From 019b10d95976bb80bcce60ee93099b0fd57fcab5 Mon Sep 17 00:00:00 2001
From: asteroide <thomas.duval@orange.com>
Date: Mon, 15 May 2017 14:19:43 +0200
Subject: Update Moon engine to allow a session policy

Change-Id: I63a80597710f08a6641e159cc2306d3cc68b1240
---
 .../moon_interface/tests/apitests/scenario/rbac.py | 19 +++++++++---------
 .../tests/apitests/scenario/session.py             | 23 +++++++++++++---------
 2 files changed, 24 insertions(+), 18 deletions(-)

(limited to 'moonv4/moon_interface/tests/apitests/scenario')

diff --git a/moonv4/moon_interface/tests/apitests/scenario/rbac.py b/moonv4/moon_interface/tests/apitests/scenario/rbac.py
index a43bd1f4..89fd7de8 100644
--- a/moonv4/moon_interface/tests/apitests/scenario/rbac.py
+++ b/moonv4/moon_interface/tests/apitests/scenario/rbac.py
@@ -2,6 +2,7 @@
 pdp_name = "pdp1"
 policy_name = "RBAC policy example"
 model_name = "RBAC"
+policy_genre = "authz"
 
 subjects = {"user0": "", "user1": "", }
 objects = {"vm0": "", "vm1": "", }
@@ -11,13 +12,13 @@ subject_categories = {"role": "", }
 object_categories = {"id": "", }
 action_categories = {"action-type": "", }
 
-subject_data = {"role": {"admin": "", "employee": ""}}
-object_data = {"id": {"vm0": "", "vm1": ""}}
-action_data = {"action-type": {"vm-action": "", }}
+subject_data = {"role": {"admin": "", "employee": "", "*": ""}}
+object_data = {"id": {"vm0": "", "vm1": "", "*": ""}}
+action_data = {"action-type": {"vm-action": "", "*": ""}}
 
-subject_assignments = {"user0": {"role": "employee"}, "user1": {"role": "employee"}, }
-object_assignments = {"vm0": {"id": "vm0"}, "vm1": {"id": "vm1"}}
-action_assignments = {"start": {"action-type": "vm-action"}, "stop": {"action-type": "vm-action"}}
+subject_assignments = {"user0": ({"role": "employee"}, {"role": "*"}), "user1": ({"role": "employee"}, {"role": "*"}), }
+object_assignments = {"vm0": ({"id": "vm0"}, {"id": "*"}), "vm1": ({"id": "vm1"}, {"id": "*"})}
+action_assignments = {"start": ({"action-type": "vm-action"}, {"action-type": "*"}), "stop": ({"action-type": "vm-action"}, {"action-type": "*"})}
 
 meta_rule = {
     "rbac": {"id": "", "value": ("role", "id", "action-type")},
@@ -28,13 +29,13 @@ rules = {
         {
             "rule": ("admin", "vm0", "vm-action"),
             "instructions": (
-                {"decision": "grant"}  # "grant" to immediately exit, "continue" to wait for the result of next policy
+                {"decision": "grant"},  # "grant" to immediately exit, "continue" to wait for the result of next policy
             )
         },
         {
-            "rule": ("admin", "vm1", "vm-action"),
+            "rule": ("employee", "vm1", "vm-action"),
             "instructions": (
-                {"decision": "grant"}
+                {"decision": "grant"},
             )
         },
     )
diff --git a/moonv4/moon_interface/tests/apitests/scenario/session.py b/moonv4/moon_interface/tests/apitests/scenario/session.py
index 6b7e0f18..97d7aec3 100644
--- a/moonv4/moon_interface/tests/apitests/scenario/session.py
+++ b/moonv4/moon_interface/tests/apitests/scenario/session.py
@@ -2,6 +2,7 @@
 pdp_name = "pdp1"
 policy_name = "Session policy example"
 model_name = "Session"
+policy_genre = "session"
 
 subjects = {"user0": "", "user1": "", }
 objects = {"admin": "", "employee": "", }
@@ -12,12 +13,16 @@ object_categories = {"role": "", }
 action_categories = {"session-action": "", }
 
 subject_data = {"subjectid": {"user0": "", "user1": ""}}
-object_data = {"role": {"admin": "", "employee": ""}}
-action_data = {"session-action": {"activate": "", "deactivate": ""}}
+object_data = {"role": {"admin": "", "employee": "", "*": ""}}
+action_data = {"session-action": {"activate": "", "deactivate": "", "*": ""}}
 
-subject_assignments = {"user0": {"subjectid": "user0"}, "user1": {"subjectid": "user1"}, }
-object_assignments = {"admin": {"role": "admin"}, "employee": {"role": "employee"}}
-action_assignments = {"activate": {"session-action": "activate"}, "deactivate": {"session-action": "deactivate"}}
+subject_assignments = {"user0": ({"subjectid": "user0"}, ), "user1": ({"subjectid": "user1"}, ), }
+object_assignments = {"admin": ({"role": "admin"}, {"role": "*"}),
+                      "employee": ({"role": "employee"}, {"role": "employee"})
+                      }
+action_assignments = {"activate": ({"session-action": "activate"}, {"session-action": "*"}, ),
+                      "deactivate": ({"session-action": "deactivate"}, {"session-action": "*"}, )
+                      }
 
 meta_rule = {
     "session": {"id": "", "value": ("subjectid", "role", "session-action")},
@@ -26,7 +31,7 @@ meta_rule = {
 rules = {
     "session": (
         {
-            "rule": ("user0", "admin", "activate"),
+            "rule": ("user0", "employee", "*"),
             "instructions": (
                 {
                     "update": {
@@ -34,11 +39,11 @@ rules = {
                         "target": "rbac:role:admin"  # add the role admin to the current user
                     }
                 },
-                {"chain": [{"security_pipeline": "rbac"}]}  # chain with the meta_rule named rbac
+                {"chain": {"name": "rbac"}}  # chain with the meta_rule named rbac
             )
         },
         {
-            "rule": ("user1", "employee", "deactivate"),
+            "rule": ("user1", "employee", "*"),
             "instructions": (
                 {
                     "update": {
@@ -46,7 +51,7 @@ rules = {
                         "target": "rbac:role:employee"  # delete the role employee from the current user
                     }
                 },
-                {"chain": [{"security_pipeline": "rbac"}]}  # chain with the meta_rule named rbac
+                {"chain": {"name": "rbac"}}  # chain with the meta_rule named rbac
             )
         },
     )
-- 
cgit 1.2.3-korg