid_server", - "result": "^$", - "description": "Pausing the server must be not possible now" - }, - { - "name": "check nova command", - "external_command": "nova list", - "result": "\\| (?P[\\w\\-]+)\\s+\\| test_moonclient\\s+\\| ACTIVE\\s+\\| [\\w\\-]+\\s+\\| Running", - "description": "Check that we can still list nova servers due to the current rules" - }, - - - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant demo", - "command_options": "" - }, - { - "name": "nova delete new server", - "external_command": "nova delete $uuid_server", - "result": "", - "description": "Delete the new server" - } - ] - } -} \ No newline at end of file diff --git a/moonclient/moonclient/tests/todo/tests_empty_policy_swift.json b/moonclient/moonclient/tests/todo/tests_empty_policy_swift.json deleted file mode 100644 index e935da98..00000000 --- a/moonclient/moonclient/tests/todo/tests_empty_policy_swift.json +++ /dev/null @@ -1,1175 +0,0 @@ -{ - "command_options": "-f value", - "tests_group": { - "authz": [ - { - "auth_name": "admin", - "auth_password": "console", - "auth_tenant": "admin", - "description": "Change user to admin (just in case...)" - }, - - { - "name": "swift list", - "external_command": "swift list", - "no_result": "moonclient_test", - "description": "Check Swift command" - }, - { - "name": "add swift container", - "external_command": "swift post moonclient_test", - "result": "", - "description": "Add a new container" - }, - { - "name": "swift list", - "external_command": "swift list", - "result": "moonclient_test", - "description": "Check the added container" - }, - { - "name": "get accound ID", - "external_command": "swift stat", - "result": "Account: (?P[\\w_]+)", - "description": "Check the added container" - }, - - { - "name": "list tenant", - "command": "tenant list", - "no_result": "admin", - "description": "Check if tenant demo is used." - }, - { - "name": "add tenant admin", - "command": "tenant add admin", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant admin", - "command": "tenant list", - "result": "(?P\\w+)\\s+admin", - "description": "Check that tenant demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_empty_authz empty_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant demo", - "command_options": "" - }, - { - "name": "list tenant", - "command": "tenant list", - "result": "admin", - "description": "Check if tenant admin is used." - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "add_subject", - "command": "subject add admin --subject_pass password", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_subject", - "command": "subject list", - "result": "(?P\\w+)\\s+admin", - "description": "Check that admin subject was added." - }, - { - "name": "add_subject", - "command": "subject add demo --subject_pass password", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_subject", - "command": "subject list", - "result": "(?P\\w+)\\s+demo", - "description": "Check that demo subject was added." - }, - { - "name": "add_object", - "command": "object add servers", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_object", - "command": "object list", - "result": "(?P\\w+)\\s+servers", - "description": "Check that servers subject was added." - }, - { - "name": "add_action", - "command": "action add pause", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P\\w+)\\s+pause", - "description": "Check that pause action was added." - }, - { - "name": "add_action", - "command": "action add unpause", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P\\w+)\\s+unpause", - "description": "Check that unpause action was added." - }, - { - "name": "add_action", - "command": "action add list", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P\\w+)\\s+list", - "description": "Check that list action was added." - }, - { - "name": "add_action", - "command": "action add start", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P\\w+)\\s+start", - "description": "Check that start action was added." - }, - { - "name": "add_action", - "command": "action add stop", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P\\w+)\\s+stop", - "description": "Check that stop action was added." - }, - { - "name": "add_action", - "command": "action add create", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P\\w+)\\s+create", - "description": "Check that create action was added." - }, - { - "name": "add_action", - "command": "action add upload", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P\\w+)\\s+upload", - "description": "Check that upload action was added." - }, - { - "name": "add_action", - "command": "action add download", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P\\w+)\\s+download", - "description": "Check that download action was added." - }, - { - "name": "add_action", - "command": "action add post", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P\\w+)\\s+post", - "description": "Check that post action was added." - }, - { - "name": "add_action", - "command": "action add storage_list", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P\\w+)\\s+storage_list", - "description": "Check that storage_list action was added." - }, - - { - "name": "add_subject_category", - "command": "subject category add subject_security_level", - "result": "", - "description": "Add the new subject category subject_security_level", - "command_options": "" - }, - { - "name": "list_subject_category", - "command": "subject category list", - "result": "(?P\\w+)\\s+subject_security_level", - "description": "Check that subject_security_level subject_category was added." - }, - { - "name": "add_object_category", - "command": "object category add object_security_level", - "result": "", - "description": "Add the new object category object_security_level", - "command_options": "" - }, - { - "name": "list_object_category", - "command": "object category list", - "result": "(?P\\w+)\\s+object_security_level", - "description": "Check that object_security_level object_category was added." - }, - { - "name": "add_action_category", - "command": "action category add resource_action", - "result": "", - "description": "Add the new action category resource_action", - "command_options": "" - }, - { - "name": "list_subject_category", - "command": "action category list", - "result": "(?P\\w+)\\s+resource_action", - "description": "Check that resource_action action_category was added." - }, - - { - "name": "add_scope", - "command": "subject scope add $uuid_subject_category high --description \"high\"", - "result": "^$", - "description": "Add one scope to subject category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "subject scope list $uuid_subject_category", - "result": "(?P\\w+)\\s+high\\s+high", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "subject scope add $uuid_subject_category medium --description \"medium\"", - "result": "^$", - "description": "Add one scope to subject category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "subject scope list $uuid_subject_category", - "result": "(?P\\w+)\\s+medium\\s+medium", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "subject scope add $uuid_subject_category low --description \"low\"", - "result": "^$", - "description": "Add one scope to subject category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "subject scope list $uuid_subject_category", - "result": "(?P\\w+)\\s+low\\s+low", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "object scope add $uuid_object_category high --description \"high\"", - "result": "^$", - "description": "Add one scope to object category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category", - "result": "(?P\\w+)\\s+high\\s+high", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "object scope add $uuid_object_category medium --description \"medium\"", - "result": "^$", - "description": "Add one scope to object category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category", - "result": "(?P\\w+)\\s+medium\\s+medium", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "object scope add $uuid_object_category low --description \"low\"", - "result": "^$", - "description": "Add one scope to object category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category", - "result": "(?P\\w+)\\s+low\\s+low", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "action scope add $uuid_action_category vm_admin --description \"vm_admin\"", - "result": "^$", - "description": "Add one scope to action category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "action scope list $uuid_action_category", - "result": "(?P\\w+)\\s+vm_admin\\s+vm_admin", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "action scope add $uuid_action_category vm_access --description \"vm_access\"", - "result": "^$", - "description": "Add one scope to action category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "action scope list $uuid_action_category", - "result": "(?P\\w+)\\s+vm_access\\s+vm_access", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "action scope add $uuid_action_category storage_admin --description \"storage_admin\"", - "result": "^$", - "description": "Add one scope to action category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "action scope list $uuid_action_category", - "result": "(?P\\w+)\\s+storage_admin\\s+storage_admin", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "action scope add $uuid_action_category storage_access --description \"storage_access\"", - "result": "^$", - "description": "Add one scope to action category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "action scope list $uuid_action_category", - "result": "(?P\\w+)\\s+storage_access\\s+storage_access", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_assignment", - "command": "subject assignment add $uuid_subject_admin $uuid_subject_category $uuid_subject_scope_high", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "subject assignment list $uuid_subject_admin $uuid_subject_category", - "result": "$uuid_subject_scope_high high", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "subject assignment add $uuid_subject_demo $uuid_subject_category $uuid_subject_scope_medium", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "subject assignment list $uuid_subject_demo $uuid_subject_category", - "result": "$uuid_subject_scope_medium medium", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_servers $uuid_object_category $uuid_object_scope_low", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_servers $uuid_object_category", - "result": "$uuid_object_scope_low low", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_pause $uuid_action_category $uuid_action_scope_vm_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_pause $uuid_action_category", - "result": "$uuid_action_scope_vm_admin vm_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_unpause $uuid_action_category $uuid_action_scope_vm_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_unpause $uuid_action_category", - "result": "$uuid_action_scope_vm_admin vm_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_start $uuid_action_category $uuid_action_scope_vm_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_start $uuid_action_category", - "result": "$uuid_action_scope_vm_admin vm_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_stop $uuid_action_category $uuid_action_scope_vm_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_stop $uuid_action_category", - "result": "$uuid_action_scope_vm_admin vm_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_list $uuid_action_category $uuid_action_scope_vm_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_list $uuid_action_category", - "result": "$uuid_action_scope_vm_admin vm_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_list $uuid_action_category $uuid_action_scope_vm_access", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_list $uuid_action_category", - "result": "$uuid_action_scope_vm_access vm_access", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_create $uuid_action_category $uuid_action_scope_vm_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_create $uuid_action_category", - "result": "$uuid_action_scope_vm_admin vm_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_storage_list $uuid_action_category $uuid_action_scope_storage_access", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_storage_list $uuid_action_category", - "result": "$uuid_action_scope_storage_access storage_access", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_download $uuid_action_category $uuid_action_scope_storage_access", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_download $uuid_action_category", - "result": "$uuid_action_scope_storage_access storage_access", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_upload $uuid_action_category $uuid_action_scope_storage_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_upload $uuid_action_category", - "result": "$uuid_action_scope_storage_admin storage_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_post $uuid_action_category $uuid_action_scope_storage_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_post $uuid_action_category", - "result": "$uuid_action_scope_storage_admin storage_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "check_submetarules", - "command": "submetarule show", - "result": "(?P\\w+)", - "description": "Get one submetarule ID", - "command_options": "-c id -f value" - }, - { - "name": "set_submetarule", - "command": "submetarule set $submetarule_uuid --subject_category_id=\"$uuid_subject_category\" --object_category_id=\"$uuid_object_category\" --action_category_id=\"$uuid_action_category\"", - "result": "^$", - "description": "Set a new submetarule", - "command_options": "" - }, - { - "name": "check_submetarule", - "command": "submetarule show", - "result": "$submetarule_uuid \\s*subject_security_level", - "description": "Check the new submetarule", - "command_options": "-c id -c \"subject categories\" -f value" - }, - { - "name": "check_submetarule", - "command": "submetarule show", - "result": "$submetarule_uuid \\s*object_security_level", - "description": "Check the new submetarule", - "command_options": "-c id -c \"object categories\" -f value" - }, - { - "name": "check_submetarule", - "command": "submetarule show", - "result": "$submetarule_uuid \\s*resource_action", - "description": "Check the new submetarule", - "command_options": "-c id -c \"action categories\" -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"high,vm_admin,medium\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P\\w+)\\s+high\\s+vm_admin\\s+medium", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"high,vm_admin,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P\\w+)\\s+high\\s+vm_admin\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"medium,vm_admin,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P\\w+)\\s+medium\\s+vm_admin\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"high,vm_access,medium\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P\\w+)\\s+high\\s+vm_access\\s+medium", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"high,vm_access,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P\\w+)\\s+high\\s+vm_access\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"medium,vm_access,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P\\w+)\\s+medium\\s+vm_access\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"high,storage_admin,medium\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P\\w+)\\s+high\\s+storage_admin\\s+medium", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"high,storage_admin,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P\\w+)\\s+high\\s+storage_admin\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"medium,storage_admin,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P\\w+)\\s+medium\\s+storage_admin\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"high,storage_access,medium\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P\\w+)\\s+high\\s+storage_access\\s+medium", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"high,storage_access,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P\\w+)\\s+high\\s+storage_access\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"medium,storage_access,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P\\w+)\\s+medium\\s+storage_access\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "get aggregation algorithm", - "command": "aggregation algorithm list", - "result": "(?P\\w+)\\s+one_true", - "description": "Get aggregation algorithm.", - "command_options": "-c id -c name -f value" - }, - { - "name": "set aggregation algorithm", - "command": "aggregation algorithm set $uuid_aggregation", - "result": "", - "description": "Set aggregation algorithm to one_true.", - "command_options": "" - }, - { - "name": "get aggregation algorithm", - "command": "aggregation algorithm show", - "result": "$uuid_aggregation\\s+one_true", - "description": "Check aggregation algorithm.", - "command_options": "-c id -c name -f value" - }, - { - "name": "get submetarule algorithm", - "command": "submetarule algorithm list", - "result": "(?P\\w+)\\s+inclusion", - "description": "Get submetarule algorithm named inclusion.", - "command_options": "-c id -c name -f value" - }, - { - "name": "set submetarule algorithm", - "command": "submetarule set --algorithm_name inclusion $submetarule_uuid", - "result": "", - "description": "Set submetarule algorithm to inclusion.", - "command_options": "" - }, - - { - "name": "swift list", - "external_command": "swift list", - "no_result": "moonclient_test", - "description": "Check Swift command, it must be impossible due to current rules" - }, - - { - "name": "list tenant", - "command": "tenant list", - "result": "admin", - "description": "Check if tenant admin is used." - }, - - { - "name": "add_object", - "command": "object add $uuid_account", - "result": "", - "description": "Add the new swift account", - "command_options": "" - }, - { - "name": "list_object", - "command": "object list", - "result": "(?P\\w+)\\s+$uuid_account", - "description": "Check that the new swift account was added." - }, - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_swift_account $uuid_object_category $uuid_object_scope_low", - "result": "^$", - "description": "Set the assignment 'low' to swift account", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_swift_account $uuid_object_category", - "result": "$uuid_object_scope_low low", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_action", - "command": "action add get_account_details --description 'Swift action'", - "result": "", - "description": "Add the action get_account_details", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P\\w+)\\s+get_account_details", - "description": "Check that the new swift action was added." - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_swift_get_account_details $uuid_action_category $uuid_action_scope_storage_access", - "result": "^$", - "description": "Set the assignment 'storage_access' to swift action", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_swift_get_account_details $uuid_action_category", - "result": "$uuid_action_scope_storage_access storage_access", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "swift list", - "external_command": "swift list", - "result": "moonclient_test", - "description": "Check Swift command, it must be now possible due to current rules" - }, - { - "name": "create temp file", - "external_command": "touch /tmp/test.txt", - "result": "", - "description": "Create a temporary file to put in swift." - }, - { - "name": "swift post file", - "external_command": "swift upload moonclient_test /tmp/test.txt", - "result": "", - "description": "Try to put the test file in the container, impossible due to the absence of the object" - }, - { - "name": "swift list", - "external_command": "swift list moonclient_test", - "no_result": "tmp/test.txt", - "description": "Check that test file has not been uploaded." - }, - { - "name": "add_object", - "command": "object add AUTH_6c7f27a7aaf94423a28ea8ac30fea929-moonclient_test", - "result": "", - "description": "Add the new swift container", - "command_options": "" - }, - { - "name": "list_object", - "command": "object list", - "result": "(?P\\w+)\\s+AUTH_6c7f27a7aaf94423a28ea8ac30fea929-moonclient_test", - "description": "Check that the new swift container was added." - }, - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_swift_container $uuid_object_category $uuid_object_scope_low", - "result": "^$", - "description": "Set the assignment 'low' to swift container", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_swift_container $uuid_object_category", - "result": "$uuid_object_scope_low low", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_object", - "command": "object add AUTH_6c7f27a7aaf94423a28ea8ac30fea929-moonclient_test-tmp-test-txt", - "result": "", - "description": "Add the new swift object", - "command_options": "" - }, - { - "name": "list_object", - "command": "object list", - "result": "(?P\\w+)\\s+AUTH_6c7f27a7aaf94423a28ea8ac30fea929-moonclient_test-tmp-test-txt", - "description": "Check that the new swift object was added." - }, - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_swift_object $uuid_object_category $uuid_object_scope_low", - "result": "^$", - "description": "Set the assignment 'low' to swift object", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_swift_object $uuid_object_category", - "result": "$uuid_object_scope_low low", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_action", - "command": "action add get_container --description 'Swift action'", - "result": "", - "description": "Add the action get_container", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P\\w+)\\s+get_container", - "description": "Check that the new swift action was added." - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_swift_get_container $uuid_action_category $uuid_action_scope_storage_access", - "result": "^$", - "description": "Set the assignment 'storage_access' to swift action", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_swift_get_container $uuid_action_category", - "result": "$uuid_action_scope_storage_access storage_access", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_action", - "command": "action add get_object_metadata --description 'Swift action'", - "result": "", - "description": "Add the action get_object_metadata", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P\\w+)\\s+get_object_metadata", - "description": "Check that the new swift action was added." - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_swift_get_object_metadata $uuid_action_category $uuid_action_scope_storage_access", - "result": "^$", - "description": "Set the assignment 'storage_access' to swift action", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_swift_get_object_metadata $uuid_action_category", - "result": "$uuid_action_scope_storage_access storage_access", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_action", - "command": "action add create_object --description 'Swift action'", - "result": "", - "description": "Add the action create_object", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P\\w+)\\s+create_object", - "description": "Check that the new swift action was added." - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_swift_create_object $uuid_action_category $uuid_action_scope_storage_admin", - "result": "^$", - "description": "Set the assignment 'storage_access' to swift action", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_swift_create_object $uuid_action_category", - "result": "$uuid_action_scope_storage_admin storage_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_action", - "command": "action add create_container --description 'Swift action'", - "result": "", - "description": "Add the action create_container", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P\\w+)\\s+create_container", - "description": "Check that the new swift action was added." - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_swift_create_container $uuid_action_category $uuid_action_scope_storage_admin", - "result": "^$", - "description": "Set the assignment 'storage_access' to swift action", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_swift_create_container $uuid_action_category", - "result": "$uuid_action_scope_storage_admin storage_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "swift post file", - "external_command": "swift upload moonclient_test /tmp/test.txt", - "result": "", - "description": "Put the test file in the container" - }, - { - "name": "swift list", - "external_command": "swift list moonclient_test", - "result": "tmp/test.txt", - "description": "Check that test file has been uploaded." - }, - - - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant admin", - "command_options": "" - }, - { - "name": "swift delete new container", - "external_command": "swift delete moonclient_test", - "result": "", - "description": "Delete the new server" - } - ] - } -} \ No newline at end of file diff --git a/moonclient/moonclient/tests/todo/tests_external_commands.json b/moonclient/moonclient/tests/todo/tests_external_commands.json deleted file mode 100644 index 4caa0df1..00000000 --- a/moonclient/moonclient/tests/todo/tests_external_commands.json +++ /dev/null @@ -1,228 +0,0 @@ -{ - "command_options": "-f value", - "tests_group": { - "main": [ - { - "auth_name": "admin", - "description": "Change user to admin (just in case...)" - }, - - { - "name": "list tenant", - "command": "tenant list", - "no_result": "demo", - "description": "List all tenants (must be empty)" - }, - { - "name": "add tenant demo", - "command": "tenant add demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant demo", - "command": "tenant list", - "result": "(?P\\w+)\\s+demo", - "description": "Check that tenant demo has been correctly added" - }, - { - "name": "create_intraextension_admin", - "command": "intraextension add --policy_model policy_rbac_admin admin_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an admin intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_admin", - "command": "intraextension list", - "result": "$uuid_admin", - "description": "Check the existence of that admin intra extension" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant demo", - "command_options": "" - }, - { - "name": "check authz ie for tenant demo", - "command": "tenant list", - "result": "demo $uuid_authz", - "description": "Check that authz ie has been correctly added for tenant demo ", - "command_options": "-c name -c intra_authz_extension_id -f value" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "set_tenant_admin", - "command": "tenant set --admin $uuid_admin $uuid", - "result": "", - "description": "Connect the admin intra extension to the tenant demo", - "command_options": "" - }, - { - "name": "check admin ie for tenant demo", - "command": "tenant list", - "result": "demo $uuid_admin", - "description": "Check that admin ie has been correctly added for tenant demo ", - "command_options": "-c name -c intra_admin_extension_id -f value" - }, - - { - "name": "get aggregation algorithm", - "command": "aggregation algorithm list", - "result": "(?P\\w+)\\s+one_true", - "description": "Get aggregation algorithm.", - "command_options": "-c id -c name -f value" - }, - { - "name": "set aggregation algorithm", - "command": "aggregation algorithm set $uuid_aggregation", - "result": "", - "description": "Set aggregation algorithm to one_true.", - "command_options": "" - }, - { - "name": "get aggregation algorithm", - "command": "aggregation algorithm show", - "result": "$uuid_aggregation\\s+one_true", - "description": "Check aggregation algorithm.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "get cirros image", - "external_command": "wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img -o /tmp/cirros.img", - "result": "", - "description": "Download a Cirros image" - }, - { - "name": "install cirros image", - "external_command": "glance image-create --name \"cirros\" --disk-format qcow2 --file /tmp/cirros.img --container-format bare", - "result": "", - "description": "Upload the Cirros image in glance" - }, - { - "name": "create secgroup", - "external_command": "nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0", - "result": "", - "description": "Create a new secgroup in Nova" - }, - { - "name": "create secgroup", - "external_command": "nova secgroup-add-rule default tcp 22 22 0.0.0.0/0", - "result": "", - "description": "Create a new secgroup in Nova" - }, - { - "name": "create router", - "external_command": "neutron router-create demo-router", - "result": "", - "description": "Create a new router" - }, - { - "name": "set router", - "external_command": "neutron router-gateway-set demo-router ext-net", - "result": "", - "description": "Configure the new router" - }, - { - "name": "set router", - "external_command": "neutron net-create demo-net", - "result": "", - "description": "Configure the new router" - }, - { - "name": "set router", - "external_command": "neutron subnet-create demo-net 192.168.1.0/24 --name demo-subnet --gateway 192.168.1.1", - "result": "", - "description": "Configure the new router" - }, - { - "name": "set router", - "external_command": "neutron router-interface-add demo-router demo-subnet", - "result": "", - "description": "Configure the new router" - }, - { - "name": "nova image-list", - "external_command": "nova image-list", - "result": "(?P[\\w-]+)\\s+\\| cirros", - "description": "Get an Image ID" - }, - { - "name": "neutron net-list", - "external_command": "neutron net-list", - "result": "(?P[\\w-]+)\\s+\\| ext-net", - "description": "Get an Net ID" - }, - { - "name": "nova boot new server", - "external_command": "nova boot --flavor m1.tiny --image $uuid_image --nic net-id=$uuid_net --security-group default test_moonclient", - "result": "", - "description": "Get an Image ID" - }, - { - "name": "sleep", - "external_command": "sleep 10", - "result": "", - "description": "time for server to really boot" - }, - { - "name": "check nova command", - "external_command": "nova list", - "result": "\\| (?P[\\w\\-]+)\\s+\\| (?P\\w+)\\s+\\| ACTIVE\\s+\\| [\\w\\-]+\\s+\\| Running", - "description": "Check that nova is running and get the ID of one running server" - }, - - { - "name": "delete_admin_intra_extension", - "command": "intraextension delete $uuid_admin", - "result": "", - "description": "Delete the admin intra extension", - "command_options": "" - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant demo", - "command_options": "" - } - ] - } -} \ No newline at end of file diff --git a/moonclient/requirements.txt b/moonclient/requirements.txt deleted file mode 100644 index 298dfec9..00000000 --- a/moonclient/requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -pbr>=0.6,!=0.7,<1.0 -cliff>=1.7.0 # Apache-2.0 -cliff-tablib>=1.0 diff --git a/moonclient/setup.py b/moonclient/setup.py deleted file mode 100644 index 0b93c4d3..00000000 --- a/moonclient/setup.py +++ /dev/null @@ -1,133 +0,0 @@ -#!/usr/bin/env python - - -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. -from setuptools import setup, find_packages -from moonclient import __version__ - -PROJECT = 'python-moonclient' - -# Change docs/sphinx/conf.py too! -VERSION = __version__ - -try: - long_description = open('README.rst', 'rt').read() -except IOError: - long_description = '' - -setup( - name=PROJECT, - version=VERSION, - - description='Python Moon client', - long_description=long_description, - - author='Thomas Duval', - author_email='thomas.duval@orange.com', - - url='https://github.com/...', - download_url='https://github.com/.../tarball/master', - - classifiers=['Development Status :: 3 - Alpha', - 'License :: OSI Approved :: Apache Software License', - 'Programming Language :: Python', - 'Programming Language :: Python :: 2', - 'Programming Language :: Python :: 2.7', - 'Programming Language :: Python :: 3', - 'Programming Language :: Python :: 3.2', - 'Intended Audience :: Developers', - 'Environment :: Console', - ], - - platforms=['Any'], - - scripts=[], - - provides=[], - install_requires=['cliff'], - - namespace_packages=[], - packages=find_packages(), - include_package_data=True, - - entry_points={ - 'console_scripts': [ - 'moon = moonclient.shell:main' - ], - 'moon.client': [ - 'template_list = moonclient.configuration:TemplatesList', - 'aggregation_algorithm_list = moonclient.configuration:AggregationAlgorithmsList', - 'submetarule_algorithm_list = moonclient.configuration:SubMetaRuleAlgorithmsList', - - 'tenant_add = moonclient.tenants:TenantAdd', - 'tenant_set = moonclient.tenants:TenantSet', - 'tenant_list = moonclient.tenants:TenantList', - 'tenant_show = moonclient.tenants:TenantShow', - 'tenant_delete = moonclient.tenants:TenantDelete', - - 'intraextension_select = moonclient.intraextension:IntraExtensionSelect', - 'intraextension_add = moonclient.intraextension:IntraExtensionCreate', - 'intraextension_list = moonclient.intraextension:IntraExtensionList', - 'intraextension_delete = moonclient.intraextension:IntraExtensionDelete', - 'intraextension_show = moonclient.intraextension:IntraExtensionShow', - 'intraextension_init = moonclient.intraextension:IntraExtensionInit', - - 'subject_list = moonclient.subjects:SubjectsList', - 'subject_add = moonclient.subjects:SubjectsAdd', - 'subject_delete = moonclient.subjects:SubjectsDelete', - 'object_list = moonclient.objects:ObjectsList', - 'object_add = moonclient.objects:ObjectsAdd', - 'object_delete = moonclient.objects:ObjectsDelete', - 'action_list = moonclient.actions:ActionsList', - 'action_add = moonclient.actions:ActionsAdd', - 'action_delete = moonclient.actions:ActionsDelete', - 'subject_category_list = moonclient.subject_categories:SubjectCategoriesList', - 'subject_category_add = moonclient.subject_categories:SubjectCategoriesAdd', - 'subject_category_delete = moonclient.subject_categories:SubjectCategoriesDelete', - 'object_category_list = moonclient.object_categories:ObjectCategoriesList', - 'object_category_add = moonclient.object_categories:ObjectCategoriesAdd', - 'object_category_delete = moonclient.object_categories:ObjectCategoriesDelete', - 'action_category_list = moonclient.action_categories:ActionCategoriesList', - 'action_category_add = moonclient.action_categories:ActionCategoriesAdd', - 'action_category_delete = moonclient.action_categories:ActionCategoriesDelete', - 'subject_scope_list = moonclient.subject_scopes:SubjectScopesList', - 'subject_scope_add = moonclient.subject_scopes:SubjectScopesAdd', - 'subject_scope_delete = moonclient.subject_scopes:SubjectScopesDelete', - 'object_scope_list = moonclient.object_scopes:ObjectScopesList', - 'object_scope_add = moonclient.object_scopes:ObjectScopesAdd', - 'object_scope_delete = moonclient.object_scopes:ObjectScopesDelete', - 'action_scope_list = moonclient.action_scopes:ActionScopesList', - 'action_scope_add = moonclient.action_scopes:ActionScopesAdd', - 'action_scope_delete = moonclient.action_scopes:ActionScopesDelete', - 'subject_assignment_list = moonclient.subject_assignments:SubjectAssignmentsList', - 'subject_assignment_add = moonclient.subject_assignments:SubjectAssignmentsAdd', - 'subject_assignment_delete = moonclient.subject_assignments:SubjectAssignmentsDelete', - 'object_assignment_list = moonclient.object_assignments:ObjectAssignmentsList', - 'object_assignment_add = moonclient.object_assignments:ObjectAssignmentsAdd', - 'object_assignment_delete = moonclient.object_assignments:ObjectAssignmentsDelete', - 'action_assignment_list = moonclient.action_assignments:ActionAssignmentsList', - 'action_assignment_add = moonclient.action_assignments:ActionAssignmentsAdd', - 'action_assignment_delete = moonclient.action_assignments:ActionAssignmentsDelete', - - 'aggregation_algorithm_show = moonclient.metarules:AggregationAlgorithmsList', - 'aggregation_algorithm_set = moonclient.metarules:AggregationAlgorithmSet', - - 'submetarule_show = moonclient.metarules:SubMetaRuleShow', - 'submetarule_set = moonclient.metarules:SubMetaRuleSet', - - - 'rule_list = moonclient.rules:RulesList', - 'rule_add = moonclient.rules:RuleAdd', - 'rule_delete = moonclient.rules:RuleDelete', - - 'log = moonclient.logs:LogsList', - - 'test = moonclient.tests:TestsLaunch', - ], - }, - - zip_safe=False, -) \ No newline at end of file diff --git a/templates/moon/moon.conf b/templates/moon/moon.conf deleted file mode 100644 index a5a40ad2..00000000 --- a/templates/moon/moon.conf +++ /dev/null @@ -1,87 +0,0 @@ -database: - url: mysql+pymysql://moon:p4sswOrd1@db/moon - driver: sql - -openstack: - keystone: - url: http://keystone:5000/v3 - user: admin - password: p4ssw0rd - domain: default - project: admin - check_token: false - certificate: false - external: - url: http://keystone:30006/v3 - -plugins: - authz: - container: wukongsun/moon_authz:v4.3 - port: 8081 - session: - container: asteroide/session:latest - port: 8082 - -components: - interface: - port: 8080 - bind: 0.0.0.0 - hostname: interface - container: wukongsun/moon_interface:v4.3 - orchestrator: - port: 8083 - bind: 0.0.0.0 - hostname: orchestrator - container: wukongsun/moon_orchestrator:v4.3 - external: - port: 30003 - hostname: orchestrator - wrapper: - port: 8080 - bind: 0.0.0.0 - hostname: wrapper - container: wukongsun/moon_wrapper:v4.3.1 - timeout: 5 - manager: - port: 8082 - bind: 0.0.0.0 - hostname: manager - container: wukongsun/moon_manager:v4.3.1 - external: - port: 30001 - hostname: manager - port_start: 31001 - -logging: - version: 1 - - formatters: - brief: - format: "%(levelname)s %(name)s %(message)-30s" - custom: - format: "%(asctime)-15s %(levelname)s %(name)s %(message)s" - - handlers: - console: - class : logging.StreamHandler - formatter: brief - level : INFO - stream : ext://sys.stdout - file: - class : logging.handlers.RotatingFileHandler - formatter: custom - level : DEBUG - filename: /tmp/moon.log - maxBytes: 1048576 - backupCount: 3 - - loggers: - moon: - level: DEBUG - handlers: [console, file] - propagate: no - - root: - level: ERROR - handlers: [console] - diff --git a/templates/moon_forming/Dockerfile b/templates/moon_forming/Dockerfile deleted file mode 100644 index fe48eee0..00000000 --- a/templates/moon_forming/Dockerfile +++ /dev/null @@ -1,10 +0,0 @@ -FROM python:3 -WORKDIR /usr/src/app -RUN pip install --no-cache-dir --upgrade requests pyyaml python_moonutilities python_moondb - -ENV POPULATE_ARGS "-v" - -ADD . /root -WORKDIR /root - -CMD sh /root/run.sh ${POPULATE_ARGS} \ No newline at end of file diff --git a/templates/moon_forming/README.md b/templates/moon_forming/README.md deleted file mode 100644 index f6327693..00000000 --- a/templates/moon_forming/README.md +++ /dev/null @@ -1,12 +0,0 @@ -Introduction -============ - -moonforming is a container used to automatize the configuration of the Moon patform - -Usage -===== - -```bash -docker run asteroide/moonforming:v1.1 -``` - diff --git a/templates/moon_forming/conf/mls.py b/templates/moon_forming/conf/mls.py deleted file mode 100644 index 0e6285c9..00000000 --- a/templates/moon_forming/conf/mls.py +++ /dev/null @@ -1,59 +0,0 @@ - -pdp_name = "pdp_mls" -policy_name = "MLS Policy example" -model_name = "MLS" -policy_genre = "authz" - -subjects = {"adminuser": "", "user1": "", "user2": "", } -objects = {"vm0": "", "vm1": "", } -actions = {"start": "", "stop": ""} - -subject_categories = {"subject-security-level": "", } -object_categories = {"object-security-level": "", } -action_categories = {"action-type": "", } - -subject_data = { - "subject-security-level": {"low": "", "medium": "", "high": ""}, -} -object_data = { - "object-security-level": {"low": "", "medium": "", "high": ""}, -} -action_data = {"action-type": {"vm-action": "", "storage-action": "", }} - -subject_assignments = { - "adminuser": {"subject-security-level": "high"}, - "user1": {"subject-security-level": "medium"}, -} -object_assignments = { - "vm0": {"object-security-level": "medium"}, - "vm1": {"object-security-level": "low"}, -} -action_assignments = { - "start": {"action-type": "vm-action"}, - "stop": {"action-type": "vm-action"} -} - -meta_rule = { - "mls": { - "id": "", - "value": ("subject-security-level", - "object-security-level", - "action-type")}, -} - -rules = { - "mls": ( - { - "rule": ("high", "medium", "vm-action"), - "instructions": ({"decision": "grant"}) - }, - { - "rule": ("high", "low", "vm-action"), - "instructions": ({"decision": "grant"}) - }, - { - "rule": ("medium", "low", "vm-action"), - "instructions": ({"decision": "grant"}) - }, - ) -} diff --git a/templates/moon_forming/conf/rbac.py b/templates/moon_forming/conf/rbac.py deleted file mode 100644 index 25c010fd..00000000 --- a/templates/moon_forming/conf/rbac.py +++ /dev/null @@ -1,61 +0,0 @@ - -pdp_name = "pdp_rbac" -policy_name = "RBAC policy example" -model_name = "RBAC" -policy_genre = "authz" - -subjects = {"adminuser": "", "user1": "", } -objects = {"vm0": "", "vm1": "", } -actions = {"start": "", "stop": ""} - -subject_categories = {"role": "", } -object_categories = {"id": "", } -action_categories = {"action-type": "", } - -subject_data = {"role": {"admin": "", "employee": "", "*": ""}} -object_data = {"id": {"vm0": "", "vm1": "", "*": ""}} -action_data = {"action-type": {"vm-action": "", "*": ""}} - -subject_assignments = { - "adminuser": - ({"role": "admin"}, {"role": "employee"}, {"role": "*"}), - "user1": - ({"role": "employee"}, {"role": "*"}), -} -object_assignments = { - "vm0": - ({"id": "vm0"}, {"id": "*"}), - "vm1": - ({"id": "vm1"}, {"id": "*"}) -} -action_assignments = { - "start": - ({"action-type": "vm-action"}, {"action-type": "*"}), - "stop": - ({"action-type": "vm-action"}, {"action-type": "*"}) -} - -meta_rule = { - "rbac": {"id": "", "value": ("role", "id", "action-type")}, -} - -rules = { - "rbac": ( - { - "rule": ("admin", "vm0", "vm-action"), - "instructions": ( - {"decision": "grant"}, - # "grant" to immediately exit, - # "continue" to wait for the result of next policy - ) - }, - { - "rule": ("employee", "vm1", "vm-action"), - "instructions": ( - {"decision": "grant"}, - ) - }, - ) -} - - diff --git a/templates/moon_forming/conf2consul.py b/templates/moon_forming/conf2consul.py deleted file mode 100644 index 46c99d5c..00000000 --- a/templates/moon_forming/conf2consul.py +++ /dev/null @@ -1,103 +0,0 @@ -import os -import sys -import requests -import yaml -import logging -import json -import base64 - -logging.basicConfig(level=logging.INFO) -log = logging.getLogger("moon.conf2consul") -requests_log = logging.getLogger("requests.packages.urllib3") -requests_log.setLevel(logging.WARNING) -requests_log.propagate = True - -if len(sys.argv) == 2: - if os.path.isfile(sys.argv[1]): - CONF_FILENAME = sys.argv[1] - CONSUL_HOST = "consul" - else: - CONF_FILENAME = "moon.conf" - CONSUL_HOST = sys.argv[1] - CONSUL_PORT = 8500 -else: - CONSUL_HOST = sys.argv[1] if len(sys.argv) > 1 else "consul" - CONSUL_PORT = sys.argv[2] if len(sys.argv) > 2 else 8500 - CONF_FILENAME = sys.argv[3] if len(sys.argv) > 3 else "moon.conf" -HEADERS = {"content-type": "application/json"} - - -def search_config_file(): - data_config = None - for _file in ( - CONF_FILENAME, - "conf/moon.conf", - "../moon.conf", - "../conf/moon.conf", - "/etc/moon/moon.conf", - ): - try: - data_config = yaml.safe_load(open(_file)) - except FileNotFoundError: - data_config = None - continue - else: - break - if not data_config: - raise Exception("Configuration file not found...") - return data_config - - -def put(key, value): - url = "http://{host}:{port}/v1/kv/{key}".format(host=CONSUL_HOST, port=CONSUL_PORT, key=key) - log.info(url) - req = requests.put( - url, - headers=HEADERS, - json=value - ) - if req.status_code != 200: - raise Exception("Error connecting to Consul ({}, {})".format(req.status_code, req.text)) - - -def get(key): - url = "http://{host}:{port}/v1/kv/{key}".format(host=CONSUL_HOST, port=CONSUL_PORT, key=key) - req = requests.get(url) - data = req.json() - for item in data: - log.info("{} {} -> {}".format( - req.status_code, - item["Key"], - json.loads(base64.b64decode(item["Value"]).decode("utf-8")) - )) - yield json.loads(base64.b64decode(item["Value"]).decode("utf-8")) - - -def main(): - data_config = search_config_file() - req = requests.head("http://{}:{}/ui/".format(CONSUL_HOST, CONSUL_PORT)) - if req.status_code != 200: - log.critical("Consul is down...") - log.critical("request info: {}/{}".format(req, req.text)) - sys.exit(1) - - put("database", data_config["database"]) - # put("messenger", data_config["messenger"]) - # put("slave", data_config["slave"]) - # put("docker", data_config["docker"]) - put("logging", data_config["logging"]) - put("components_port_start", data_config["components"]["port_start"]) - - for _key, _value in data_config["components"].items(): - if type(_value) is dict: - put("components/{}".format(_key), data_config["components"][_key]) - - for _key, _value in data_config["plugins"].items(): - put("plugins/{}".format(_key), data_config["plugins"][_key]) - - for _key, _value in data_config["openstack"].items(): - put("openstack/{}".format(_key), data_config["openstack"][_key]) - - -main() - diff --git a/templates/moon_forming/moon.conf b/templates/moon_forming/moon.conf deleted file mode 100644 index dc498e34..00000000 --- a/templates/moon_forming/moon.conf +++ /dev/null @@ -1,79 +0,0 @@ -database: - url: mysql+pymysql://moon:p4sswOrd1@db/moon - driver: sql - -openstack: - keystone: - url: http://keystone:5000/v3 - user: admin - password: p4ssw0rd - domain: default - project: admin - check_token: false - certificate: false - -plugins: - authz: - container: wukongsun/moon_authz:v4.3 - port: 8081 - session: - container: asteroide/session:latest - port: 8082 - -components: - interface: - port: 8080 - bind: 0.0.0.0 - hostname: interface - container: wukongsun/moon_interface:v4.3 - orchestrator: - port: 8083 - bind: 0.0.0.0 - hostname: orchestrator - container: wukongsun/moon_orchestrator:v4.3 - wrapper: - port: 8080 - bind: 0.0.0.0 - hostname: wrapper - container: wukongsun/moon_wrapper:v4.3.1 - timeout: 5 - manager: - port: 8082 - bind: 0.0.0.0 - hostname: manager - container: wukongsun/moon_manager:v4.3.1 - port_start: 31001 - -logging: - version: 1 - - formatters: - brief: - format: "%(levelname)s %(name)s %(message)-30s" - custom: - format: "%(asctime)-15s %(levelname)s %(name)s %(message)s" - - handlers: - console: - class : logging.StreamHandler - formatter: brief - level : INFO - stream : ext://sys.stdout - file: - class : logging.handlers.RotatingFileHandler - formatter: custom - level : DEBUG - filename: /tmp/moon.log - maxBytes: 1048576 - backupCount: 3 - - loggers: - moon: - level: DEBUG - handlers: [console, file] - propagate: no - - root: - level: ERROR - handlers: [console] - diff --git a/templates/moon_forming/populate_default_values.py b/templates/moon_forming/populate_default_values.py deleted file mode 100644 index fa099458..00000000 --- a/templates/moon_forming/populate_default_values.py +++ /dev/null @@ -1,235 +0,0 @@ -import argparse -import logging -from importlib.machinery import SourceFileLoader -from utils.pdp import * -from utils.models import * -from utils.policies import * - -parser = argparse.ArgumentParser() -parser.add_argument('filename', help='scenario filename', nargs=1) -parser.add_argument("--verbose", "-v", action='store_true', - help="verbose mode") -parser.add_argument("--debug", "-d", action='store_true', help="debug mode") -parser.add_argument("--keystone-pid", "-k", dest="keystone_pid", default="", - help="Force a particular Keystone Project ID") -args = parser.parse_args() - -FORMAT = '%(asctime)-15s %(levelname)s %(message)s' -if args.debug: - logging.basicConfig( - format=FORMAT, - level=logging.DEBUG) -elif args.verbose: - logging.basicConfig( - format=FORMAT, - level=logging.INFO) -else: - logging.basicConfig( - format=FORMAT, - level=logging.WARNING) - -requests_log = logging.getLogger("requests.packages.urllib3") -requests_log.setLevel(logging.WARNING) -requests_log.propagate = True - -logger = logging.getLogger("moonforming") - -if args.filename: - print("Loading: {}".format(args.filename[0])) - -m = SourceFileLoader("scenario", args.filename[0]) - -scenario = m.load_module() - - -def create_model(model_id=None): - if args.verbose: - logger.info("Creating model {}".format(scenario.model_name)) - if not model_id: - logger.info("Add model") - model_id = add_model(name=scenario.model_name) - logger.info("Add subject categories") - for cat in scenario.subject_categories: - scenario.subject_categories[cat] = add_subject_category(name=cat) - logger.info("Add object categories") - for cat in scenario.object_categories: - scenario.object_categories[cat] = add_object_category(name=cat) - logger.info("Add action categories") - for cat in scenario.action_categories: - scenario.action_categories[cat] = add_action_category(name=cat) - sub_cat = [] - ob_cat = [] - act_cat = [] - meta_rule_list = [] - for item_name, item_value in scenario.meta_rule.items(): - for item in item_value["value"]: - if item in scenario.subject_categories: - sub_cat.append(scenario.subject_categories[item]) - elif item in scenario.object_categories: - ob_cat.append(scenario.object_categories[item]) - elif item in scenario.action_categories: - act_cat.append(scenario.action_categories[item]) - meta_rules = check_meta_rule(meta_rule_id=None) - for _meta_rule_id, _meta_rule_value in meta_rules['meta_rules'].items(): - if _meta_rule_value['name'] == item_name: - meta_rule_id = _meta_rule_id - break - else: - logger.info("Add meta rule") - meta_rule_id = add_meta_rule(item_name, sub_cat, ob_cat, act_cat) - item_value["id"] = meta_rule_id - if meta_rule_id not in meta_rule_list: - meta_rule_list.append(meta_rule_id) - return model_id, meta_rule_list - - -def create_policy(model_id, meta_rule_list): - if args.verbose: - logger.info("Creating policy {}".format(scenario.policy_name)) - _policies = check_policy() - for _policy_id, _policy_value in _policies["policies"].items(): - if _policy_value['name'] == scenario.policy_name: - policy_id = _policy_id - break - else: - policy_id = add_policy(name=scenario.policy_name, genre=scenario.policy_genre) - - update_policy(policy_id, model_id) - - for meta_rule_id in meta_rule_list: - logger.debug("add_meta_rule_to_model {} {}".format(model_id, meta_rule_id)) - add_meta_rule_to_model(model_id, meta_rule_id) - - logger.info("Add subject data") - for subject_cat_name in scenario.subject_data: - for subject_data_name in scenario.subject_data[subject_cat_name]: - data_id = scenario.subject_data[subject_cat_name][subject_data_name] = add_subject_data( - policy_id=policy_id, - category_id=scenario.subject_categories[subject_cat_name], name=subject_data_name) - scenario.subject_data[subject_cat_name][subject_data_name] = data_id - logger.info("Add object data") - for object_cat_name in scenario.object_data: - for object_data_name in scenario.object_data[object_cat_name]: - data_id = scenario.object_data[object_cat_name][object_data_name] = add_object_data( - policy_id=policy_id, - category_id=scenario.object_categories[object_cat_name], name=object_data_name) - scenario.object_data[object_cat_name][object_data_name] = data_id - logger.info("Add action data") - for action_cat_name in scenario.action_data: - for action_data_name in scenario.action_data[action_cat_name]: - data_id = scenario.action_data[action_cat_name][action_data_name] = add_action_data( - policy_id=policy_id, - category_id=scenario.action_categories[action_cat_name], name=action_data_name) - scenario.action_data[action_cat_name][action_data_name] = data_id - - logger.info("Add subjects") - for name in scenario.subjects: - scenario.subjects[name] = add_subject(policy_id, name=name) - logger.info("Add objects") - for name in scenario.objects: - scenario.objects[name] = add_object(policy_id, name=name) - logger.info("Add actions") - for name in scenario.actions: - scenario.actions[name] = add_action(policy_id, name=name) - - logger.info("Add subject assignments") - for subject_name in scenario.subject_assignments: - if type(scenario.subject_assignments[subject_name]) in (list, tuple): - for items in scenario.subject_assignments[subject_name]: - for subject_category_name in items: - subject_id = scenario.subjects[subject_name] - subject_cat_id = scenario.subject_categories[subject_category_name] - for data in scenario.subject_assignments[subject_name]: - subject_data_id = scenario.subject_data[subject_category_name][data[subject_category_name]] - add_subject_assignments(policy_id, subject_id, subject_cat_id, subject_data_id) - else: - for subject_category_name in scenario.subject_assignments[subject_name]: - subject_id = scenario.subjects[subject_name] - subject_cat_id = scenario.subject_categories[subject_category_name] - subject_data_id = scenario.subject_data[subject_category_name][scenario.subject_assignments[subject_name][subject_category_name]] - add_subject_assignments(policy_id, subject_id, subject_cat_id, subject_data_id) - - logger.info("Add object assignments") - for object_name in scenario.object_assignments: - if type(scenario.object_assignments[object_name]) in (list, tuple): - for items in scenario.object_assignments[object_name]: - for object_category_name in items: - object_id = scenario.objects[object_name] - object_cat_id = scenario.object_categories[object_category_name] - for data in scenario.object_assignments[object_name]: - object_data_id = scenario.object_data[object_category_name][data[object_category_name]] - add_object_assignments(policy_id, object_id, object_cat_id, object_data_id) - else: - for object_category_name in scenario.object_assignments[object_name]: - object_id = scenario.objects[object_name] - object_cat_id = scenario.object_categories[object_category_name] - object_data_id = scenario.object_data[object_category_name][scenario.object_assignments[object_name][object_category_name]] - add_object_assignments(policy_id, object_id, object_cat_id, object_data_id) - - logger.info("Add action assignments") - for action_name in scenario.action_assignments: - if type(scenario.action_assignments[action_name]) in (list, tuple): - for items in scenario.action_assignments[action_name]: - for action_category_name in items: - action_id = scenario.actions[action_name] - action_cat_id = scenario.action_categories[action_category_name] - for data in scenario.action_assignments[action_name]: - action_data_id = scenario.action_data[action_category_name][data[action_category_name]] - add_action_assignments(policy_id, action_id, action_cat_id, action_data_id) - else: - for action_category_name in scenario.action_assignments[action_name]: - action_id = scenario.actions[action_name] - action_cat_id = scenario.action_categories[action_category_name] - action_data_id = scenario.action_data[action_category_name][scenario.action_assignments[action_name][action_category_name]] - add_action_assignments(policy_id, action_id, action_cat_id, action_data_id) - - logger.info("Add rules") - for meta_rule_name in scenario.rules: - meta_rule_value = scenario.meta_rule[meta_rule_name] - for rule in scenario.rules[meta_rule_name]: - data_list = [] - _meta_rule = list(meta_rule_value["value"]) - for data_name in rule["rule"]: - category_name = _meta_rule.pop(0) - if category_name in scenario.subject_categories: - data_list.append(scenario.subject_data[category_name][data_name]) - elif category_name in scenario.object_categories: - data_list.append(scenario.object_data[category_name][data_name]) - elif category_name in scenario.action_categories: - data_list.append(scenario.action_data[category_name][data_name]) - instructions = rule["instructions"] - add_rule(policy_id, meta_rule_value["id"], data_list, instructions) - return policy_id - - -def create_pdp(policy_id=None): - logger.info("Creating PDP {}".format(scenario.pdp_name)) - projects = get_keystone_projects() - project_id = args.keystone_pid - if not project_id: - for _project in projects['projects']: - if _project['name'] == "admin": - project_id = _project['id'] - assert project_id - pdps = check_pdp()["pdps"] - for pdp_id, pdp_value in pdps.items(): - if scenario.pdp_name == pdp_value["name"]: - update_pdp(pdp_id, policy_id=policy_id) - logger.debug("Found existing PDP named {} (will add policy {})".format(scenario.pdp_name, policy_id)) - return pdp_id - _pdp_id = add_pdp(name=scenario.pdp_name, policy_id=policy_id) - map_to_keystone(pdp_id=_pdp_id, keystone_project_id=project_id) - return _pdp_id - -if __name__ == "__main__": - _models = check_model() - for _model_id, _model_value in _models['models'].items(): - if _model_value['name'] == scenario.model_name: - model_id = _model_id - meta_rule_list = _model_value['meta_rules'] - create_model(model_id) - break - else: - model_id, meta_rule_list = create_model() - policy_id = create_policy(model_id, meta_rule_list) - pdp_id = create_pdp(policy_id) diff --git a/templates/moon_forming/run.sh b/templates/moon_forming/run.sh deleted file mode 100644 index 71543f9e..00000000 --- a/templates/moon_forming/run.sh +++ /dev/null @@ -1,44 +0,0 @@ -#!/usr/bin/env bash - -populate_args=$* - -echo "Waiting for Consul (http://consul:8500)" -while ! python -c "import requests; req = requests.get('http://consul:8500')" 2>/dev/null ; do - sleep 5 ; - echo "." -done - -echo "Consul (http://consul:8500) is up." - -python3 /root/conf2consul.py /etc/moon/moon.conf - -echo "Waiting for DB (tcp://db:3306)" -while ! python -c "import socket, sys; s = socket.socket(socket.AF_INET, socket.SOCK_STREAM); s.connect(('db', 3306)); sys.exit(0)" 2>/dev/null ; do - sleep 5 ; - echo "." -done - -echo "Database (http://db:3306) is up." - -moon_db_manager upgrade - -echo "Waiting for Keystone (http://keystone:5000)" -while ! python -c "import requests; req = requests.get('http://keystone:5000')" 2>/dev/null ; do - sleep 5 ; - echo "." -done - -echo "Keystone (http://keystone:5000) is up." - -echo "Waiting for Manager (http://manager:8082)" -while ! python -c "import requests; req = requests.get('http://manager:8082')" 2>/dev/null ; do - sleep 5 ; - echo "." -done - -echo "Manager (http://manager:8082) is up." - -cd /root - -python3 populate_default_values.py $populate_args /root/conf/rbac.py -python3 populate_default_values.py $populate_args /root/conf/mls.py diff --git a/templates/moon_forming/utils/__init__.py b/templates/moon_forming/utils/__init__.py deleted file mode 100644 index e69de29b..00000000 diff --git a/templates/moon_forming/utils/config.py b/templates/moon_forming/utils/config.py deleted file mode 100644 index 30c8ea4f..00000000 --- a/templates/moon_forming/utils/config.py +++ /dev/null @@ -1,22 +0,0 @@ -import yaml - - -def get_config_data(filename="moon.conf"): - data_config = None - for _file in ( - filename, - "conf/moon.conf", - "../moon.conf", - "../conf/moon.conf", - "/etc/moon/moon.conf", - ): - try: - data_config = yaml.safe_load(open(_file)) - except FileNotFoundError: - data_config = None - continue - else: - break - if not data_config: - raise Exception("Configuration file not found...") - return data_config diff --git a/templates/moon_forming/utils/models.py b/templates/moon_forming/utils/models.py deleted file mode 100644 index 3cf31354..00000000 --- a/templates/moon_forming/utils/models.py +++ /dev/null @@ -1,270 +0,0 @@ -import requests -import copy -import utils.config - -config = utils.config.get_config_data() - -URL = "http://{}:{}".format( - config['components']['manager']['hostname'], - config['components']['manager']['port']) -URL = URL + "{}" -HEADERS = {"content-type": "application/json"} - -model_template = { - "name": "test_model", - "description": "test", - "meta_rules": [] -} - -category_template = { - "name": "name of the category", - "description": "description of the category" -} - -meta_rule_template = { - "name": "test_meta_rule", - "subject_categories": [], - "object_categories": [], - "action_categories": [] -} - - -def check_model(model_id=None, check_model_name=True): - req = requests.get(URL.format("/models")) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - assert "models" in result - if model_id: - assert result["models"] - assert model_id in result['models'] - assert "name" in result['models'][model_id] - if check_model_name: - assert model_template["name"] == result['models'][model_id]["name"] - return result - - -def add_model(name=None): - if name: - model_template['name'] = name - req = requests.post(URL.format("/models"), json=model_template, headers=HEADERS) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - model_id = list(result['models'].keys())[0] - if "result" in result: - assert result["result"] - assert "name" in result['models'][model_id] - assert model_template["name"] == result['models'][model_id]["name"] - return model_id - - -def delete_model(model_id): - req = requests.delete(URL.format("/models/{}".format(model_id))) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - assert "result" in result - assert result["result"] - - -def add_subject_category(name="subject_cat_1"): - category_template["name"] = name - req = requests.post(URL.format("/subject_categories"), json=category_template, headers=HEADERS) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - assert "subject_categories" in result - category_id = list(result['subject_categories'].keys())[0] - if "result" in result: - assert result["result"] - assert "name" in result['subject_categories'][category_id] - assert category_template["name"] == result['subject_categories'][category_id]["name"] - return category_id - - -def check_subject_category(category_id): - req = requests.get(URL.format("/subject_categories")) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - assert "subject_categories" in result - if "result" in result: - assert result["result"] - assert category_id in result['subject_categories'] - assert "name" in result['subject_categories'][category_id] - assert category_template["name"] == result['subject_categories'][category_id]["name"] - - -def delete_subject_category(category_id): - req = requests.delete(URL.format("/subject_categories/{}".format(category_id))) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - if "result" in result: - assert result["result"] - - -def add_object_category(name="object_cat_1"): - category_template["name"] = name - req = requests.post(URL.format("/object_categories"), json=category_template, headers=HEADERS) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - assert "object_categories" in result - category_id = list(result['object_categories'].keys())[0] - if "result" in result: - assert result["result"] - assert "name" in result['object_categories'][category_id] - assert category_template["name"] == result['object_categories'][category_id]["name"] - return category_id - - -def check_object_category(category_id): - req = requests.get(URL.format("/object_categories")) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - assert "object_categories" in result - if "result" in result: - assert result["result"] - assert category_id in result['object_categories'] - assert "name" in result['object_categories'][category_id] - assert category_template["name"] == result['object_categories'][category_id]["name"] - - -def delete_object_category(category_id): - req = requests.delete(URL.format("/object_categories/{}".format(category_id))) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - if "result" in result: - assert result["result"] - - -def add_action_category(name="action_cat_1"): - category_template["name"] = name - req = requests.post(URL.format("/action_categories"), json=category_template, headers=HEADERS) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - assert "action_categories" in result - category_id = list(result['action_categories'].keys())[0] - if "result" in result: - assert result["result"] - assert "name" in result['action_categories'][category_id] - assert category_template["name"] == result['action_categories'][category_id]["name"] - return category_id - - -def check_action_category(category_id): - req = requests.get(URL.format("/action_categories")) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - assert "action_categories" in result - if "result" in result: - assert result["result"] - assert category_id in result['action_categories'] - assert "name" in result['action_categories'][category_id] - assert category_template["name"] == result['action_categories'][category_id]["name"] - - -def delete_action_category(category_id): - req = requests.delete(URL.format("/action_categories/{}".format(category_id))) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - if "result" in result: - assert result["result"] - - -def add_categories_and_meta_rule(name="test_meta_rule"): - scat_id = add_subject_category() - ocat_id = add_object_category() - acat_id = add_action_category() - _meta_rule_template = copy.deepcopy(meta_rule_template) - _meta_rule_template["name"] = name - _meta_rule_template["subject_categories"].append(scat_id) - _meta_rule_template["object_categories"].append(ocat_id) - _meta_rule_template["action_categories"].append(acat_id) - req = requests.post(URL.format("/meta_rules"), json=_meta_rule_template, headers=HEADERS) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - assert "meta_rules" in result - meta_rule_id = list(result['meta_rules'].keys())[0] - if "result" in result: - assert result["result"] - assert "name" in result['meta_rules'][meta_rule_id] - assert _meta_rule_template["name"] == result['meta_rules'][meta_rule_id]["name"] - return meta_rule_id, scat_id, ocat_id, acat_id - - -def add_meta_rule(name="test_meta_rule", scat=[], ocat=[], acat=[]): - _meta_rule_template = copy.deepcopy(meta_rule_template) - _meta_rule_template["name"] = name - _meta_rule_template["subject_categories"] = [] - _meta_rule_template["subject_categories"].extend(scat) - _meta_rule_template["object_categories"] = [] - _meta_rule_template["object_categories"].extend(ocat) - _meta_rule_template["action_categories"] = [] - _meta_rule_template["action_categories"].extend(acat) - req = requests.post(URL.format("/meta_rules"), json=_meta_rule_template, headers=HEADERS) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - assert "meta_rules" in result - meta_rule_id = list(result['meta_rules'].keys())[0] - if "result" in result: - assert result["result"] - assert "name" in result['meta_rules'][meta_rule_id] - assert _meta_rule_template["name"] == result['meta_rules'][meta_rule_id]["name"] - return meta_rule_id - - -def check_meta_rule(meta_rule_id, scat_id=None, ocat_id=None, acat_id=None): - req = requests.get(URL.format("/meta_rules")) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - assert "meta_rules" in result - if "result" in result: - assert result["result"] - if not meta_rule_id: - return result - assert meta_rule_id in result['meta_rules'] - assert "name" in result['meta_rules'][meta_rule_id] - if scat_id: - assert scat_id in result['meta_rules'][meta_rule_id]["subject_categories"] - if ocat_id: - assert ocat_id in result['meta_rules'][meta_rule_id]["object_categories"] - if acat_id: - assert acat_id in result['meta_rules'][meta_rule_id]["action_categories"] - - -def delete_meta_rule(meta_rule_id): - req = requests.delete(URL.format("/meta_rules/{}".format(meta_rule_id))) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - if "result" in result: - assert result["result"] - - -def add_meta_rule_to_model(model_id, meta_rule_id): - model = check_model(model_id, check_model_name=False)['models'] - meta_rule_list = model[model_id]["meta_rules"] - if meta_rule_id not in meta_rule_list: - meta_rule_list.append(meta_rule_id) - req = requests.patch(URL.format("/models/{}".format(model_id)), - json={"meta_rules": meta_rule_list}, - headers=HEADERS) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - model_id = list(result['models'].keys())[0] - if "result" in result: - assert result["result"] - assert "meta_rules" in result['models'][model_id] - assert meta_rule_list == result['models'][model_id]["meta_rules"] diff --git a/templates/moon_forming/utils/pdp.py b/templates/moon_forming/utils/pdp.py deleted file mode 100644 index f3c6df37..00000000 --- a/templates/moon_forming/utils/pdp.py +++ /dev/null @@ -1,163 +0,0 @@ -import logging -import requests -import utils.config - -config = utils.config.get_config_data() -logger = logging.getLogger("moonforming.utils.policies") - -URL = "http://{}:{}".format( - config['components']['manager']['hostname'], - config['components']['manager']['port']) -HEADERS = {"content-type": "application/json"} -KEYSTONE_USER = config['openstack']['keystone']['user'] -KEYSTONE_PASSWORD = config['openstack']['keystone']['password'] -KEYSTONE_PROJECT = config['openstack']['keystone']['project'] -KEYSTONE_SERVER = config['openstack']['keystone']['url'] - -pdp_template = { - "name": "test_pdp", - "security_pipeline": [], - "keystone_project_id": None, - "description": "test", -} - - -def get_keystone_projects(): - - HEADERS = { - "Content-Type": "application/json" - } - - data_auth = { - "auth": { - "identity": { - "methods": [ - "password" - ], - "password": { - "user": { - "name": KEYSTONE_USER, - "domain": { - "name": "Default" - }, - "password": KEYSTONE_PASSWORD - } - } - } - } - } - - req = requests.post("{}/auth/tokens".format(KEYSTONE_SERVER), json=data_auth, headers=HEADERS) - logger.debug("{}/auth/tokens".format(KEYSTONE_SERVER)) - logger.debug(req.text) - assert req.status_code in (200, 201) - TOKEN = req.headers['X-Subject-Token'] - HEADERS['X-Auth-Token'] = TOKEN - req = requests.get("{}/projects".format(KEYSTONE_SERVER), headers=HEADERS) - if req.status_code not in (200, 201): - data_auth["auth"]["scope"] = { - "project": { - "name": KEYSTONE_PROJECT, - "domain": { - "id": "default" - } - } - } - req = requests.post("{}/auth/tokens".format(KEYSTONE_SERVER), json=data_auth, headers=HEADERS) - assert req.status_code in (200, 201) - TOKEN = req.headers['X-Subject-Token'] - HEADERS['X-Auth-Token'] = TOKEN - req = requests.get("{}/projects".format(KEYSTONE_SERVER), headers=HEADERS) - assert req.status_code in (200, 201) - return req.json() - - -def check_pdp(pdp_id=None, keystone_project_id=None, moon_url=None): - _URL = URL - if moon_url: - _URL = moon_url - req = requests.get(_URL + "/pdp") - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - assert "pdps" in result - if pdp_id: - assert result["pdps"] - assert pdp_id in result['pdps'] - assert "name" in result['pdps'][pdp_id] - assert pdp_template["name"] == result['pdps'][pdp_id]["name"] - if keystone_project_id: - assert result["pdps"] - assert pdp_id in result['pdps'] - assert "keystone_project_id" in result['pdps'][pdp_id] - assert keystone_project_id == result['pdps'][pdp_id]["keystone_project_id"] - return result - - -def add_pdp(name="test_pdp", policy_id=None): - pdp_template['name'] = name - if policy_id: - pdp_template['security_pipeline'].append(policy_id) - req = requests.post(URL + "/pdp", json=pdp_template, headers=HEADERS) - logger.debug(req.status_code) - logger.debug(req) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - pdp_id = list(result['pdps'].keys())[0] - if "result" in result: - assert result["result"] - assert "name" in result['pdps'][pdp_id] - assert pdp_template["name"] == result['pdps'][pdp_id]["name"] - return pdp_id - - -def update_pdp(pdp_id, policy_id=None): - req = requests.get(URL + "/pdp/{}".format(pdp_id)) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - assert "pdps" in result - assert pdp_id in result['pdps'] - pipeline = result['pdps'][pdp_id]["security_pipeline"] - if policy_id not in pipeline: - pipeline.append(policy_id) - req = requests.patch(URL + "/pdp/{}".format(pdp_id), - json={"security_pipeline": pipeline}) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - assert "pdps" in result - assert pdp_id in result['pdps'] - - req = requests.get(URL + "/pdp/{}".format(pdp_id)) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - assert "pdps" in result - assert pdp_id in result['pdps'] - assert policy_id in pipeline - - -def map_to_keystone(pdp_id, keystone_project_id): - req = requests.patch(URL + "/pdp/{}".format(pdp_id), json={"keystone_project_id": keystone_project_id}, - headers=HEADERS) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - if "result" in result: - assert result["result"] - assert pdp_id in result['pdps'] - assert "name" in result['pdps'][pdp_id] - assert pdp_template["name"] == result['pdps'][pdp_id]["name"] - return pdp_id - - -def delete_pdp(pdp_id): - req = requests.delete(URL + "/pdp/{}".format(pdp_id)) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - assert "result" in result - assert result["result"] - diff --git a/templates/moon_forming/utils/policies.py b/templates/moon_forming/utils/policies.py deleted file mode 100644 index bd08291a..00000000 --- a/templates/moon_forming/utils/policies.py +++ /dev/null @@ -1,635 +0,0 @@ -import logging -import requests -import utils.config - -config = utils.config.get_config_data() -logger = logging.getLogger("moonforming.utils.policies") - -URL = "http://{}:{}".format(config['components']['manager']['hostname'], config['components']['manager']['port']) -URL = URL + "{}" -HEADERS = {"content-type": "application/json"} -FILE = open("/tmp/test.log", "w") - -policy_template = { - "name": "test_policy", - "model_id": "", - "genre": "authz", - "description": "test", -} - -subject_template = { - "name": "test_subject", - "description": "test", - "email": "mail", - "password": "my_pass", -} - -object_template = { - "name": "test_subject", - "description": "test" -} - -action_template = { - "name": "test_subject", - "description": "test" -} - -subject_data_template = { - "name": "subject_data1", - "description": "description of the data subject" -} - -object_data_template = { - "name": "object_data1", - "description": "description of the data subject" -} - -action_data_template = { - "name": "action_data1", - "description": "description of the data subject" -} - -subject_assignment_template = { - "id": "", - "category_id": "", - "scope_id": "" -} - - -def check_policy(policy_id=None): - req = requests.get(URL.format("/policies")) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - assert "policies" in result - if policy_id: - assert result["policies"] - assert policy_id in result['policies'] - assert "name" in result['policies'][policy_id] - assert policy_template["name"] == result['policies'][policy_id]["name"] - return result - - -def add_policy(name="test_policy", genre="authz"): - policy_template["name"] = name - policy_template["genre"] = genre - req = requests.post(URL.format("/policies"), json=policy_template, headers=HEADERS) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - policy_id = list(result['policies'].keys())[0] - if "result" in result: - assert result["result"] - assert "name" in result['policies'][policy_id] - assert policy_template["name"] == result['policies'][policy_id]["name"] - return policy_id - - -def update_policy(policy_id, model_id): - req = requests.patch(URL.format("/policies/{}".format(policy_id)), - json={"model_id": model_id}, headers=HEADERS) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - policy_id = list(result['policies'].keys())[0] - if "result" in result: - assert result["result"] - assert "model_id" in result['policies'][policy_id] - assert model_id == result['policies'][policy_id]["model_id"] - - -def delete_policy(policy_id): - req = requests.delete(URL.format("/policies/{}".format(policy_id))) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - assert "result" in result - assert result["result"] - - -def add_subject(policy_id=None, name="test_subject"): - subject_template['name'] = name - if policy_id: - logger.debug(URL.format("/policies/{}/subjects".format(policy_id))) - req = requests.post(URL.format("/policies/{}/subjects".format(policy_id)), - json=subject_template, headers=HEADERS) - else: - logger.debug(URL.format("/subjects")) - req = requests.post(URL.format("/subjects"), json=subject_template, headers=HEADERS) - logger.debug(req.text) - assert req.status_code == 200 - result = req.json() - assert "subjects" in result - subject_id = list(result['subjects'].keys())[0] - return subject_id - - -def update_subject(subject_id, policy_id=None, description=None): - if policy_id and not description: - req = requests.patch(URL.format("/policies/{}/subjects/{}".format(policy_id, subject_id)), - json={}) - elif policy_id and description: - req = requests.patch(URL.format("/policies/{}/subjects/{}".format(policy_id, subject_id)), - json={"description": description}) - else: - req = requests.patch(URL.format("/subjects/{}".format(subject_id)), - json={"description": description}) - assert req.status_code == 200 - result = req.json() - assert "subjects" in result - assert "name" in result["subjects"][subject_id] - assert subject_template["name"] == result["subjects"][subject_id]["name"] - assert "policy_list" in result["subjects"][subject_id] - if policy_id: - assert policy_id in result["subjects"][subject_id]["policy_list"] - if description: - assert description in result["subjects"][subject_id]["description"] - - -def check_subject(subject_id=None, policy_id=None): - if policy_id: - req = requests.get(URL.format("/policies/{}/subjects".format(policy_id))) - else: - req = requests.get(URL.format("/subjects")) - assert req.status_code == 200 - result = req.json() - assert "subjects" in result - assert "name" in result["subjects"][subject_id] - assert subject_template["name"] == result["subjects"][subject_id]["name"] - if policy_id: - assert "policy_list" in result["subjects"][subject_id] - assert policy_id in result["subjects"][subject_id]["policy_list"] - - -def delete_subject(subject_id, policy_id=None): - if policy_id: - req = requests.delete(URL.format("/policies/{}/subjects/{}".format(policy_id, subject_id))) - else: - req = requests.delete(URL.format("/subjects/{}".format(subject_id))) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - assert "result" in result - assert result["result"] - - if policy_id: - req = requests.get(URL.format("/policies/{}/subjects".format(policy_id))) - else: - req = requests.get(URL.format("/subjects")) - assert req.status_code == 200 - result = req.json() - assert "subjects" in result - if subject_id in result["subjects"]: - assert "name" in result["subjects"][subject_id] - assert subject_template["name"] == result["subjects"][subject_id]["name"] - if policy_id: - assert "policy_list" in result["subjects"][subject_id] - assert policy_id not in result["subjects"][subject_id]["policy_list"] - - -def add_object(policy_id=None, name="test_object"): - object_template['name'] = name - if policy_id: - req = requests.post(URL.format("/policies/{}/objects".format(policy_id)), - json=object_template, headers=HEADERS) - else: - req = requests.post(URL.format("/objects"), json=object_template, headers=HEADERS) - assert req.status_code == 200 - result = req.json() - assert "objects" in result - object_id = list(result['objects'].keys())[0] - return object_id - - -def update_object(object_id, policy_id): - req = requests.patch(URL.format("/policies/{}/objects/{}".format(policy_id, object_id)), json={}) - assert req.status_code == 200 - result = req.json() - assert "objects" in result - assert "name" in result["objects"][object_id] - assert object_template["name"] == result["objects"][object_id]["name"] - assert "policy_list" in result["objects"][object_id] - assert policy_id in result["objects"][object_id]["policy_list"] - - -def check_object(object_id=None, policy_id=None): - if policy_id: - req = requests.get(URL.format("/policies/{}/objects".format(policy_id))) - else: - req = requests.get(URL.format("/objects")) - assert req.status_code == 200 - result = req.json() - assert "objects" in result - assert "name" in result["objects"][object_id] - assert object_template["name"] == result["objects"][object_id]["name"] - if policy_id: - assert "policy_list" in result["objects"][object_id] - assert policy_id in result["objects"][object_id]["policy_list"] - - -def delete_object(object_id, policy_id=None): - if policy_id: - req = requests.delete(URL.format("/policies/{}/objects/{}".format(policy_id, object_id))) - else: - req = requests.delete(URL.format("/objects/{}".format(object_id))) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - assert "result" in result - assert result["result"] - - if policy_id: - req = requests.get(URL.format("/policies/{}/objects".format(policy_id))) - else: - req = requests.get(URL.format("/objects")) - assert req.status_code == 200 - result = req.json() - assert "objects" in result - if object_id in result["objects"]: - assert "name" in result["objects"][object_id] - assert object_template["name"] == result["objects"][object_id]["name"] - if policy_id: - assert "policy_list" in result["objects"][object_id] - assert policy_id not in result["objects"][object_id]["policy_list"] - - -def add_action(policy_id=None, name="test_action"): - action_template['name'] = name - if policy_id: - req = requests.post(URL.format("/policies/{}/actions".format(policy_id)), - json=action_template, headers=HEADERS) - else: - req = requests.post(URL.format("/actions"), json=action_template, headers=HEADERS) - assert req.status_code == 200 - result = req.json() - assert "actions" in result - action_id = list(result['actions'].keys())[0] - return action_id - - -def update_action(action_id, policy_id): - req = requests.patch(URL.format("/policies/{}/actions/{}".format(policy_id, action_id)), json={}) - assert req.status_code == 200 - result = req.json() - assert "actions" in result - assert "name" in result["actions"][action_id] - assert action_template["name"] == result["actions"][action_id]["name"] - assert "policy_list" in result["actions"][action_id] - assert policy_id in result["actions"][action_id]["policy_list"] - - -def check_action(action_id=None, policy_id=None): - if policy_id: - req = requests.get(URL.format("/policies/{}/actions".format(policy_id))) - else: - req = requests.get(URL.format("/actions")) - assert req.status_code == 200 - result = req.json() - assert "actions" in result - assert "name" in result["actions"][action_id] - assert action_template["name"] == result["actions"][action_id]["name"] - if policy_id: - assert "policy_list" in result["actions"][action_id] - assert policy_id in result["actions"][action_id]["policy_list"] - - -def delete_action(action_id, policy_id=None): - if policy_id: - req = requests.delete(URL.format("/policies/{}/actions/{}".format(policy_id, action_id))) - else: - req = requests.delete(URL.format("/actions/{}".format(action_id))) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - assert "result" in result - assert result["result"] - - if policy_id: - req = requests.get(URL.format("/policies/{}/actions".format(policy_id))) - else: - req = requests.get(URL.format("/actions")) - assert req.status_code == 200 - result = req.json() - assert "actions" in result - if action_id in result["actions"]: - assert "name" in result["actions"][action_id] - assert action_template["name"] == result["actions"][action_id]["name"] - if policy_id: - assert "policy_list" in result["actions"][action_id] - assert policy_id not in result["actions"][action_id]["policy_list"] - - -def add_subject_data(policy_id, category_id, name="subject_data1"): - subject_data_template['name'] = name - req = requests.post(URL.format("/policies/{}/subject_data/{}".format(policy_id, category_id)), - json=subject_data_template, headers=HEADERS) - assert req.status_code == 200 - result = req.json() - assert "subject_data" in result - subject_id = list(result['subject_data']['data'].keys())[0] - return subject_id - - -def check_subject_data(policy_id, data_id, category_id): - req = requests.get(URL.format("/policies/{}/subject_data/{}".format(policy_id, category_id))) - assert req.status_code == 200 - result = req.json() - assert "subject_data" in result - for _data in result['subject_data']: - assert data_id in list(_data['data'].keys()) - assert category_id == _data["category_id"] - - -def delete_subject_data(policy_id, category_id, data_id): - req = requests.delete(URL.format("/policies/{}/subject_data/{}/{}".format(policy_id, category_id, data_id)), - headers=HEADERS) - assert req.status_code == 200 - req = requests.get(URL.format("/policies/{}/subject_data/{}".format(policy_id, category_id))) - assert req.status_code == 200 - result = req.json() - assert "subject_data" in result - for _data in result['subject_data']: - assert data_id not in list(_data['data'].keys()) - assert category_id == _data["category_id"] - - -def add_object_data(policy_id, category_id, name="object_data1"): - object_data_template['name'] = name - req = requests.post(URL.format("/policies/{}/object_data/{}".format(policy_id, category_id)), - json=object_data_template, headers=HEADERS) - assert req.status_code == 200 - result = req.json() - assert "object_data" in result - object_id = list(result['object_data']['data'].keys())[0] - return object_id - - -def check_object_data(policy_id, data_id, category_id): - req = requests.get(URL.format("/policies/{}/object_data/{}".format(policy_id, category_id))) - assert req.status_code == 200 - result = req.json() - assert "object_data" in result - for _data in result['object_data']: - assert data_id in list(_data['data'].keys()) - assert category_id == _data["category_id"] - - -def delete_object_data(policy_id, category_id, data_id): - req = requests.delete(URL.format("/policies/{}/object_data/{}/{}".format(policy_id, category_id, data_id)), - headers=HEADERS) - assert req.status_code == 200 - req = requests.get(URL.format("/policies/{}/object_data/{}".format(policy_id, category_id))) - assert req.status_code == 200 - result = req.json() - assert "object_data" in result - for _data in result['object_data']: - assert data_id not in list(_data['data'].keys()) - assert category_id == _data["category_id"] - - -def add_action_data(policy_id, category_id, name="action_data1"): - action_data_template['name'] = name - req = requests.post(URL.format("/policies/{}/action_data/{}".format(policy_id, category_id)), - json=action_data_template, headers=HEADERS) - assert req.status_code == 200 - result = req.json() - assert "action_data" in result - action_id = list(result['action_data']['data'].keys())[0] - return action_id - - -def check_action_data(policy_id, data_id, category_id): - req = requests.get(URL.format("/policies/{}/action_data/{}".format(policy_id, category_id))) - assert req.status_code == 200 - result = req.json() - assert "action_data" in result - for _data in result['action_data']: - assert data_id in list(_data['data'].keys()) - assert category_id == _data["category_id"] - - -def delete_action_data(policy_id, category_id, data_id): - req = requests.delete(URL.format("/policies/{}/action_data/{}/{}".format(policy_id, category_id, data_id)), - headers=HEADERS) - assert req.status_code == 200 - req = requests.get(URL.format("/policies/{}/action_data/{}".format(policy_id, category_id))) - assert req.status_code == 200 - result = req.json() - assert "action_data" in result - for _data in result['action_data']: - assert data_id not in list(_data['data'].keys()) - assert category_id == _data["category_id"] - - -def add_subject_assignments(policy_id, subject_id, subject_cat_id, subject_data_id): - req = requests.post(URL.format("/policies/{}/subject_assignments".format(policy_id)), - json={ - "id": subject_id, - "category_id": subject_cat_id, - "data_id": subject_data_id - }, headers=HEADERS) - assert req.status_code == 200 - result = req.json() - assert "subject_assignments" in result - assert result["subject_assignments"] - - -def check_subject_assignments(policy_id, subject_id, subject_cat_id, subject_data_id): - req = requests.get(URL.format("/policies/{}/subject_assignments/{}/{}/{}".format( - policy_id, subject_id, subject_cat_id, subject_data_id))) - assert req.status_code == 200 - result = req.json() - assert "subject_assignments" in result - assert result["subject_assignments"] - for key in result["subject_assignments"]: - assert "subject_id" in result["subject_assignments"][key] - assert "category_id" in result["subject_assignments"][key] - assert "assignments" in result["subject_assignments"][key] - if result["subject_assignments"][key]['subject_id'] == subject_id and \ - result["subject_assignments"][key]["category_id"] == subject_cat_id: - assert subject_data_id in result["subject_assignments"][key]["assignments"] - - -def check_object_assignments(policy_id, object_id, object_cat_id, object_data_id): - req = requests.get(URL.format("/policies/{}/object_assignments/{}/{}/{}".format( - policy_id, object_id, object_cat_id, object_data_id))) - assert req.status_code == 200 - result = req.json() - assert "object_assignments" in result - assert result["object_assignments"] - for key in result["object_assignments"]: - assert "object_id" in result["object_assignments"][key] - assert "category_id" in result["object_assignments"][key] - assert "assignments" in result["object_assignments"][key] - if result["object_assignments"][key]['object_id'] == object_id and \ - result["object_assignments"][key]["category_id"] == object_cat_id: - assert object_data_id in result["object_assignments"][key]["assignments"] - - -def check_action_assignments(policy_id, action_id, action_cat_id, action_data_id): - req = requests.get(URL.format("/policies/{}/action_assignments/{}/{}/{}".format( - policy_id, action_id, action_cat_id, action_data_id))) - assert req.status_code == 200 - result = req.json() - assert "action_assignments" in result - assert result["action_assignments"] - for key in result["action_assignments"]: - assert "action_id" in result["action_assignments"][key] - assert "category_id" in result["action_assignments"][key] - assert "assignments" in result["action_assignments"][key] - if result["action_assignments"][key]['action_id'] == action_id and \ - result["action_assignments"][key]["category_id"] == action_cat_id: - assert action_data_id in result["action_assignments"][key]["assignments"] - - -def add_object_assignments(policy_id, object_id, object_cat_id, object_data_id): - req = requests.post(URL.format("/policies/{}/object_assignments".format(policy_id)), - json={ - "id": object_id, - "category_id": object_cat_id, - "data_id": object_data_id - }, headers=HEADERS) - assert req.status_code == 200 - result = req.json() - assert "object_assignments" in result - assert result["object_assignments"] - - -def add_action_assignments(policy_id, action_id, action_cat_id, action_data_id): - req = requests.post(URL.format("/policies/{}/action_assignments".format(policy_id)), - json={ - "id": action_id, - "category_id": action_cat_id, - "data_id": action_data_id - }, headers=HEADERS) - assert req.status_code == 200 - result = req.json() - assert "action_assignments" in result - assert result["action_assignments"] - - -def delete_subject_assignment(policy_id, subject_id, subject_cat_id, subject_data_id): - req = requests.delete(URL.format("/policies/{}/subject_assignments/{}/{}/{}".format( - policy_id, subject_id, subject_cat_id, subject_data_id))) - assert req.status_code == 200 - result = req.json() - assert "result" in result - assert result["result"] - - req = requests.get(URL.format("/policies/{}/subject_assignments/{}/{}/{}".format( - policy_id, subject_id, subject_cat_id, subject_data_id))) - assert req.status_code == 200 - result = req.json() - assert "subject_assignments" in result - assert result["subject_assignments"] - for key in result["subject_assignments"]: - assert "subject_id" in result["subject_assignments"][key] - assert "category_id" in result["subject_assignments"][key] - assert "assignments" in result["subject_assignments"][key] - if result["subject_assignments"][key]['subject_id'] == subject_id and \ - result["subject_assignments"][key]["category_id"] == subject_cat_id: - assert subject_data_id not in result["subject_assignments"][key]["assignments"] - - -def delete_object_assignment(policy_id, object_id, object_cat_id, object_data_id): - req = requests.delete(URL.format("/policies/{}/object_assignments/{}/{}/{}".format( - policy_id, object_id, object_cat_id, object_data_id))) - assert req.status_code == 200 - result = req.json() - assert "result" in result - assert result["result"] - - req = requests.get(URL.format("/policies/{}/object_assignments/{}/{}/{}".format( - policy_id, object_id, object_cat_id, object_data_id))) - assert req.status_code == 200 - result = req.json() - assert "object_assignments" in result - assert result["object_assignments"] - for key in result["object_assignments"]: - assert "object_id" in result["object_assignments"][key] - assert "category_id" in result["object_assignments"][key] - assert "assignments" in result["object_assignments"][key] - if result["object_assignments"][key]['object_id'] == object_id and \ - result["object_assignments"][key]["category_id"] == object_cat_id: - assert object_data_id not in result["object_assignments"][key]["assignments"] - - -def delete_action_assignment(policy_id, action_id, action_cat_id, action_data_id): - req = requests.delete(URL.format("/policies/{}/action_assignments/{}/{}/{}".format( - policy_id, action_id, action_cat_id, action_data_id))) - assert req.status_code == 200 - result = req.json() - assert "result" in result - assert result["result"] - - req = requests.get(URL.format("/policies/{}/action_assignments/{}/{}/{}".format( - policy_id, action_id, action_cat_id, action_data_id))) - assert req.status_code == 200 - result = req.json() - assert "action_assignments" in result - assert result["action_assignments"] - for key in result["action_assignments"]: - assert "action_id" in result["action_assignments"][key] - assert "category_id" in result["action_assignments"][key] - assert "assignments" in result["action_assignments"][key] - if result["action_assignments"][key]['action_id'] == action_id and \ - result["action_assignments"][key]["category_id"] == action_cat_id: - assert action_data_id not in result["action_assignments"][key]["assignments"] - - -def add_rule(policy_id, meta_rule_id, rule, instructions={"chain": [{"security_pipeline": "rbac"}]}): - req = requests.post(URL.format("/policies/{}/rules".format(policy_id)), - json={ - "meta_rule_id": meta_rule_id, - "rule": rule, - "instructions": instructions, - "enabled": True - }, - headers=HEADERS) - assert req.status_code == 200 - result = req.json() - assert "rules" in result - try: - rule_id = list(result["rules"].keys())[0] - except Exception as e: - return False - assert "policy_id" in result["rules"][rule_id] - assert policy_id == result["rules"][rule_id]["policy_id"] - assert "meta_rule_id" in result["rules"][rule_id] - assert meta_rule_id == result["rules"][rule_id]["meta_rule_id"] - assert rule == result["rules"][rule_id]["rule"] - return rule_id - - -def check_rule(policy_id, meta_rule_id, rule_id, rule): - req = requests.get(URL.format("/policies/{}/rules".format(policy_id))) - assert req.status_code == 200 - result = req.json() - assert "rules" in result - assert "policy_id" in result["rules"] - assert policy_id == result["rules"]["policy_id"] - for item in result["rules"]["rules"]: - assert "meta_rule_id" in item - if meta_rule_id == item["meta_rule_id"]: - if rule_id == item["id"]: - assert rule == item["rule"] - - -def delete_rule(policy_id, rule_id): - req = requests.delete(URL.format("/policies/{}/rules/{}".format(policy_id, rule_id))) - assert req.status_code == 200 - result = req.json() - assert "result" in result - assert result["result"] - - req = requests.get(URL.format("/policies/{}/rules".format(policy_id))) - assert req.status_code == 200 - result = req.json() - assert "rules" in result - assert "policy_id" in result["rules"] - assert policy_id == result["rules"]["policy_id"] - found_rule = False - for item in result["rules"]["rules"]: - if rule_id == item["id"]: - found_rule = True - assert not found_rule diff --git a/templates/moon_keystone/Dockerfile b/templates/moon_keystone/Dockerfile deleted file mode 100644 index 2a43bd92..00000000 --- a/templates/moon_keystone/Dockerfile +++ /dev/null @@ -1,25 +0,0 @@ -FROM ubuntu:zesty - -ENV ADMIN_TOKEN=p4ssw0rd -ENV ADMIN_PASSWORD=p4ssw0rd -ENV DB_CONNECTION="mysql+pymysql" -ENV DB_DRIVER=sql -ENV DB_HOST=localhost -ENV DB_DATABASE=keystonedb -ENV DB_USER=keystone -ENV DB_PASSWORD=p4ssw0rd -ENV DB_USER_ROOT=root -ENV DB_PASSWORD_ROOT=p4sswOrd1 -ENV RABBIT_NODE=server -ENV INTERFACE_HOST="http://localhost:3001" - -RUN apt update && apt install apache2 rabbitmq-server keystone python-openstackclient libapache2-mod-wsgi mysql-client -y - -# RUN apt update && apt install iputils-ping net-tools -y - -ADD run.sh /root - -EXPOSE 35357 -EXPOSE 5000 - -CMD ["/bin/bash", "/root/run.sh"] \ No newline at end of file diff --git a/templates/moon_keystone/README.md b/templates/moon_keystone/README.md deleted file mode 100644 index 7027324e..00000000 --- a/templates/moon_keystone/README.md +++ /dev/null @@ -1,26 +0,0 @@ -# Keystone container - -## build keystone image - -without proxy: -```bash -docker build -t keystone:mitaka . -``` - -with a proxy: -```bash -docker build --build-arg https_proxy=http://proxy:3128 --build-arg http_proxy=http://proxy:3128 -t keystone:mitaka . -``` - - -### access to the container -```bash -docker container exec -ti keystone /bin/bash -export OS_USERNAME=admin -export OS_PASSWORD=p4ssw0rd -export OS_REGION_NAME=Orange -export OS_TENANT_NAME=admin -export OS_AUTH_URL=http://localhost:5000/v3 -export OS_DOMAIN_NAME=Default -openstack project list -``` \ No newline at end of file diff --git a/templates/moon_keystone/run.sh b/templates/moon_keystone/run.sh deleted file mode 100644 index 2a61901e..00000000 --- a/templates/moon_keystone/run.sh +++ /dev/null @@ -1,81 +0,0 @@ -#!/usr/bin/env bash - -MY_HOSTNAME=localhost - -echo DB_HOST=$DB_HOST -echo DB_DATABASE=$DB_DATABASE -echo RABBIT_NODE=$RABBIT_NODE -echo RABBIT_NODE=$[RABBIT_NODE] -echo INTERFACE_HOST=$INTERFACE_HOST - -sed "s/#admin_token = /admin_token=$ADMIN_TOKEN/g" -i /etc/keystone/keystone.conf -sed "s/#connection = /connection = $DB_CONNECTION:\/\/$DB_USER:$DB_PASSWORD@$DB_HOST\/$DB_DATABASE/g" -i /etc/keystone/keystone.conf - -cat << EOF | tee -a /etc/keystone/keystone.conf -[cors] -allowed_origin = $INTERFACE_HOST -max_age = 3600 -allow_methods = POST,GET,DELETE -EOF - -until echo status | mysql -h${DB_HOST} -u${DB_USER_ROOT} -p${DB_PASSWORD_ROOT}; do - >&2 echo "MySQL is unavailable - sleeping" - sleep 1 -done - ->&2 echo "Mysql is up - executing command" - -mysql -h $DB_HOST -u$DB_USER_ROOT -p$DB_PASSWORD_ROOT < 1 else "consul" + CONSUL_PORT = sys.argv[2] if len(sys.argv) > 2 else 8500 + CONF_FILENAME = sys.argv[3] if len(sys.argv) > 3 else "moon.conf" +HEADERS = {"content-type": "application/json"} + + +def search_config_file(): + data_config = None + for _file in ( + CONF_FILENAME, + "conf/moon.conf", + "../moon.conf", + "../conf/moon.conf", + "/etc/moon/moon.conf", + ): + try: + data_config = yaml.safe_load(open(_file)) + except FileNotFoundError: + data_config = None + continue + else: + break + if not data_config: + raise Exception("Configuration file not found...") + return data_config + + +def put(key, value): + url = "http://{host}:{port}/v1/kv/{key}".format(host=CONSUL_HOST, port=CONSUL_PORT, key=key) + log.info(url) + req = requests.put( + url, + headers=HEADERS, + json=value + ) + if req.status_code != 200: + raise Exception("Error connecting to Consul ({}, {})".format(req.status_code, req.text)) + + +def get(key): + url = "http://{host}:{port}/v1/kv/{key}".format(host=CONSUL_HOST, port=CONSUL_PORT, key=key) + req = requests.get(url) + data = req.json() + for item in data: + log.info("{} {} -> {}".format( + req.status_code, + item["Key"], + json.loads(base64.b64decode(item["Value"]).decode("utf-8")) + )) + yield json.loads(base64.b64decode(item["Value"]).decode("utf-8")) + + +def start_consul(data_config): + cmd = ["docker", "run", "-d", "--net=moon", "--name=consul", "--hostname=consul", "-p", "8500:8500", "consul"] + output = subprocess.run(cmd, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE) + if output.returncode != 0: + log.info(" ".join(cmd)) + log.info(output.returncode) + log.error(output.stderr) + log.error(output.stdout) + raise Exception("Error starting Consul container!") + while True: + try: + req = requests.get("http://{}:{}/ui".format(CONSUL_HOST, CONSUL_PORT)) + except requests.exceptions.ConnectionError: + log.info("Waiting for Consul ({}:{})".format(CONSUL_HOST, CONSUL_PORT)) + time.sleep(1) + continue + else: + break + # if req.status_code in (302, 200): + # break + # log.info("Waiting for Consul ({}:{})".format(CONSUL_HOST, CONSUL_PORT)) + # time.sleep(1) + log.info("Consul is up") + + req = requests.get("http://{}:{}/v1/kv/database".format(CONSUL_HOST, CONSUL_PORT)) + if req.status_code == 200: + log.info("Consul is already populated") + return + + put("database", data_config["database"]) + put("messenger", data_config["messenger"]) + put("slave", data_config["slave"]) + put("docker", data_config["docker"]) + put("logging", data_config["logging"]) + put("components_port_start", data_config["components"]["port_start"]) + + for _key, _value in data_config["components"].items(): + if type(_value) is dict: + put("components/{}".format(_key), data_config["components"][_key]) + + for _key, _value in data_config["plugins"].items(): + put("plugins/{}".format(_key), data_config["plugins"][_key]) + + for _key, _value in data_config["openstack"].items(): + put("openstack/{}".format(_key), data_config["openstack"][_key]) + + +def start_database(): + cmd = ["docker", "run", "-dti", "--net=moon", "--hostname=db", "--name=db", + "-e", "MYSQL_ROOT_PASSWORD=p4sswOrd1", "-e", "MYSQL_DATABASE=moon", "-e", "MYSQL_USER=moon", + "-e", "MYSQL_PASSWORD=p4sswOrd1", "-p", "3306:3306", "mysql:latest"] + output = subprocess.run(cmd, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE) + if output.returncode != 0: + log.info(cmd) + log.error(output.stderr) + log.error(output.stdout) + raise Exception("Error starting DB container!") + for database in get("database"): + database_url = database['url'] + match = re.search("(?P^[\\w+]+):\/\/(?P\\w+):(?P.+)@(?P\\w+):*(?P\\d*)", + database_url) + config = match.groupdict() + while True: + try: + conn = mysql.connector.connect( + host=config["host"], + user=config["user"], + password=config["password"], + database="moon" + ) + conn.close() + except mysql.connector.errors.InterfaceError: + log.info("Waiting for Database ({})".format(config["host"])) + time.sleep(1) + continue + else: + log.info("Database is up, populating it...") + output = subprocess.run(["moon_db_manager", "upgrade"], + stdout=subprocess.PIPE, + stderr=subprocess.PIPE) + if output.returncode != 0: + raise Exception("Error populating the database!") + break + + +def start_keystone(): + output = subprocess.run(["docker", "run", "-dti", "--net=moon", "--hostname=keystone", "--name=keystone", + "-e", "DB_HOST=db", "-e", "DB_PASSWORD_ROOT=p4sswOrd1", "-p", "35357:35357", + "-p", "5000:5000", "keystone:mitaka"], + stdout=subprocess.PIPE, + stderr=subprocess.PIPE) + if output.returncode != 0: + raise Exception("Error starting Keystone container!") + # TODO: Keystone answers request too quickly + # even if it is not fully loaded + # we must test if a token retrieval is possible or not + # to see if Keystone is truly up and running + for config in get("openstack/keystone"): + while True: + try: + time.sleep(1) + req = requests.get(config["url"]) + except requests.exceptions.ConnectionError: + log.info("Waiting for Keystone ({})".format(config["url"])) + time.sleep(1) + continue + else: + log.info("Keystone is up") + break + + +def start_moon(data_config): + cmds = [ + # ["docker", "run", "-dti", "--net=moon", "--name=wrapper", "--hostname=wrapper", "-p", + # "{0}:{0}".format(data_config['components']['wrapper']['port']), + # data_config['components']['wrapper']['container']], + ["docker", "run", "-dti", "--net=moon", "--name=manager", + "--hostname=manager", "-p", + "{0}:{0}".format(data_config['components']['manager']['port']), + data_config['components']['manager']['container']], + ["docker", "run", "-dti", "--net=moon", "--name=interface", + "--hostname=interface", "-p", + "{0}:{0}".format(data_config['components']['interface']['port']), + data_config['components']['interface']['container']], + ] + for cmd in cmds: + log.warning("Start {}".format(cmd[-1])) + # answer = input() + # if answer.lower() in ("y", "yes", "o", "oui"): + output = subprocess.run(cmd, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE) + time.sleep(3) + if output.returncode != 0: + log.info(" ".join(cmd)) + log.info(output.returncode) + log.error(output.stderr) + log.error(output.stdout) + raise Exception("Error starting {} container!".format(cmd[-1])) + subprocess.run(["docker", "ps"]) + + +def main(): + data_config = search_config_file() + subprocess.run(["docker", "rm", "-f", "consul", "db", "manager", "wrapper", "interface", "authz*", "keystone"]) + start_consul(data_config) + start_database() + start_keystone() + start_moon(data_config) + +main() + diff --git a/tools/bin/build_all.sh b/tools/bin/build_all.sh new file mode 100644 index 00000000..5bbf6a19 --- /dev/null +++ b/tools/bin/build_all.sh @@ -0,0 +1,36 @@ +#!/usr/bin/env bash + +VERSION=v4.1 +export DOCKER_HOST=tcp://172.88.88.1:2376 + + +mkdir $MOON_HOME/moon_orchestrator/dist 2>/dev/null + +echo Building Moon_Orchestrator +cd $MOON_HOME/moon_orchestrator +docker build -t wukongsun/moon_orchestrator:${VERSION} . + +echo Building Moon_Interface +cd $MOON_HOME/moon_interface +docker build -t wukongsun/moon_interface:${VERSION} . + +echo Building Moon_Security_Router +cd $MOON_HOME/moon_secrouter +docker build -t wukongsun/moon_router:${VERSION} . + +echo Building Moon_Manager +cd $MOON_HOME/moon_manager +docker build -t wukongsun/moon_manager:${VERSION} . + +echo Building Moon_Authz +cd $MOON_HOME/moon_authz +docker build -t wukongsun/moon_authz:${VERSION} . + + +echo Building Moon_DB +cd $MOON_HOME/moon_db +python3 setup.py sdist bdist_wheel > /tmp/moon_db.log + +echo Building Moon_Utilities +cd $MOON_HOME/moon_utilities +python3 setup.py sdist bdist_wheel > /tmp/moon_utilities.log diff --git a/tools/bin/build_all_pip.sh b/tools/bin/build_all_pip.sh new file mode 100644 index 00000000..2b415bf0 --- /dev/null +++ b/tools/bin/build_all_pip.sh @@ -0,0 +1,16 @@ +#!/usr/bin/env bash + + +echo Building Moon_DB +cd $MOON_HOME/moon_db +python3 setup.py sdist bdist_wheel> /tmp/moon_db.log + + +echo Building Moon_Utilities +cd $MOON_HOME/moon_utilities +python3 setup.py sdist bdist_wheel> /tmp/moon_utilities.log + + +echo Building Moon_Orchestrator +cd $MOON_HOME/moon_orchestrator +python3 setup.py sdist bdist_wheel> /tmp/moon_orchestrator.log \ No newline at end of file diff --git a/tools/bin/delete_orchestrator.sh b/tools/bin/delete_orchestrator.sh new file mode 100644 index 00000000..95fcfddd --- /dev/null +++ b/tools/bin/delete_orchestrator.sh @@ -0,0 +1,63 @@ +#!/usr/bin/env bash + +set +x + +kubectl delete -n moon -f kubernetes/templates/moon_orchestrator.yaml +for i in $(kubectl get deployments -n moon | grep wrapper | cut -d " " -f 1 | xargs); do + kubectl delete deployments/$i -n moon; +done +for i in $(kubectl get deployments -n moon | grep interface | cut -d " " -f 1 | xargs); do + kubectl delete deployments/$i -n moon; +done +for i in $(kubectl get deployments -n moon | grep authz | cut -d " " -f 1 | xargs); do + kubectl delete deployments/$i -n moon; +done +for i in $(kubectl get services -n moon | grep wrapper | cut -d " " -f 1 | xargs); do + kubectl delete services/$i -n moon; +done +for i in $(kubectl get services -n moon | grep interface | cut -d " " -f 1 | xargs); do + kubectl delete services/$i -n moon; +done +for i in $(kubectl get services -n moon | grep authz | cut -d " " -f 1 | xargs); do + kubectl delete services/$i -n moon; +done + +if [ "$1" = "build" ]; then + + DOCKER_ARGS="" + + cd moon_manager + docker build -t wukongsun/moon_manager:v4.3.1 . ${DOCKER_ARGS} + if [ "$2" = "push" ]; then + docker push wukongsun/moon_manager:v4.3.1 + fi + cd - + + cd moon_orchestrator + docker build -t wukongsun/moon_orchestrator:v4.3 . ${DOCKER_ARGS} + if [ "$2" = "push" ]; then + docker push wukongsun/moon_orchestrator:v4.3 + fi + cd - + + cd moon_interface + docker build -t wukongsun/moon_interface:v4.3 . ${DOCKER_ARGS} + if [ "$2" = "push" ]; then + docker push wukongsun/moon_interface:v4.3 + fi + cd - + + cd moon_authz + docker build -t wukongsun/moon_authz:v4.3 . ${DOCKER_ARGS} + if [ "$2" = "push" ]; then + docker push wukongsun/moon_authz:v4.3 + fi + cd - + + cd moon_wrapper + docker build -t wukongsun/moon_wrapper:v4.3 . ${DOCKER_ARGS} + if [ "$2" = "push" ]; then + docker push wukongsun/moon_wrapper:v4.3 + fi + cd - +fi diff --git a/tools/bin/moon_lib_update.sh b/tools/bin/moon_lib_update.sh new file mode 100644 index 00000000..3925e336 --- /dev/null +++ b/tools/bin/moon_lib_update.sh @@ -0,0 +1,43 @@ +#!/usr/bin/env bash + +# usage: moon_update.sh {build,upload,copy} {python_moondb,python_moonutilities} + +CMD=$1 +COMPONENT=$2 +GPG_ID=$3 + +VERSION=${COMPONENT}-$(grep __version__ ${COMPONENT}/${COMPONENT}/__init__.py | cut -d "\"" -f 2) + +cd ${COMPONENT} + +python3 setup.py sdist bdist_wheel + +if [ "$CMD" = "upload" ]; then + # Instead of "A0A96E75", use your own GPG ID + rm dist/*.asc 2>/dev/null + gpg --detach-sign -u "${GPG_ID}" -a dist/${VERSION}-py3-none-any.whl + gpg --detach-sign -u "${GPG_ID}" -a dist/${VERSION/_/-}.tar.gz + twine upload dist/${VERSION}-py3-none-any.whl dist/${VERSION}-py3-none-any.whl.asc + twine upload dist/${VERSION/_/-}.tar.gz dist/${VERSION/_/-}.tar.gz.asc +fi + +rm -f ../moon_manager/dist/${COMPONENT}* +rm -f ../moon_orchestrator/dist/${COMPONENT}* +rm -f ../moon_wrapper/dist/${COMPONENT}* +rm -f ../moon_interface/dist/${COMPONENT}* +rm -f ../moon_authz/dist/${COMPONENT}* + + +if [ "$CMD" = "copy" ]; then + mkdir -p ../moon_manager/dist/ 2>/dev/null + cp -v dist/${VERSION}-py3-none-any.whl ../moon_manager/dist/ + mkdir -p ../moon_orchestrator/dist/ 2>/dev/null + cp -v dist/${VERSION}-py3-none-any.whl ../moon_orchestrator/dist/ + mkdir -p ../moon_wrapper/dist/ 2>/dev/null + cp -v dist/${VERSION}-py3-none-any.whl ../moon_wrapper/dist/ + mkdir -p ../moon_interface/dist/ 2>/dev/null + cp -v dist/${VERSION}-py3-none-any.whl ../moon_interface/dist/ + mkdir -p ../moon_authz/dist/ 2>/dev/null + cp -v dist/${VERSION}-py3-none-any.whl ../moon_authz/dist/ +fi + diff --git a/tools/bin/set_auth.src b/tools/bin/set_auth.src new file mode 100644 index 00000000..d955e30b --- /dev/null +++ b/tools/bin/set_auth.src @@ -0,0 +1,7 @@ +export OS_USERNAME=admin +export OS_PASSWORD=p4ssw0rd +export OS_REGION_NAME=Orange +export OS_TENANT_NAME=admin +export OS_AUTH_URL=http://keystone:5000/v3 +export OS_DOMAIN_NAME=Default +export MOON_URL=http://172.18.0.11:38001 diff --git a/tools/bin/start.sh b/tools/bin/start.sh new file mode 100755 index 00000000..e95ac393 --- /dev/null +++ b/tools/bin/start.sh @@ -0,0 +1,39 @@ +#!/usr/bin/env bash + +VERSION=4.1 +export DOCKER_HOST=tcp://172.88.88.1:2376 + +echo -e "\033[31mDeleting previous dockers\033[m" +docker rm -f $(docker ps -a | grep moon | cut -d " " -f 1) 2>/dev/null +docker rm -f messenger db keystone consul 2>/dev/null + +echo -e "\033[32mStarting Messenger\033[m" +docker run -dti --net=moon --hostname messenger --name messenger -e RABBITMQ_DEFAULT_USER=moon -e RABBITMQ_DEFAULT_PASS=p4sswOrd1 -e RABBITMQ_NODENAME=rabbit@messenger -e RABBITMQ_DEFAULT_VHOST=moon -e RABBITMQ_HIPE_COMPILE=1 -p 5671:5671 -p 5672:5672 -p 8080:15672 rabbitmq:3-management + +echo -e "\033[32mStarting DB manager\033[m" +docker run -dti --net=moon --hostname db --name db -e MYSQL_ROOT_PASSWORD=p4sswOrd1 -e MYSQL_DATABASE=moon -e MYSQL_USER=moon -e MYSQL_PASSWORD=p4sswOrd1 -p 3306:3306 mysql:latest + +docker run -d --net=moon --name=consul --hostname=consul -p 8500:8500 consul + +echo "waiting for Database (it may takes time)..." +echo -e "\033[35m" +sed '/ready for connections/q' <(docker logs db -f) +echo -e "\033[m" + +echo "waiting for Messenger (it may takes time)..." +echo -e "\033[35m" +sed '/Server startup complete;/q' <(docker logs messenger -f) +echo -e "\033[m" + +docker run -dti --net moon --hostname keystone --name keystone -e DB_HOST=db -e DB_PASSWORD_ROOT=p4sswOrd1 -p 35357:35357 -p 5000:5000 keystone:mitaka + +echo -e "\033[32mConfiguring Moon platform\033[m" +sudo pip install moon_db +moon_db_manager upgrade + +cd ${MOON_HOME}/moon_orchestrator +python3 populate_consul.py + +echo -e "\033[32mStarting Moon platform\033[m" + +docker container run -dti --net moon --hostname orchestrator --name orchestrator wukongsun/moon_orchestrator:${VERSION} diff --git a/tools/moon/moon.conf b/tools/moon/moon.conf new file mode 100644 index 00000000..a5a40ad2 --- /dev/null +++ b/tools/moon/moon.conf @@ -0,0 +1,87 @@ +database: + url: mysql+pymysql://moon:p4sswOrd1@db/moon + driver: sql + +openstack: + keystone: + url: http://keystone:5000/v3 + user: admin + password: p4ssw0rd + domain: default + project: admin + check_token: false + certificate: false + external: + url: http://keystone:30006/v3 + +plugins: + authz: + container: wukongsun/moon_authz:v4.3 + port: 8081 + session: + container: asteroide/session:latest + port: 8082 + +components: + interface: + port: 8080 + bind: 0.0.0.0 + hostname: interface + container: wukongsun/moon_interface:v4.3 + orchestrator: + port: 8083 + bind: 0.0.0.0 + hostname: orchestrator + container: wukongsun/moon_orchestrator:v4.3 + external: + port: 30003 + hostname: orchestrator + wrapper: + port: 8080 + bind: 0.0.0.0 + hostname: wrapper + container: wukongsun/moon_wrapper:v4.3.1 + timeout: 5 + manager: + port: 8082 + bind: 0.0.0.0 + hostname: manager + container: wukongsun/moon_manager:v4.3.1 + external: + port: 30001 + hostname: manager + port_start: 31001 + +logging: + version: 1 + + formatters: + brief: + format: "%(levelname)s %(name)s %(message)-30s" + custom: + format: "%(asctime)-15s %(levelname)s %(name)s %(message)s" + + handlers: + console: + class : logging.StreamHandler + formatter: brief + level : INFO + stream : ext://sys.stdout + file: + class : logging.handlers.RotatingFileHandler + formatter: custom + level : DEBUG + filename: /tmp/moon.log + maxBytes: 1048576 + backupCount: 3 + + loggers: + moon: + level: DEBUG + handlers: [console, file] + propagate: no + + root: + level: ERROR + handlers: [console] + diff --git a/tools/moon_keystone/Dockerfile b/tools/moon_keystone/Dockerfile new file mode 100644 index 00000000..2a43bd92 --- /dev/null +++ b/tools/moon_keystone/Dockerfile @@ -0,0 +1,25 @@ +FROM ubuntu:zesty + +ENV ADMIN_TOKEN=p4ssw0rd +ENV ADMIN_PASSWORD=p4ssw0rd +ENV DB_CONNECTION="mysql+pymysql" +ENV DB_DRIVER=sql +ENV DB_HOST=localhost +ENV DB_DATABASE=keystonedb +ENV DB_USER=keystone +ENV DB_PASSWORD=p4ssw0rd +ENV DB_USER_ROOT=root +ENV DB_PASSWORD_ROOT=p4sswOrd1 +ENV RABBIT_NODE=server +ENV INTERFACE_HOST="http://localhost:3001" + +RUN apt update && apt install apache2 rabbitmq-server keystone python-openstackclient libapache2-mod-wsgi mysql-client -y + +# RUN apt update && apt install iputils-ping net-tools -y + +ADD run.sh /root + +EXPOSE 35357 +EXPOSE 5000 + +CMD ["/bin/bash", "/root/run.sh"] \ No newline at end of file diff --git a/tools/moon_keystone/README.md b/tools/moon_keystone/README.md new file mode 100644 index 00000000..7027324e --- /dev/null +++ b/tools/moon_keystone/README.md @@ -0,0 +1,26 @@ +# Keystone container + +## build keystone image + +without proxy: +```bash +docker build -t keystone:mitaka . +``` + +with a proxy: +```bash +docker build --build-arg https_proxy=http://proxy:3128 --build-arg http_proxy=http://proxy:3128 -t keystone:mitaka . +``` + + +### access to the container +```bash +docker container exec -ti keystone /bin/bash +export OS_USERNAME=admin +export OS_PASSWORD=p4ssw0rd +export OS_REGION_NAME=Orange +export OS_TENANT_NAME=admin +export OS_AUTH_URL=http://localhost:5000/v3 +export OS_DOMAIN_NAME=Default +openstack project list +``` \ No newline at end of file diff --git a/tools/moon_keystone/run.sh b/tools/moon_keystone/run.sh new file mode 100644 index 00000000..2a61901e --- /dev/null +++ b/tools/moon_keystone/run.sh @@ -0,0 +1,81 @@ +#!/usr/bin/env bash + +MY_HOSTNAME=localhost + +echo DB_HOST=$DB_HOST +echo DB_DATABASE=$DB_DATABASE +echo RABBIT_NODE=$RABBIT_NODE +echo RABBIT_NODE=$[RABBIT_NODE] +echo INTERFACE_HOST=$INTERFACE_HOST + +sed "s/#admin_token = /admin_token=$ADMIN_TOKEN/g" -i /etc/keystone/keystone.conf +sed "s/#connection = /connection = $DB_CONNECTION:\/\/$DB_USER:$DB_PASSWORD@$DB_HOST\/$DB_DATABASE/g" -i /etc/keystone/keystone.conf + +cat << EOF | tee -a /etc/keystone/keystone.conf +[cors] +allowed_origin = $INTERFACE_HOST +max_age = 3600 +allow_methods = POST,GET,DELETE +EOF + +until echo status | mysql -h${DB_HOST} -u${DB_USER_ROOT} -p${DB_PASSWORD_ROOT}; do + >&2 echo "MySQL is unavailable - sleeping" + sleep 1 +done + +>&2 echo "Mysql is up - executing command" + +mysql -h $DB_HOST -u$DB_USER_ROOT -p$DB_PASSWORD_ROOT </etc/apt/sources.list.d/kubernetes.list +deb http://apt.kubernetes.io/ kubernetes-xenial main +EOF +apt-get update +apt-get install -y kubelet kubeadm kubectl +``` + +## Moon Deployment +### Creation +Execute the script : `init_k8s.sh` +```bash +sudo bash init_k8s.sh +watch kubectl get po --namespace=kube-system +``` + +Wait until all the kubeadm containers are in the `running` state: +```bash +watch kubectl get po --namespace=kube-system +``` + +You must see something like this: + + $ kubectl get po --namespace=kube-system + NAME READY STATUS RESTARTS AGE + calico-etcd-7qgjb 1/1 Running 0 1h + calico-node-f8zvm 2/2 Running 1 1h + calico-policy-controller-59fc4f7888-ns9kv 1/1 Running 0 1h + etcd-varuna 1/1 Running 0 1h + kube-apiserver-varuna 1/1 Running 0 1h + kube-controller-manager-varuna 1/1 Running 0 1h + kube-dns-bfbb49cd7-rgqxn 3/3 Running 0 1h + kube-proxy-x88wg 1/1 Running 0 1h + kube-scheduler-varuna 1/1 Running 0 1h + + +### Execution +Execute the script : `start_moon.sh` +```bash +sudo bash start_moon.sh +watch kubectl get po --namespace=moon +``` + +Wait until all the Moon containers are in the `running` state: +```bash +watch kubectl get po --namespace=moon +``` + +You must see something like this: + + $ kubectl get po --namespace=moon + NAME READY STATUS RESTARTS AGE + consul-57b6d66975-9qnfx 1/1 Running 0 52m + db-867f9c6666-bq8cf 1/1 Running 0 52m + gui-bc9878b58-q288x 1/1 Running 0 51m + keystone-7d9cdbb69f-bl6ln 1/1 Running 0 52m + manager-5bfbb96988-2nvhd 1/1 Running 0 51m + manager-5bfbb96988-fg8vj 1/1 Running 0 51m + manager-5bfbb96988-w9wnk 1/1 Running 0 51m + orchestrator-65d8fb4574-tnfx2 1/1 Running 0 51m + wrapper-astonishing-748b7dcc4f-ngsvp 1/1 Running 0 51m \ No newline at end of file diff --git a/tools/moon_kubernetes/conf/password_moon.txt b/tools/moon_kubernetes/conf/password_moon.txt new file mode 100644 index 00000000..bb9bcf7d --- /dev/null +++ b/tools/moon_kubernetes/conf/password_moon.txt @@ -0,0 +1 @@ +p4sswOrd1 \ No newline at end of file diff --git a/tools/moon_kubernetes/conf/password_root.txt b/tools/moon_kubernetes/conf/password_root.txt new file mode 100644 index 00000000..bb9bcf7d --- /dev/null +++ b/tools/moon_kubernetes/conf/password_root.txt @@ -0,0 +1 @@ +p4sswOrd1 \ No newline at end of file diff --git a/tools/moon_kubernetes/conf/ports.conf b/tools/moon_kubernetes/conf/ports.conf new file mode 100644 index 00000000..487945c0 --- /dev/null +++ b/tools/moon_kubernetes/conf/ports.conf @@ -0,0 +1,24 @@ +manager: + port: 8082 + kport: 30001 +gui: + port: 3000 + kport: 30002 +orchestrator: + port: 8083 + kport: 30003 + +consul: + port: 8500 + kport: 30005 +keystone: + port: 5000 + kport: 30006 + +wrapper: + port: 8080 + kport: 30010 +interface: + port: 8080 +authz: + port: 8081 diff --git a/tools/moon_kubernetes/init_k8s.sh b/tools/moon_kubernetes/init_k8s.sh new file mode 100644 index 00000000..6eb94e78 --- /dev/null +++ b/tools/moon_kubernetes/init_k8s.sh @@ -0,0 +1,33 @@ +#!/usr/bin/env bash + +set -x + +sudo kubeadm reset + +sudo swapoff -a + +sudo kubeadm init --pod-network-cidr=192.168.0.0/16 +#sudo kubeadm init --pod-network-cidr=10.244.0.0/16 + +mkdir -p $HOME/.kube +sudo cp -f /etc/kubernetes/admin.conf $HOME/.kube/config +sudo chown $(id -u):$(id -g) $HOME/.kube/config + +kubectl apply -f http://docs.projectcalico.org/v2.4/getting-started/kubernetes/installation/hosted/kubeadm/1.6/calico.yaml +#kubectl apply -f https://raw.githubusercontent.com/projectcalico/canal/master/k8s-install/1.6/rbac.yaml +#kubectl apply -f https://raw.githubusercontent.com/projectcalico/canal/master/k8s-install/1.6/canal.yaml + +#kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml + +kubectl delete deployment kube-dns --namespace=kube-system +kubectl apply -f kubernetes/templates/kube-dns.yaml + +kubectl taint nodes --all node-role.kubernetes.io/master- + +kubectl proxy& +sleep 5 +echo ========================================= +kubectl get po --namespace=kube-system +echo ========================================= + + diff --git a/tools/moon_kubernetes/start_moon.sh b/tools/moon_kubernetes/start_moon.sh new file mode 100644 index 00000000..8121e319 --- /dev/null +++ b/tools/moon_kubernetes/start_moon.sh @@ -0,0 +1,37 @@ +#!/usr/bin/env bash + +set -x + +kubectl create namespace moon +kubectl create configmap moon-config --from-file conf/moon.conf -n moon +kubectl create configmap config --from-file ~/.kube/config -n moon +kubectl create secret generic mysql-root-pass --from-file=kubernetes/conf/password_root.txt -n moon +kubectl create secret generic mysql-pass --from-file=kubernetes/conf/password_moon.txt -n moon + +kubectl create -n moon -f kubernetes/templates/consul.yaml +kubectl create -n moon -f kubernetes/templates/db.yaml +kubectl create -n moon -f kubernetes/templates/keystone.yaml + +echo ========================================= +kubectl get pods -n moon +echo ========================================= + +sleep 10 +kubectl create -n moon -f kubernetes/templates/moon_configuration.yaml + +echo Waiting for jobs moonforming +sleep 5 +kubectl get jobs -n moon +kubectl logs -n moon jobs/moonforming + +sleep 5 + +kubectl create -n moon -f kubernetes/templates/moon_manager.yaml + +sleep 2 + +kubectl create -n moon -f kubernetes/templates/moon_orchestrator.yaml + +kubectl create -n moon -f kubernetes/templates/moon_gui.yaml + + diff --git a/tools/moon_kubernetes/templates/consul.yaml b/tools/moon_kubernetes/templates/consul.yaml new file mode 100644 index 00000000..f0fb764e --- /dev/null +++ b/tools/moon_kubernetes/templates/consul.yaml @@ -0,0 +1,33 @@ +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + namespace: moon + name: consul +spec: + replicas: 1 + template: + metadata: + labels: + app: consul + spec: + hostname: consul + containers: + - name: consul + image: consul:latest + ports: + - containerPort: 8500 +--- + +apiVersion: v1 +kind: Service +metadata: + name: consul + namespace: moon +spec: + ports: + - port: 8500 + targetPort: 8500 + nodePort: 30005 + selector: + app: consul + type: NodePort diff --git a/tools/moon_kubernetes/templates/db.yaml b/tools/moon_kubernetes/templates/db.yaml new file mode 100644 index 00000000..38418643 --- /dev/null +++ b/tools/moon_kubernetes/templates/db.yaml @@ -0,0 +1,84 @@ +#apiVersion: v1 +#kind: PersistentVolume +#metadata: +# name: local-pv-1 +# labels: +# type: local +#spec: +# capacity: +# storage: 5Gi +# accessModes: +# - ReadWriteOnce +# hostPath: +# path: /tmp/data/pv-1 +#--- +# +#apiVersion: v1 +#kind: PersistentVolumeClaim +#metadata: +# name: mysql-pv-claim +# labels: +# platform: moon +# app: db +#spec: +# accessModes: +# - ReadWriteOnce +# resources: +# requests: +# storage: 5Gi +#--- + +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + namespace: moon + name: db +spec: + replicas: 1 + strategy: + type: Recreate + template: + metadata: + labels: + app: db + spec: + containers: + - name: db + image: mysql:latest + env: + - name: MYSQL_DATABASE + value: "moon" + - name: MYSQL_USER + value: "moon" + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: mysql-pass + key: password_moon.txt + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: mysql-root-pass + key: password_root.txt + ports: + - containerPort: 3306 + name: mysql +# volumeMounts: +# - name: mysql-persistent-storage +# mountPath: /var/lib/mysql +# volumes: +# - name: mysql-persistent-storage +# persistentVolumeClaim: +# claimName: mysql-pv-claim +--- +apiVersion: v1 +kind: Service +metadata: + namespace: moon + name: db +spec: + ports: + - port: 3306 + selector: + app: db +--- \ No newline at end of file diff --git a/tools/moon_kubernetes/templates/keystone.yaml b/tools/moon_kubernetes/templates/keystone.yaml new file mode 100644 index 00000000..e4218e4c --- /dev/null +++ b/tools/moon_kubernetes/templates/keystone.yaml @@ -0,0 +1,39 @@ +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + namespace: moon + name: keystone +spec: + replicas: 1 + template: + metadata: + labels: + app: keystone + spec: + hostname: keystone + containers: + - name: keystone + image: asteroide/keystone:pike-cors + env: + - name: KEYSTONE_HOSTNAME + value: "127.0.0.1" + - name: KEYSTONE_PORT + value: "30006" + ports: + - containerPort: 35357 + containerPort: 5000 +--- + +apiVersion: v1 +kind: Service +metadata: + name: keystone + namespace: moon +spec: + ports: + - port: 5000 + targetPort: 5000 + nodePort: 30006 + selector: + app: keystone + type: NodePort diff --git a/tools/moon_kubernetes/templates/kube-dns.yaml b/tools/moon_kubernetes/templates/kube-dns.yaml new file mode 100644 index 00000000..c8f18fd8 --- /dev/null +++ b/tools/moon_kubernetes/templates/kube-dns.yaml @@ -0,0 +1,183 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + annotations: + deployment.kubernetes.io/revision: "2" + kubectl.kubernetes.io/last-applied-configuration: | + {"apiVersion":"extensions/v1beta1","kind":"Deployment","metadata":{"annotations":{"deployment.kubernetes.io/revision":"1"},"creationTimestamp":"2017-10-30T09:03:59Z","generation":1,"labels":{"k8s-app":"kube-dns"},"name":"kube-dns","namespace":"kube-system","resourceVersion":"556","selfLink":"/apis/extensions/v1beta1/namespaces/kube-system/deployments/kube-dns","uid":"4433b709-bd51-11e7-a055-80fa5b15034a"},"spec":{"replicas":1,"selector":{"matchLabels":{"k8s-app":"kube-dns"}},"strategy":{"rollingUpdate":{"maxSurge":"10%","maxUnavailable":0},"type":"RollingUpdate"},"template":{"metadata":{"creationTimestamp":null,"labels":{"k8s-app":"kube-dns"}},"spec":{"affinity":{"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"beta.kubernetes.io/arch","operator":"In","values":["amd64"]}]}]}}},"containers":[{"args":["--domain=cluster.local.","--dns-port=10053","--config-dir=/kube-dns-config","--v=2"],"env":[{"name":"PROMETHEUS_PORT","value":"10055"}],"image":"gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.5","imagePullPolicy":"IfNotPresent","livenessProbe":{"failureThreshold":5,"httpGet":{"path":"/healthcheck/kubedns","port":10054,"scheme":"HTTP"},"initialDelaySeconds":60,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":5},"name":"kubedns","ports":[{"containerPort":10053,"name":"dns-local","protocol":"UDP"},{"containerPort":10053,"name":"dns-tcp-local","protocol":"TCP"},{"containerPort":10055,"name":"metrics","protocol":"TCP"}],"readinessProbe":{"failureThreshold":3,"httpGet":{"path":"/readiness","port":8081,"scheme":"HTTP"},"initialDelaySeconds":3,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":5},"resources":{"limits":{"memory":"170Mi"},"requests":{"cpu":"100m","memory":"70Mi"}},"terminationMessagePath":"/dev/termination-log","terminationMessagePolicy":"File","volumeMounts":[{"mountPath":"/kube-dns-config","name":"kube-dns-config"}]},{"args":["-v=2","-logtostderr","-configDir=/etc/k8s/dns/dnsmasq-nanny","-restartDnsmasq=true","--","-k","--cache-size=1000","--log-facility=-","--server=/cluster.local/127.0.0.1#10053","--server=/in-addr.arpa/127.0.0.1#10053","--server=/ip6.arpa/127.0.0.1#10053","--server=8.8.8.8"],"image":"gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.5","imagePullPolicy":"IfNotPresent","livenessProbe":{"failureThreshold":5,"httpGet":{"path":"/healthcheck/dnsmasq","port":10054,"scheme":"HTTP"},"initialDelaySeconds":60,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":5},"name":"dnsmasq","ports":[{"containerPort":53,"name":"dns","protocol":"UDP"},{"containerPort":53,"name":"dns-tcp","protocol":"TCP"}],"resources":{"requests":{"cpu":"150m","memory":"20Mi"}},"terminationMessagePath":"/dev/termination-log","terminationMessagePolicy":"File","volumeMounts":[{"mountPath":"/etc/k8s/dns/dnsmasq-nanny","name":"kube-dns-config"}]},{"args":["--v=2","--logtostderr","--probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.cluster.local,5,A","--probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.cluster.local,5,A"],"image":"gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.5","imagePullPolicy":"IfNotPresent","livenessProbe":{"failureThreshold":5,"httpGet":{"path":"/metrics","port":10054,"scheme":"HTTP"},"initialDelaySeconds":60,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":5},"name":"sidecar","ports":[{"containerPort":10054,"name":"metrics","protocol":"TCP"}],"resources":{"requests":{"cpu":"10m","memory":"20Mi"}},"terminationMessagePath":"/dev/termination-log","terminationMessagePolicy":"File"}],"dnsPolicy":"Default","restartPolicy":"Always","schedulerName":"default-scheduler","securityContext":{},"serviceAccount":"kube-dns","serviceAccountName":"kube-dns","terminationGracePeriodSeconds":30,"tolerations":[{"key":"CriticalAddonsOnly","operator":"Exists"},{"effect":"NoSchedule","key":"node-role.kubernetes.io/master"}],"volumes":[{"configMap":{"defaultMode":420,"name":"kube-dns","optional":true},"name":"kube-dns-config"}]}}},"status":{"availableReplicas":1,"conditions":[{"lastTransitionTime":"2017-10-30T09:05:11Z","lastUpdateTime":"2017-10-30T09:05:11Z","message":"Deployment has minimum availability.","reason":"MinimumReplicasAvailable","status":"True","type":"Available"}],"observedGeneration":1,"readyReplicas":1,"replicas":1,"updatedReplicas":1}} + creationTimestamp: 2017-10-30T09:03:59Z + generation: 2 + labels: + k8s-app: kube-dns + name: kube-dns + namespace: kube-system + resourceVersion: "300076" + selfLink: /apis/extensions/v1beta1/namespaces/kube-system/deployments/kube-dns + uid: 4433b709-bd51-11e7-a055-80fa5b15034a +spec: + replicas: 1 + selector: + matchLabels: + k8s-app: kube-dns + strategy: + rollingUpdate: + maxSurge: 10% + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + creationTimestamp: null + labels: + k8s-app: kube-dns + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + containers: + - args: + - --domain=cluster.local. + - --dns-port=10053 + - --config-dir=/kube-dns-config + - --v=2 + env: + - name: PROMETHEUS_PORT + value: "10055" + image: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.5 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthcheck/kubedns + port: 10054 + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: kubedns + ports: + - containerPort: 10053 + name: dns-local + protocol: UDP + - containerPort: 10053 + name: dns-tcp-local + protocol: TCP + - containerPort: 10055 + name: metrics + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readiness + port: 8081 + scheme: HTTP + initialDelaySeconds: 3 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: + limits: + memory: 340Mi + requests: + cpu: 200m + memory: 140Mi + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /kube-dns-config + name: kube-dns-config + - args: + - -v=2 + - -logtostderr + - -configDir=/etc/k8s/dns/dnsmasq-nanny + - -restartDnsmasq=true + - -- + - -k + - --dns-forward-max=300 + - --cache-size=1000 + - --log-facility=- + - --server=/cluster.local/127.0.0.1#10053 + - --server=/in-addr.arpa/127.0.0.1#10053 + - --server=/ip6.arpa/127.0.0.1#10053 + - --server=8.8.8.8 + image: gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.5 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthcheck/dnsmasq + port: 10054 + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: dnsmasq + ports: + - containerPort: 53 + name: dns + protocol: UDP + - containerPort: 53 + name: dns-tcp + protocol: TCP + resources: + requests: + cpu: 150m + memory: 20Mi + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /etc/k8s/dns/dnsmasq-nanny + name: kube-dns-config + - args: + - --v=2 + - --logtostderr + - --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.cluster.local,5,A + - --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.cluster.local,5,A + image: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.5 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 5 + httpGet: + path: /metrics + port: 10054 + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: sidecar + ports: + - containerPort: 10054 + name: metrics + protocol: TCP + resources: + requests: + cpu: 10m + memory: 20Mi + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: Default + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: kube-dns + serviceAccountName: kube-dns + terminationGracePeriodSeconds: 30 + tolerations: + - key: CriticalAddonsOnly + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/master + volumes: + - configMap: + defaultMode: 420 + name: kube-dns + optional: true + name: kube-dns-config diff --git a/tools/moon_kubernetes/templates/moon_configuration.yaml b/tools/moon_kubernetes/templates/moon_configuration.yaml new file mode 100644 index 00000000..3bcaa533 --- /dev/null +++ b/tools/moon_kubernetes/templates/moon_configuration.yaml @@ -0,0 +1,25 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: moonforming + namespace: moon +spec: + template: + metadata: + name: moonforming + spec: + containers: + - name: moonforming + image: asteroide/moonforming:v1.3 + env: + - name: POPULATE_ARGS + value: "--verbose" # debug mode: --debug + volumeMounts: + - name: config-volume + mountPath: /etc/moon + volumes: + - name: config-volume + configMap: + name: moon-config + restartPolicy: Never + #backoffLimit: 4 \ No newline at end of file diff --git a/tools/moon_kubernetes/templates/moon_gui.yaml b/tools/moon_kubernetes/templates/moon_gui.yaml new file mode 100644 index 00000000..2d355216 --- /dev/null +++ b/tools/moon_kubernetes/templates/moon_gui.yaml @@ -0,0 +1,42 @@ +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + namespace: moon + name: gui +spec: + replicas: 1 + template: + metadata: + labels: + app: gui + spec: + hostname: gui + containers: + - name: gui + image: wukongsun/moon_gui:v4.3.1 + env: + - name: MANAGER_HOST + value: "127.0.0.1" + - name: MANAGER_PORT + value: "30001" + - name: KEYSTONE_HOST + value: "127.0.0.1" + - name: KEYSTONE_PORT + value: "30006" + ports: + - containerPort: 80 +--- + +apiVersion: v1 +kind: Service +metadata: + name: gui + namespace: moon +spec: + ports: + - port: 80 + targetPort: 80 + nodePort: 30002 + selector: + app: gui + type: NodePort diff --git a/tools/moon_kubernetes/templates/moon_manager.yaml b/tools/moon_kubernetes/templates/moon_manager.yaml new file mode 100644 index 00000000..9d4a09a8 --- /dev/null +++ b/tools/moon_kubernetes/templates/moon_manager.yaml @@ -0,0 +1,33 @@ +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + name: manager + namespace: moon +spec: + replicas: 3 + template: + metadata: + labels: + app: manager + spec: + hostname: manager + containers: + - name: manager + image: wukongsun/moon_manager:v4.3.1 + ports: + - containerPort: 8082 +--- + +apiVersion: v1 +kind: Service +metadata: + name: manager + namespace: moon +spec: + ports: + - port: 8082 + targetPort: 8082 + nodePort: 30001 + selector: + app: manager + type: NodePort diff --git a/tools/moon_kubernetes/templates/moon_orchestrator.yaml b/tools/moon_kubernetes/templates/moon_orchestrator.yaml new file mode 100644 index 00000000..419f2d52 --- /dev/null +++ b/tools/moon_kubernetes/templates/moon_orchestrator.yaml @@ -0,0 +1,40 @@ +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + namespace: moon + name: orchestrator +spec: + replicas: 1 + template: + metadata: + labels: + app: orchestrator + spec: + hostname: orchestrator + containers: + - name: orchestrator + image: wukongsun/moon_orchestrator:v4.3 + ports: + - containerPort: 8083 + volumeMounts: + - name: config-volume + mountPath: /root/.kube + volumes: + - name: config-volume + configMap: + name: config +--- + +apiVersion: v1 +kind: Service +metadata: + name: orchestrator + namespace: moon +spec: + ports: + - port: 8083 + targetPort: 8083 + nodePort: 30003 + selector: + app: orchestrator + type: NodePort diff --git a/tools/openstack/README.md b/tools/openstack/README.md new file mode 100644 index 00000000..8b5d06e5 --- /dev/null +++ b/tools/openstack/README.md @@ -0,0 +1,73 @@ +# OpenStack +## Installation +For the *Moon* platform, you must have the following OpenStack components installed somewhere: +- *Nova*, see [Nova install](https://docs.openstack.org/mitaka/install-guide-ubuntu/nova-controller-install.html) +- *Glance*, see [Glance install](https://docs.openstack.org/glance/pike/install/) +- *Keystone* is automatically installed and configured in the Moon platform. +After the Moon platform installation, the Keystone server will be available +at: `http://localhost:30005 or http://\:30005` + +You can also use your own Keystone server if you want. + +## Configuration +Before updating the configuration of the OpenStack platform, check that the platform +is working without Moon, use the following commands: +```bash +# set authentication +openstack endpoint list +openstack user list +openstack server list +``` + +In order to connect the OpenStack platform with the Moon platform, you must update some +configuration files in Nova and Glance: +- `/etc/nova/policy.json` +- `/etc/glance/policy.json` + +In some installed platform, the `/etc/nova/policy.json` can be absent so you have +to create one. You can find example files in those directory: +- `${MOON}/tools/openstack/nova/policy.json` +- `${MOON}/tools/openstack/glance/policy.json` + +Each line is mapped to an OpenStack API interface, for example, the following line +allows the user to get details for every virtual machines in the cloud +(the corresponding shell command is `openstack server list`): + + "os_compute_api:servers:detail": "", + +This lines indicates that there is no special authorisation to use this API, +every users can use it. If you want that the Moon platform handles that authorisation, +update this line with: + + "os_compute_api:servers:detail": "http://my_hostname:31001/authz" + +1) by replacing `my_hostname` with the hostname (or the IP address) of the Moon platform. +2) by updating the TCP port (default: 31001) with the good one. + +To find this TCP port, use the following command: + + $ kubectl get services -n moon | grep wrapper | cut -d ":" -f 2 | cut -d " " -f 1 + 31002/TCP + +## Tests +Here is a shell script to authenticate to the OpenStack platform as `admin`: +```bash +export OS_USERNAME=admin +export OS_PASSWORD=p4ssw0rd +export OS_REGION_NAME=Orange +export OS_TENANT_NAME=admin +export OS_AUTH_URL=http://moon_hostname:30006/v3 +export OS_DOMAIN_NAME=Default +export OS_IDENTITY_API_VERSION=3 +``` + +For the `demo_user`, use: +```bash +export OS_USERNAME=demo_user +export OS_PASSWORD=your_secret_password +export OS_REGION_NAME=Orange +export OS_TENANT_NAME=demo +export OS_AUTH_URL=http://moon_hostname:30006/v3 +export OS_DOMAIN_NAME=Default +export OS_IDENTITY_API_VERSION=3 +``` diff --git a/tools/openstack/glance/policy.json b/tools/openstack/glance/policy.json new file mode 100644 index 00000000..5505f67f --- /dev/null +++ b/tools/openstack/glance/policy.json @@ -0,0 +1,62 @@ +{ + "context_is_admin": "role:admin", + "default": "role:admin", + + "add_image": "http://my_hostname:31001/authz", + "delete_image": "http://my_hostname:31001/authz", + "get_image": "http://my_hostname:31001/authz", + "get_images": "http://my_hostname:31001/authz", + "modify_image": "http://my_hostname:31001/authz", + "publicize_image": "role:admin", + "communitize_image": "", + "copy_from": "", + + "download_image": "", + "upload_image": "", + + "delete_image_location": "", + "get_image_location": "", + "set_image_location": "", + + "add_member": "", + "delete_member": "", + "get_member": "", + "get_members": "", + "modify_member": "", + + "manage_image_cache": "role:admin", + + "get_task": "role:admin", + "get_tasks": "role:admin", + "add_task": "role:admin", + "modify_task": "role:admin", + + "deactivate": "", + "reactivate": "", + + "get_metadef_namespace": "", + "get_metadef_namespaces":"", + "modify_metadef_namespace":"", + "add_metadef_namespace":"", + + "get_metadef_object":"", + "get_metadef_objects":"", + "modify_metadef_object":"", + "add_metadef_object":"", + + "list_metadef_resource_types":"", + "get_metadef_resource_type":"", + "add_metadef_resource_type_association":"", + + "get_metadef_property":"", + "get_metadef_properties":"", + "modify_metadef_property":"", + "add_metadef_property":"", + + "get_metadef_tag":"", + "get_metadef_tags":"", + "modify_metadef_tag":"", + "add_metadef_tag":"", + "add_metadef_tags":"" + +} diff --git a/tools/openstack/nova/policy.json b/tools/openstack/nova/policy.json new file mode 100644 index 00000000..29763ce3 --- /dev/null +++ b/tools/openstack/nova/policy.json @@ -0,0 +1,488 @@ +{ + "context_is_admin": "role:admin", + "admin_or_owner": "is_admin:True or project_id:%(project_id)s", + "default": "rule:admin_or_owner", + + "cells_scheduler_filter:TargetCellFilter": "is_admin:True", + + "compute:create": "http://my_hostname:31001/authz", + "compute:create:attach_network": "", + "compute:create:attach_volume": "", + "compute:create:forced_host": "is_admin:True", + + "compute:get": "http://my_hostname:31001/authz", + "compute:get_all": "http://my_hostname:31001/authz", + "compute:get_all_tenants": "is_admin:True", + + "compute:update": "", + + "compute:get_instance_metadata": "", + "compute:get_all_instance_metadata": "", + "compute:get_all_instance_system_metadata": "", + "compute:update_instance_metadata": "", + "compute:delete_instance_metadata": "", + + "compute:get_instance_faults": "", + "compute:get_diagnostics": "", + "compute:get_instance_diagnostics": "", + + "compute:start": "rule:admin_or_owner", + "compute:stop": "rule:admin_or_owner", + + "compute:get_lock": "", + "compute:lock": "rule:admin_or_owner", + "compute:unlock": "rule:admin_or_owner", + "compute:unlock_override": "rule:admin_api", + + "compute:get_vnc_console": "", + "compute:get_spice_console": "", + "compute:get_rdp_console": "", + "compute:get_serial_console": "", + "compute:get_mks_console": "", + "compute:get_console_output": "", + + "compute:reset_network": "", + "compute:inject_network_info": "", + "compute:add_fixed_ip": "", + "compute:remove_fixed_ip": "", + + "compute:attach_volume": "", + "compute:detach_volume": "", + "compute:swap_volume": "", + + "compute:attach_interface": "", + "compute:detach_interface": "", + + "compute:set_admin_password": "", + + "compute:rescue": "", + "compute:unrescue": "", + + "compute:suspend": "", + "compute:resume": "", + + "compute:pause": "", + "compute:unpause": "", + + "compute:shelve": "", + "compute:shelve_offload": "", + "compute:unshelve": "", + + "compute:snapshot": "", + "compute:snapshot_volume_backed": "", + "compute:backup": "", + + "compute:resize": "", + "compute:confirm_resize": "", + "compute:revert_resize": "", + + "compute:rebuild": "", + "compute:reboot": "", + "compute:delete": "rule:admin_or_owner", + "compute:soft_delete": "rule:admin_or_owner", + "compute:force_delete": "rule:admin_or_owner", + + "compute:security_groups:add_to_instance": "", + "compute:security_groups:remove_from_instance": "", + + "compute:delete": "", + "compute:soft_delete": "", + "compute:force_delete": "", + "compute:restore": "", + + "compute:volume_snapshot_create": "", + "compute:volume_snapshot_delete": "", + + "admin_api": "is_admin:True", + "compute_extension:accounts": "rule:admin_api", + "compute_extension:admin_actions": "rule:admin_api", + "compute_extension:admin_actions:pause": "rule:admin_or_owner", + "compute_extension:admin_actions:unpause": "rule:admin_or_owner", + "compute_extension:admin_actions:suspend": "rule:admin_or_owner", + "compute_extension:admin_actions:resume": "rule:admin_or_owner", + "compute_extension:admin_actions:lock": "rule:admin_or_owner", + "compute_extension:admin_actions:unlock": "rule:admin_or_owner", + "compute_extension:admin_actions:resetNetwork": "rule:admin_api", + "compute_extension:admin_actions:injectNetworkInfo": "rule:admin_api", + "compute_extension:admin_actions:createBackup": "rule:admin_or_owner", + "compute_extension:admin_actions:migrateLive": "rule:admin_api", + "compute_extension:admin_actions:resetState": "rule:admin_api", + "compute_extension:admin_actions:migrate": "rule:admin_api", + "compute_extension:aggregates": "rule:admin_api", + "compute_extension:agents": "rule:admin_api", + "compute_extension:attach_interfaces": "", + "compute_extension:baremetal_nodes": "rule:admin_api", + "compute_extension:cells": "rule:admin_api", + "compute_extension:cells:create": "rule:admin_api", + "compute_extension:cells:delete": "rule:admin_api", + "compute_extension:cells:update": "rule:admin_api", + "compute_extension:cells:sync_instances": "rule:admin_api", + "compute_extension:certificates": "", + "compute_extension:cloudpipe": "rule:admin_api", + "compute_extension:cloudpipe_update": "rule:admin_api", + "compute_extension:config_drive": "", + "compute_extension:console_output": "", + "compute_extension:consoles": "", + "compute_extension:createserverext": "", + "compute_extension:deferred_delete": "", + "compute_extension:disk_config": "", + "compute_extension:evacuate": "rule:admin_api", + "compute_extension:extended_server_attributes": "rule:admin_api", + "compute_extension:extended_status": "", + "compute_extension:extended_availability_zone": "", + "compute_extension:extended_ips": "", + "compute_extension:extended_ips_mac": "", + "compute_extension:extended_vif_net": "", + "compute_extension:extended_volumes": "", + "compute_extension:fixed_ips": "rule:admin_api", + "compute_extension:flavor_access": "", + "compute_extension:flavor_access:addTenantAccess": "rule:admin_api", + "compute_extension:flavor_access:removeTenantAccess": "rule:admin_api", + "compute_extension:flavor_disabled": "", + "compute_extension:flavor_rxtx": "", + "compute_extension:flavor_swap": "", + "compute_extension:flavorextradata": "", + "compute_extension:flavorextraspecs:index": "", + "compute_extension:flavorextraspecs:show": "", + "compute_extension:flavorextraspecs:create": "rule:admin_api", + "compute_extension:flavorextraspecs:update": "rule:admin_api", + "compute_extension:flavorextraspecs:delete": "rule:admin_api", + "compute_extension:flavormanage": "rule:admin_api", + "compute_extension:floating_ip_dns": "", + "compute_extension:floating_ip_pools": "", + "compute_extension:floating_ips": "", + "compute_extension:floating_ips_bulk": "rule:admin_api", + "compute_extension:fping": "", + "compute_extension:fping:all_tenants": "rule:admin_api", + "compute_extension:hide_server_addresses": "is_admin:False", + "compute_extension:hosts": "rule:admin_api", + "compute_extension:hypervisors": "rule:admin_api", + "compute_extension:image_size": "", + "compute_extension:instance_actions": "", + "compute_extension:instance_actions:events": "rule:admin_api", + "compute_extension:instance_usage_audit_log": "rule:admin_api", + "compute_extension:keypairs": "", + "compute_extension:keypairs:index": "", + "compute_extension:keypairs:show": "", + "compute_extension:keypairs:create": "", + "compute_extension:keypairs:delete": "", + "compute_extension:multinic": "", + "compute_extension:networks": "rule:admin_api", + "compute_extension:networks:view": "", + "compute_extension:networks_associate": "rule:admin_api", + "compute_extension:os-tenant-networks": "", + "compute_extension:quotas:show": "", + "compute_extension:quotas:update": "rule:admin_api", + "compute_extension:quotas:delete": "rule:admin_api", + "compute_extension:quota_classes": "", + "compute_extension:rescue": "", + "compute_extension:security_group_default_rules": "rule:admin_api", + "compute_extension:security_groups": "", + "compute_extension:server_diagnostics": "rule:admin_api", + "compute_extension:server_groups": "", + "compute_extension:server_password": "", + "compute_extension:server_usage": "", + "compute_extension:services": "rule:admin_api", + "compute_extension:shelve": "", + "compute_extension:shelveOffload": "rule:admin_api", + "compute_extension:simple_tenant_usage:show": "rule:admin_or_owner", + "compute_extension:simple_tenant_usage:list": "rule:admin_api", + "compute_extension:unshelve": "", + "compute_extension:users": "rule:admin_api", + "compute_extension:virtual_interfaces": "", + "compute_extension:virtual_storage_arrays": "", + "compute_extension:volumes": "", + "compute_extension:volume_attachments:index": "", + "compute_extension:volume_attachments:show": "", + "compute_extension:volume_attachments:create": "", + "compute_extension:volume_attachments:update": "", + "compute_extension:volume_attachments:delete": "", + "compute_extension:volumetypes": "", + "compute_extension:availability_zone:list": "", + "compute_extension:availability_zone:detail": "rule:admin_api", + "compute_extension:used_limits_for_admin": "rule:admin_api", + "compute_extension:migrations:index": "rule:admin_api", + "compute_extension:os-assisted-volume-snapshots:create": "rule:admin_api", + "compute_extension:os-assisted-volume-snapshots:delete": "rule:admin_api", + "compute_extension:console_auth_tokens": "rule:admin_api", + "compute_extension:os-server-external-events:create": "rule:admin_api", + + "network:get_all": "", + "network:get": "", + "network:create": "", + "network:delete": "", + "network:associate": "", + "network:disassociate": "", + "network:get_vifs_by_instance": "", + "network:allocate_for_instance": "", + "network:deallocate_for_instance": "", + "network:validate_networks": "", + "network:get_instance_uuids_by_ip_filter": "", + "network:get_instance_id_by_floating_address": "", + "network:setup_networks_on_host": "", + "network:get_backdoor_port": "", + + "network:get_floating_ip": "", + "network:get_floating_ip_pools": "", + "network:get_floating_ip_by_address": "", + "network:get_floating_ips_by_project": "", + "network:get_floating_ips_by_fixed_address": "", + "network:allocate_floating_ip": "", + "network:associate_floating_ip": "", + "network:disassociate_floating_ip": "", + "network:release_floating_ip": "", + "network:migrate_instance_start": "", + "network:migrate_instance_finish": "", + + "network:get_fixed_ip": "", + "network:get_fixed_ip_by_address": "", + "network:add_fixed_ip_to_instance": "", + "network:remove_fixed_ip_from_instance": "", + "network:add_network_to_project": "", + "network:get_instance_nw_info": "", + + "network:get_dns_domains": "", + "network:add_dns_entry": "", + "network:modify_dns_entry": "", + "network:delete_dns_entry": "", + "network:get_dns_entries_by_address": "", + "network:get_dns_entries_by_name": "", + "network:create_private_dns_domain": "", + "network:create_public_dns_domain": "", + "network:delete_dns_domain": "", + "network:attach_external_network": "rule:admin_api", + "network:get_vif_by_mac_address": "", + + "os_compute_api:servers:detail:get_all_tenants": "is_admin:True", + "os_compute_api:servers:index:get_all_tenants": "is_admin:True", + "os_compute_api:servers:confirm_resize": "", + "os_compute_api:servers:create": "http://my_hostname:31001/authz", + "os_compute_api:servers:create:attach_network": "", + "os_compute_api:servers:create:attach_volume": "", + "os_compute_api:servers:create:forced_host": "rule:admin_api", + "os_compute_api:servers:delete": "http://my_hostname:31001/authz", + "os_compute_api:servers:update": "http://my_hostname:31001/authz", + "os_compute_api:servers:detail": "http://my_hostname:31001/authz", + "os_compute_api:servers:index": "http://my_hostname:31001/authz", + "os_compute_api:servers:reboot": "http://my_hostname:31001/authz", + "os_compute_api:servers:rebuild": "http://my_hostname:31001/authz", + "os_compute_api:servers:resize": "http://my_hostname:31001/authz", + "os_compute_api:servers:revert_resize": "http://my_hostname:31001/authz", + "os_compute_api:servers:show": "http://my_hostname:31001/authz", + "os_compute_api:servers:create_image": "", + "os_compute_api:servers:create_image:allow_volume_backed": "", + "os_compute_api:servers:start": "rule:admin_or_owner", + "os_compute_api:servers:stop": "rule:admin_or_owner", + "os_compute_api:os-access-ips:discoverable": "", + "os_compute_api:os-access-ips": "", + "os_compute_api:os-admin-actions": "rule:admin_api", + "os_compute_api:os-admin-actions:discoverable": "", + "os_compute_api:os-admin-actions:reset_network": "rule:admin_api", + "os_compute_api:os-admin-actions:inject_network_info": "rule:admin_api", + "os_compute_api:os-admin-actions:reset_state": "rule:admin_api", + "os_compute_api:os-admin-password": "", + "os_compute_api:os-admin-password:discoverable": "", + "os_compute_api:os-aggregates:discoverable": "", + "os_compute_api:os-aggregates:index": "rule:admin_api", + "os_compute_api:os-aggregates:create": "rule:admin_api", + "os_compute_api:os-aggregates:show": "rule:admin_api", + "os_compute_api:os-aggregates:update": "rule:admin_api", + "os_compute_api:os-aggregates:delete": "rule:admin_api", + "os_compute_api:os-aggregates:add_host": "rule:admin_api", + "os_compute_api:os-aggregates:remove_host": "rule:admin_api", + "os_compute_api:os-aggregates:set_metadata": "rule:admin_api", + "os_compute_api:os-agents": "rule:admin_api", + "os_compute_api:os-agents:discoverable": "", + "os_compute_api:os-attach-interfaces": "", + "os_compute_api:os-attach-interfaces:discoverable": "", + "os_compute_api:os-baremetal-nodes": "rule:admin_api", + "os_compute_api:os-baremetal-nodes:discoverable": "", + "os_compute_api:os-block-device-mapping-v1:discoverable": "", + "os_compute_api:os-cells": "rule:admin_api", + "os_compute_api:os-cells:create": "rule:admin_api", + "os_compute_api:os-cells:delete": "rule:admin_api", + "os_compute_api:os-cells:update": "rule:admin_api", + "os_compute_api:os-cells:sync_instances": "rule:admin_api", + "os_compute_api:os-cells:discoverable": "", + "os_compute_api:os-certificates:create": "", + "os_compute_api:os-certificates:show": "", + "os_compute_api:os-certificates:discoverable": "", + "os_compute_api:os-cloudpipe": "rule:admin_api", + "os_compute_api:os-cloudpipe:discoverable": "", + "os_compute_api:os-config-drive": "", + "os_compute_api:os-consoles:discoverable": "", + "os_compute_api:os-consoles:create": "", + "os_compute_api:os-consoles:delete": "", + "os_compute_api:os-consoles:index": "", + "os_compute_api:os-consoles:show": "", + "os_compute_api:os-console-output:discoverable": "", + "os_compute_api:os-console-output": "", + "os_compute_api:os-remote-consoles": "", + "os_compute_api:os-remote-consoles:discoverable": "", + "os_compute_api:os-create-backup:discoverable": "", + "os_compute_api:os-create-backup": "rule:admin_or_owner", + "os_compute_api:os-deferred-delete": "", + "os_compute_api:os-deferred-delete:discoverable": "", + "os_compute_api:os-disk-config": "", + "os_compute_api:os-disk-config:discoverable": "", + "os_compute_api:os-evacuate": "rule:admin_api", + "os_compute_api:os-evacuate:discoverable": "", + "os_compute_api:os-extended-server-attributes": "rule:admin_api", + "os_compute_api:os-extended-server-attributes:discoverable": "", + "os_compute_api:os-extended-status": "", + "os_compute_api:os-extended-status:discoverable": "", + "os_compute_api:os-extended-availability-zone": "", + "os_compute_api:os-extended-availability-zone:discoverable": "", + "os_compute_api:extensions": "", + "os_compute_api:extension_info:discoverable": "", + "os_compute_api:os-extended-volumes": "", + "os_compute_api:os-extended-volumes:discoverable": "", + "os_compute_api:os-fixed-ips": "rule:admin_api", + "os_compute_api:os-fixed-ips:discoverable": "", + "os_compute_api:os-flavor-access": "", + "os_compute_api:os-flavor-access:discoverable": "", + "os_compute_api:os-flavor-access:remove_tenant_access": "rule:admin_api", + "os_compute_api:os-flavor-access:add_tenant_access": "rule:admin_api", + "os_compute_api:os-flavor-rxtx": "", + "os_compute_api:os-flavor-rxtx:discoverable": "", + "os_compute_api:flavors:discoverable": "", + "os_compute_api:os-flavor-extra-specs:discoverable": "", + "os_compute_api:os-flavor-extra-specs:index": "", + "os_compute_api:os-flavor-extra-specs:show": "", + "os_compute_api:os-flavor-extra-specs:create": "rule:admin_api", + "os_compute_api:os-flavor-extra-specs:update": "rule:admin_api", + "os_compute_api:os-flavor-extra-specs:delete": "rule:admin_api", + "os_compute_api:os-flavor-manage:discoverable": "", + "os_compute_api:os-flavor-manage": "rule:admin_api", + "os_compute_api:os-floating-ip-dns": "", + "os_compute_api:os-floating-ip-dns:discoverable": "", + "os_compute_api:os-floating-ip-dns:domain:update": "rule:admin_api", + "os_compute_api:os-floating-ip-dns:domain:delete": "rule:admin_api", + "os_compute_api:os-floating-ip-pools": "", + "os_compute_api:os-floating-ip-pools:discoverable": "", + "os_compute_api:os-floating-ips": "", + "os_compute_api:os-floating-ips:discoverable": "", + "os_compute_api:os-floating-ips-bulk": "rule:admin_api", + "os_compute_api:os-floating-ips-bulk:discoverable": "", + "os_compute_api:os-fping": "", + "os_compute_api:os-fping:discoverable": "", + "os_compute_api:os-fping:all_tenants": "rule:admin_api", + "os_compute_api:os-hide-server-addresses": "is_admin:False", + "os_compute_api:os-hide-server-addresses:discoverable": "", + "os_compute_api:os-hosts": "rule:admin_api", + "os_compute_api:os-hosts:discoverable": "", + "os_compute_api:os-hypervisors": "rule:admin_api", + "os_compute_api:os-hypervisors:discoverable": "", + "os_compute_api:images:discoverable": "", + "os_compute_api:image-size": "", + "os_compute_api:image-size:discoverable": "", + "os_compute_api:os-instance-actions": "", + "os_compute_api:os-instance-actions:discoverable": "", + "os_compute_api:os-instance-actions:events": "rule:admin_api", + "os_compute_api:os-instance-usage-audit-log": "rule:admin_api", + "os_compute_api:os-instance-usage-audit-log:discoverable": "", + "os_compute_api:ips:discoverable": "", + "os_compute_api:ips:index": "rule:admin_or_owner", + "os_compute_api:ips:show": "rule:admin_or_owner", + "os_compute_api:os-keypairs:discoverable": "", + "os_compute_api:os-keypairs": "", + "os_compute_api:os-keypairs:index": "rule:admin_api or user_id:%(user_id)s", + "os_compute_api:os-keypairs:show": "rule:admin_api or user_id:%(user_id)s", + "os_compute_api:os-keypairs:create": "rule:admin_api or user_id:%(user_id)s", + "os_compute_api:os-keypairs:delete": "rule:admin_api or user_id:%(user_id)s", + "os_compute_api:limits:discoverable": "", + "os_compute_api:limits": "", + "os_compute_api:os-lock-server:discoverable": "", + "os_compute_api:os-lock-server:lock": "rule:admin_or_owner", + "os_compute_api:os-lock-server:unlock": "rule:admin_or_owner", + "os_compute_api:os-lock-server:unlock:unlock_override": "rule:admin_api", + "os_compute_api:os-migrate-server:discoverable": "", + "os_compute_api:os-migrate-server:migrate": "rule:admin_api", + "os_compute_api:os-migrate-server:migrate_live": "rule:admin_api", + "os_compute_api:os-multinic": "", + "os_compute_api:os-multinic:discoverable": "", + "os_compute_api:os-networks": "rule:admin_api", + "os_compute_api:os-networks:view": "", + "os_compute_api:os-networks:discoverable": "", + "os_compute_api:os-networks-associate": "rule:admin_api", + "os_compute_api:os-networks-associate:discoverable": "", + "os_compute_api:os-pause-server:discoverable": "", + "os_compute_api:os-pause-server:pause": "rule:admin_or_owner", + "os_compute_api:os-pause-server:unpause": "rule:admin_or_owner", + "os_compute_api:os-pci:pci_servers": "", + "os_compute_api:os-pci:discoverable": "", + "os_compute_api:os-pci:index": "rule:admin_api", + "os_compute_api:os-pci:detail": "rule:admin_api", + "os_compute_api:os-pci:show": "rule:admin_api", + "os_compute_api:os-personality:discoverable": "", + "os_compute_api:os-preserve-ephemeral-rebuild:discoverable": "", + "os_compute_api:os-quota-sets:discoverable": "", + "os_compute_api:os-quota-sets:show": "rule:admin_or_owner", + "os_compute_api:os-quota-sets:defaults": "", + "os_compute_api:os-quota-sets:update": "rule:admin_api", + "os_compute_api:os-quota-sets:delete": "rule:admin_api", + "os_compute_api:os-quota-sets:detail": "rule:admin_api", + "os_compute_api:os-quota-class-sets:update": "rule:admin_api", + "os_compute_api:os-quota-class-sets:show": "is_admin:True or quota_class:%(quota_class)s", + "os_compute_api:os-quota-class-sets:discoverable": "", + "os_compute_api:os-rescue": "", + "os_compute_api:os-rescue:discoverable": "", + "os_compute_api:os-scheduler-hints:discoverable": "", + "os_compute_api:os-security-group-default-rules:discoverable": "", + "os_compute_api:os-security-group-default-rules": "rule:admin_api", + "os_compute_api:os-security-groups": "", + "os_compute_api:os-security-groups:discoverable": "", + "os_compute_api:os-server-diagnostics": "rule:admin_api", + "os_compute_api:os-server-diagnostics:discoverable": "", + "os_compute_api:os-server-password": "", + "os_compute_api:os-server-password:discoverable": "", + "os_compute_api:os-server-usage": "", + "os_compute_api:os-server-usage:discoverable": "", + "os_compute_api:os-server-groups": "", + "os_compute_api:os-server-groups:discoverable": "", + "os_compute_api:os-services": "rule:admin_api", + "os_compute_api:os-services:discoverable": "", + "os_compute_api:server-metadata:discoverable": "", + "os_compute_api:server-metadata:index": "rule:admin_or_owner", + "os_compute_api:server-metadata:show": "rule:admin_or_owner", + "os_compute_api:server-metadata:delete": "rule:admin_or_owner", + "os_compute_api:server-metadata:create": "rule:admin_or_owner", + "os_compute_api:server-metadata:update": "rule:admin_or_owner", + "os_compute_api:server-metadata:update_all": "rule:admin_or_owner", + "os_compute_api:servers:discoverable": "", + "os_compute_api:os-shelve:shelve": "", + "os_compute_api:os-shelve:shelve:discoverable": "", + "os_compute_api:os-shelve:shelve_offload": "rule:admin_api", + "os_compute_api:os-simple-tenant-usage:discoverable": "", + "os_compute_api:os-simple-tenant-usage:show": "rule:admin_or_owner", + "os_compute_api:os-simple-tenant-usage:list": "rule:admin_api", + "os_compute_api:os-suspend-server:discoverable": "", + "os_compute_api:os-suspend-server:suspend": "rule:admin_or_owner", + "os_compute_api:os-suspend-server:resume": "rule:admin_or_owner", + "os_compute_api:os-tenant-networks": "rule:admin_or_owner", + "os_compute_api:os-tenant-networks:discoverable": "", + "os_compute_api:os-shelve:unshelve": "", + "os_compute_api:os-user-data:discoverable": "", + "os_compute_api:os-virtual-interfaces": "", + "os_compute_api:os-virtual-interfaces:discoverable": "", + "os_compute_api:os-volumes": "", + "os_compute_api:os-volumes:discoverable": "", + "os_compute_api:os-volumes-attachments:index": "", + "os_compute_api:os-volumes-attachments:show": "", + "os_compute_api:os-volumes-attachments:create": "", + "os_compute_api:os-volumes-attachments:update": "", + "os_compute_api:os-volumes-attachments:delete": "", + "os_compute_api:os-volumes-attachments:discoverable": "", + "os_compute_api:os-availability-zone:list": "", + "os_compute_api:os-availability-zone:discoverable": "", + "os_compute_api:os-availability-zone:detail": "rule:admin_api", + "os_compute_api:os-used-limits": "rule:admin_api", + "os_compute_api:os-used-limits:discoverable": "", + "os_compute_api:os-migrations:index": "rule:admin_api", + "os_compute_api:os-migrations:discoverable": "", + "os_compute_api:os-assisted-volume-snapshots:create": "rule:admin_api", + "os_compute_api:os-assisted-volume-snapshots:delete": "rule:admin_api", + "os_compute_api:os-assisted-volume-snapshots:discoverable": "", + "os_compute_api:os-console-auth-tokens": "rule:admin_api", + "os_compute_api:os-server-external-events:create": "rule:admin_api" +} -- cgit 1.2.3-korg