From 7bb53c64da2dcf88894bfd31503accdd81498f3d Mon Sep 17 00:00:00 2001 From: Thomas Duval Date: Wed, 3 Jun 2020 10:06:52 +0200 Subject: Update to new version 5.4 Signed-off-by: Thomas Duval Change-Id: Idcd868133d75928a1ffd74d749ce98503e0555ea --- python_moondb/.gitignore | 106 -- python_moondb/Changelog | 128 -- python_moondb/LICENSE | 202 --- python_moondb/MANIFEST.in | 10 - python_moondb/README.md | 32 - python_moondb/bin/drop_tables.sql | 18 - python_moondb/python_moondb/__init__.py | 6 - python_moondb/python_moondb/api/__init__.py | 0 python_moondb/python_moondb/api/keystone.py | 105 -- python_moondb/python_moondb/api/managers.py | 16 - python_moondb/python_moondb/api/model.py | 338 ---- python_moondb/python_moondb/api/pdp.py | 51 - python_moondb/python_moondb/api/policy.py | 751 -------- python_moondb/python_moondb/backends/__init__.py | 96 - python_moondb/python_moondb/backends/sql.py | 1884 -------------------- python_moondb/python_moondb/core.py | 228 --- python_moondb/python_moondb/db_manager.py | 82 - .../python_moondb/migrate_repo/__init__.py | 0 .../migrate_repo/versions/001_moon.py | 267 --- .../migrate_repo/versions/__init__.py | 0 python_moondb/requirements.txt | 4 - python_moondb/setup.py | 54 - python_moondb/tests/unit_python/conftest.py | 145 -- .../tests/unit_python/helpers/__init__.py | 0 .../tests/unit_python/helpers/assignment_helper.py | 49 - .../tests/unit_python/helpers/category_helper.py | 54 - .../tests/unit_python/helpers/data_helper.py | 98 - .../tests/unit_python/helpers/meta_rule_helper.py | 48 - .../tests/unit_python/helpers/mock_data.py | 156 -- .../tests/unit_python/helpers/model_helper.py | 47 - .../tests/unit_python/helpers/pdp_helper.py | 23 - .../tests/unit_python/helpers/policy_helper.py | 72 - python_moondb/tests/unit_python/mock_components.py | 27 - python_moondb/tests/unit_python/mock_keystone.py | 33 - python_moondb/tests/unit_python/models/__init__.py | 0 .../tests/unit_python/models/test_categories.py | 111 -- .../tests/unit_python/models/test_meta_rules.py | 403 ----- .../tests/unit_python/models/test_models.py | 622 ------- .../tests/unit_python/policies/__init__.py | 0 .../tests/unit_python/policies/mock_data.py | 74 - .../tests/unit_python/policies/test_assignments.py | 235 --- .../tests/unit_python/policies/test_data.py | 707 -------- .../tests/unit_python/policies/test_policies.py | 643 ------- python_moondb/tests/unit_python/requirements.txt | 4 - python_moondb/tests/unit_python/test_keystone.py | 53 - python_moondb/tests/unit_python/test_pdp.py | 149 -- python_moondb/tests/unit_python/utilities.py | 136 -- 47 files changed, 8267 deletions(-) delete mode 100644 python_moondb/.gitignore delete mode 100644 python_moondb/Changelog delete mode 100644 python_moondb/LICENSE delete mode 100644 python_moondb/MANIFEST.in delete mode 100644 python_moondb/README.md delete mode 100644 python_moondb/bin/drop_tables.sql delete mode 100644 python_moondb/python_moondb/__init__.py delete mode 100644 python_moondb/python_moondb/api/__init__.py delete mode 100644 python_moondb/python_moondb/api/keystone.py delete mode 100644 python_moondb/python_moondb/api/managers.py delete mode 100644 python_moondb/python_moondb/api/model.py delete mode 100644 python_moondb/python_moondb/api/pdp.py delete mode 100644 python_moondb/python_moondb/api/policy.py delete mode 100644 python_moondb/python_moondb/backends/__init__.py delete mode 100644 python_moondb/python_moondb/backends/sql.py delete mode 100644 python_moondb/python_moondb/core.py delete mode 100644 python_moondb/python_moondb/db_manager.py delete mode 100644 python_moondb/python_moondb/migrate_repo/__init__.py delete mode 100644 python_moondb/python_moondb/migrate_repo/versions/001_moon.py delete mode 100644 python_moondb/python_moondb/migrate_repo/versions/__init__.py delete mode 100644 python_moondb/requirements.txt delete mode 100644 python_moondb/setup.py delete mode 100644 python_moondb/tests/unit_python/conftest.py delete mode 100644 python_moondb/tests/unit_python/helpers/__init__.py delete mode 100644 python_moondb/tests/unit_python/helpers/assignment_helper.py delete mode 100644 python_moondb/tests/unit_python/helpers/category_helper.py delete mode 100644 python_moondb/tests/unit_python/helpers/data_helper.py delete mode 100644 python_moondb/tests/unit_python/helpers/meta_rule_helper.py delete mode 100644 python_moondb/tests/unit_python/helpers/mock_data.py delete mode 100644 python_moondb/tests/unit_python/helpers/model_helper.py delete mode 100644 python_moondb/tests/unit_python/helpers/pdp_helper.py delete mode 100644 python_moondb/tests/unit_python/helpers/policy_helper.py delete mode 100644 python_moondb/tests/unit_python/mock_components.py delete mode 100644 python_moondb/tests/unit_python/mock_keystone.py delete mode 100755 python_moondb/tests/unit_python/models/__init__.py delete mode 100644 python_moondb/tests/unit_python/models/test_categories.py delete mode 100644 python_moondb/tests/unit_python/models/test_meta_rules.py delete mode 100644 python_moondb/tests/unit_python/models/test_models.py delete mode 100644 python_moondb/tests/unit_python/policies/__init__.py delete mode 100644 python_moondb/tests/unit_python/policies/mock_data.py delete mode 100755 python_moondb/tests/unit_python/policies/test_assignments.py delete mode 100755 python_moondb/tests/unit_python/policies/test_data.py delete mode 100755 python_moondb/tests/unit_python/policies/test_policies.py delete mode 100644 python_moondb/tests/unit_python/requirements.txt delete mode 100644 python_moondb/tests/unit_python/test_keystone.py delete mode 100755 python_moondb/tests/unit_python/test_pdp.py delete mode 100644 python_moondb/tests/unit_python/utilities.py (limited to 'python_moondb') diff --git a/python_moondb/.gitignore b/python_moondb/.gitignore deleted file mode 100644 index 9c29724f..00000000 --- a/python_moondb/.gitignore +++ /dev/null @@ -1,106 +0,0 @@ -# Byte-compiled / optimized / DLL files -__pycache__/ -*.py[cod] -*$py.class - -# C extensions -*.so - -# Distribution / packaging -.Python -build/ -develop-eggs/ -dist/ -downloads/ -eggs/ -.eggs/ -lib/ -lib64/ -parts/ -sdist/ -var/ -wheels/ -*.egg-info/ -.installed.cfg -*.egg -MANIFEST - -# PyInstaller -# Usually these files are written by a python script from a template -# before PyInstaller builds the exe, so as to inject date/other infos into it. -*.manifest -*.spec - -# Installer logs -pip-log.txt -pip-delete-this-directory.txt - -# Unit test / coverage reports -htmlcov/ -.tox/ -.coverage -.coverage.* -.cache -nosetests.xml -coverage.xml -*.cover -.hypothesis/ -.pytest_cache/ - -# Translations -*.mo -*.pot - -# Django stuff: -*.log -local_settings.py -db.sqlite3 - -# Flask stuff: -instance/ -.webassets-cache - -# Scrapy stuff: -.scrapy - -# Sphinx documentation -docs/_build/ - -# PyBuilder -target/ - -# Jupyter Notebook -.ipynb_checkpoints - -# pyenv -.python-version - -# celery beat schedule file -celerybeat-schedule - -# SageMath parsed files -*.sage.py - -# Environments -.env -.venv -env/ -venv/ -ENV/ -env.bak/ -venv.bak/ - -# Spyder project settings -.spyderproject -.spyproject - -# Rope project settings -.ropeproject - -# mkdocs documentation -/site - -# mypy -.mypy_cache/ - -/tests/unit_python/database.db diff --git a/python_moondb/Changelog b/python_moondb/Changelog deleted file mode 100644 index 9236c260..00000000 --- a/python_moondb/Changelog +++ /dev/null @@ -1,128 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - - -CHANGES -======= - -0.1.0 ------ -- First version of the moon_db library. - -1.0.0 ------ -- First public version of the moon_db library. - -1.0.1 ------ -- Update setup.py to force the installation of requirements. - -1.0.2 ------ -- Test PyPi upload - -1.0.3 ------ -- Fix a bug in core.py -- Update db_manager - -1.1.0 ------ -- When adding a subject, check the existence of that user in the Keystone DB and - create it if necessary - -1.2.0 ------ -- Update the db_manager in order to use it for tests - -1.2.1 ------ -- Update moon_db_manager in order to use it for unit tests - -1.2.2 ------ -- Fix a bug in moon_db_manager - -1.2.3 ------ -- Cleanup moon_db code - -1.2.4 ------ -- Update the name of the library (from moon_db) - -1.2.5 ------ -- Code cleaning - -1.2.6 ------ -- Remove some code duplication in moon_db -- handle the extra field for the perimeter - -1.2.7 ------ -- Fix some bugs - -1.2.8 ------ -- Add unique constraints on db tables - -1.2.9 ------ -- Add some verifications when deleting some elements in database - -1.2.10 ------ -- Update the migration script because of a bug introduced in 1.2.8 in rule table -- Fix bugs due to the previous version - -1.2.11 ------- -- adding test cases for perimeter -- adding subject_object_action to model_test -- update import of exception -- add unit_test to test_model -- add validation for not accepting blank perimeter name or category name - -1.2.12 ------- -- Fix the SubjectExisting exception problem - -1.2.13 ------- -- Add validations and refactor test cases - -1.2.14 ------- -- Fix some bugs for the manager and clean the code - -1.2.15 ------- -- Fix test cases after removing syntax error in exceptions - -1.2.16 ------- -- Fix the "key length error" in meta_rule table - -1.2.17 ------- -- adding extra validation for addition and deletion dependencies - -1.2.18 ------- -- adding changelog - -1.2.19 ------- -- adding extra validation for update requests - -1.2.20 ------- -- adding extra validation of rule content -- update validation for category with meta-rule dependencies -- update validation on updating meta-rule -- applying PyLint -- fixing Jira issues related to update policy \ No newline at end of file diff --git a/python_moondb/LICENSE b/python_moondb/LICENSE deleted file mode 100644 index d6456956..00000000 --- a/python_moondb/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/python_moondb/MANIFEST.in b/python_moondb/MANIFEST.in deleted file mode 100644 index 02655837..00000000 --- a/python_moondb/MANIFEST.in +++ /dev/null @@ -1,10 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -include README.md -include LICENSE -include setup.py -include requirements.txt -graft bin \ No newline at end of file diff --git a/python_moondb/README.md b/python_moondb/README.md deleted file mode 100644 index d36c6ae3..00000000 --- a/python_moondb/README.md +++ /dev/null @@ -1,32 +0,0 @@ -# python_moondb - -This package contains the database module for the Moon project -It is designed to provide a driver to access the Moon database. - -For any other information, refer to the parent project: - - https://git.opnfv.org/moon - -## Build -### Build Python Package -```bash -cd ${MOON_HOME}/python_moondb -python3 setup.py sdist bdist_wheel -``` - -### Push Python Package to PIP -```bash -cd ${MOON_HOME}/python_moondb -gpg --detach-sign -u "${GPG_ID}" -a dist/python_moondb-X.Y.Z-py3-none-any.whl -gpg --detach-sign -u "${GPG_ID}" -a dist/python_moondb-X.Y.Z.tar.gz -twine upload dist/python_moondb-X.Y.Z-py3-none-any.whl dist/python_moondb-X.Y.Z-py3-none-any.whl.asc -twine upload dist/python_moondb-X.Y.Z.tar.gz dist/python_moondb-X.Y.Z.tar.gz.asc -``` - -## Test -### Python Unit Test -launch Docker for Python unit tests -```bash -cd ${MOON_HOME}/python_moondb -docker run --rm --volume $(pwd):/data wukongsun/moon_python_unit_test:latest -``` \ No newline at end of file diff --git a/python_moondb/bin/drop_tables.sql b/python_moondb/bin/drop_tables.sql deleted file mode 100644 index f5f65ea7..00000000 --- a/python_moondb/bin/drop_tables.sql +++ /dev/null @@ -1,18 +0,0 @@ -use moon; -drop table action_assignments; -drop table object_assignments; -drop table subject_assignments; -drop table subject_scopes; -drop table action_scopes; -drop table object_scopes; -drop table action_categories; -drop table subject_categories; -drop table object_categories; -drop table rules; -drop table sub_meta_rules; -drop table actions; -drop table objects; -drop table subjects; -drop table tenants; -drop table intra_extensions; -show tables; diff --git a/python_moondb/python_moondb/__init__.py b/python_moondb/python_moondb/__init__.py deleted file mode 100644 index 37c9a725..00000000 --- a/python_moondb/python_moondb/__init__.py +++ /dev/null @@ -1,6 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -__version__ = "1.2.20" diff --git a/python_moondb/python_moondb/api/__init__.py b/python_moondb/python_moondb/api/__init__.py deleted file mode 100644 index e69de29b..00000000 diff --git a/python_moondb/python_moondb/api/keystone.py b/python_moondb/python_moondb/api/keystone.py deleted file mode 100644 index 57521c36..00000000 --- a/python_moondb/python_moondb/api/keystone.py +++ /dev/null @@ -1,105 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import os -import requests -import json -from uuid import uuid4 -import logging -from python_moonutilities import exceptions, configuration -from python_moonutilities.security_functions import filter_input, login, logout -from python_moondb.api.managers import Managers - -logger = logging.getLogger("moon.db.api.keystone") - - -class KeystoneManager(Managers): - - def __init__(self, connector=None): - self.driver = connector.driver - Managers.KeystoneManager = self - conf = configuration.get_configuration("openstack/keystone")['openstack/keystone'] - - self.__url = conf['url'] - self.__user = conf['user'] - self.__password = conf['password'] - self.__domain = conf['domain'] - self.__project = conf['project'] - try: - os.environ.pop("http_proxy") - os.environ.pop("https_proxy") - except KeyError: - pass - - def __get(self, endpoint, _exception=exceptions.KeystoneError): - _headers = login() - req = requests.get("{}{}".format(self.__url, endpoint), headers=_headers, verify=False) - if req.status_code not in (200, 201): - logger.error(req.text) - raise _exception - data = req.json() - logout(_headers) - return data - - def __post(self, endpoint, data=None, _exception=exceptions.KeystoneError): - _headers = login() - req = requests.post("{}{}".format(self.__url, endpoint), - data=json.dumps(data), - headers=_headers, verify=False) - if req.status_code == 409: - logger.warning(req.text) - raise exceptions.KeystoneUserConflict - if req.status_code not in (200, 201): - logger.error(req.text) - raise _exception - data = req.json() - logout(_headers) - return data - - def list_projects(self): - return self.__get(endpoint="/projects/", _exception=exceptions.KeystoneProjectError) - - @filter_input - def create_project(self, tenant_dict): - if "name" not in tenant_dict: - raise exceptions.KeystoneProjectError("Cannot get the project name.") - _project = { - "project": { - "description": tenant_dict['description'] if 'description' in tenant_dict else "", - "domain_id": tenant_dict['domain'] if 'domain' in tenant_dict else "default", - "enabled": True, - "is_domain": False, - "name": tenant_dict['name'] - } - } - return self.__post(endpoint="/projects/", - data=_project, - _exception=exceptions.KeystoneProjectError) - - @filter_input - def get_user_by_name(self, username, domain_id="default"): - return self.__get(endpoint="/users?name={}&domain_id={}".format(username, domain_id), - _exception=exceptions.KeystoneUserError) - - @filter_input - def create_user(self, subject_dict): - _user = { - "user": { - "enabled": True, - "name": subject_dict['name'] if 'name' in subject_dict else uuid4().hex, - } - } - if 'project' in subject_dict: - _user['user']['default_project_id'] = subject_dict['project'] - if 'domain' in subject_dict: - _user['user']['domain_id'] = subject_dict['domain'] - if 'password' in subject_dict: - _user['user']['password'] = subject_dict['password'] - try: - return self.__post(endpoint="/users/", - data=_user, - _exception=exceptions.KeystoneUserError) - except exceptions.KeystoneUserConflict: - return True diff --git a/python_moondb/python_moondb/api/managers.py b/python_moondb/python_moondb/api/managers.py deleted file mode 100644 index 414725f6..00000000 --- a/python_moondb/python_moondb/api/managers.py +++ /dev/null @@ -1,16 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import logging - -logger = logging.getLogger("moon.db.api.managers") - - -class Managers(object): - """Object that links managers together""" - ModelManager = None - KeystoneManager = None - PDPManager = None - PolicyManager = None diff --git a/python_moondb/python_moondb/api/model.py b/python_moondb/python_moondb/api/model.py deleted file mode 100644 index 4f6c34cb..00000000 --- a/python_moondb/python_moondb/api/model.py +++ /dev/null @@ -1,338 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -from uuid import uuid4 -import logging -from python_moonutilities import exceptions -from python_moonutilities.security_functions import filter_input, enforce -from python_moondb.api.managers import Managers -import copy - -logger = logging.getLogger("moon.db.api.model") - - -class ModelManager(Managers): - - def __init__(self, connector=None): - self.driver = connector.driver - Managers.ModelManager = self - - @enforce(("read", "write"), "models") - def update_model(self, user_id, model_id, value): - if model_id not in self.driver.get_models(model_id=model_id): - raise exceptions.ModelUnknown - - if not value['name'].strip(): - raise exceptions.ModelContentError('Model name invalid') - - if 'meta_rules' not in value: - raise exceptions.MetaRuleUnknown - - if not value['name']: - raise exceptions.ModelContentError - - model = self.get_models(user_id=user_id, model_id=model_id) - model = model[next(iter(model))] - if ((model['meta_rules'] and value['meta_rules'] and model['meta_rules'] != value[ - 'meta_rules']) \ - or (model['meta_rules'] and not value['meta_rules'])): - policies = Managers.PolicyManager.get_policies(user_id=user_id) - for policy_id in policies: - if policies[policy_id]["model_id"] == model_id: - raise exceptions.DeleteModelWithPolicy - - if value and 'meta_rules' in value: - for meta_rule_id in value['meta_rules']: - if not self.driver.get_meta_rules(meta_rule_id=meta_rule_id): - raise exceptions.MetaRuleUnknown - - return self.driver.update_model(model_id=model_id, value=value) - - @enforce(("read", "write"), "models") - def delete_model(self, user_id, model_id): - if model_id not in self.driver.get_models(model_id=model_id): - raise exceptions.ModelUnknown - # TODO (asteroide): check that no policy is connected to this model - policies = Managers.PolicyManager.get_policies(user_id=user_id) - for policy in policies: - if policies[policy]['model_id'] == model_id: - raise exceptions.DeleteModelWithPolicy - return self.driver.delete_model(model_id=model_id) - - @enforce(("read", "write"), "models") - def add_model(self, user_id, model_id=None, value=None): - - if not value['name']: - raise exceptions.ModelContentError - - if not value['name'].strip(): - raise exceptions.ModelContentError('Model name invalid') - - models = self.driver.get_models() - if model_id in models: - raise exceptions.ModelExisting - - for model in models: - if models[model]['name'] == value['name']: - raise exceptions.ModelExisting("Model Name Existed") - same_meta_rule_counter = 0 - for meta_rule_id in models[model]['meta_rules']: - if meta_rule_id in value['meta_rules']: - same_meta_rule_counter += 1 - if same_meta_rule_counter == len(value['meta_rules']) and \ - len(models[model]['meta_rules']) == len(value['meta_rules']): - raise exceptions.ModelExisting("Meta Rules List Existed in another Model") - - if not model_id: - model_id = uuid4().hex - if value and 'meta_rules' in value: - for meta_rule_id in value['meta_rules']: - if not meta_rule_id: - raise exceptions.MetaRuleUnknown - meta_rule = self.driver.get_meta_rules(meta_rule_id=meta_rule_id) - if not meta_rule: - raise exceptions.MetaRuleUnknown - - meta_rule_content = meta_rule[next(iter(meta_rule))] - if (not meta_rule_content['subject_categories']) or ( - not meta_rule_content['object_categories']) or ( - not meta_rule_content['action_categories']): - raise exceptions.MetaRuleContentError - - return self.driver.add_model(model_id=model_id, value=value) - - @enforce("read", "models") - def get_models(self, user_id, model_id=None): - return self.driver.get_models(model_id=model_id) - - @enforce(("read", "write"), "meta_rules") - def update_meta_rule(self, user_id, meta_rule_id, value): - meta_rules=self.driver.get_meta_rules() - if not meta_rule_id or meta_rule_id not in meta_rules: - raise exceptions.MetaRuleUnknown - self.__check_meta_rule_dependencies(user_id=user_id, meta_rule_id=meta_rule_id) - if value: - if 'subject_categories' in value: - for subject_category_id in value['subject_categories']: - if not subject_category_id or not self.driver.get_subject_categories( - category_id=subject_category_id): - raise exceptions.SubjectCategoryUnknown - if 'object_categories' in value: - for object_category_id in value['object_categories']: - if not object_category_id or not self.driver.get_object_categories( - category_id=object_category_id): - raise exceptions.ObjectCategoryUnknown - if 'action_categories' in value: - for action_category_id in value['action_categories']: - if not action_category_id or not self.driver.get_action_categories( - category_id=action_category_id): - raise exceptions.ActionCategoryUnknown - - for meta_rule_obj_id in meta_rules: - counter_matched_list = 0 - counter_matched_list += self.check_combination(meta_rules[meta_rule_obj_id]['subject_categories'], - value['subject_categories']) - counter_matched_list += self.check_combination(meta_rules[meta_rule_obj_id]['object_categories'], - value['object_categories']) - counter_matched_list += self.check_combination(meta_rules[meta_rule_obj_id]['action_categories'], - value['action_categories']) - if counter_matched_list == 3 and meta_rule_obj_id!=meta_rule_id: - raise exceptions.MetaRuleExisting("Same categories combination existed") - - return self.driver.set_meta_rule(meta_rule_id=meta_rule_id, value=value) - - def __check_meta_rule_dependencies(self, user_id, meta_rule_id): - policies = Managers.PolicyManager.get_policies(user_id=user_id) - for policy_id in policies: - rules = Managers.PolicyManager.get_rules(user_id=user_id, policy_id=policy_id, - meta_rule_id=meta_rule_id) - if len(rules['rules']): - raise exceptions.MetaRuleUpdateError - - @enforce("read", "meta_rules") - def get_meta_rules(self, user_id, meta_rule_id=None): - return self.driver.get_meta_rules(meta_rule_id=meta_rule_id) - - @enforce(("read", "write"), "meta_rules") - def add_meta_rule(self, user_id, meta_rule_id=None, value=None): - - if not value['name']: - raise exceptions.MetaRuleContentError - - meta_rules = self.driver.get_meta_rules() - - if meta_rule_id in meta_rules: - raise exceptions.MetaRuleExisting - - if value: - if 'subject_categories' in value: - for subject_category_id in value['subject_categories']: - if not self.driver.get_subject_categories(category_id=subject_category_id): - raise exceptions.SubjectCategoryUnknown - if 'object_categories' in value: - for object_category_id in value['object_categories']: - if not self.driver.get_object_categories(category_id=object_category_id): - raise exceptions.ObjectCategoryUnknown - if 'action_categories' in value: - for action_category_id in value['action_categories']: - if not self.driver.get_action_categories(category_id=action_category_id): - raise exceptions.ActionCategoryUnknown - - for meta_rule_obj_id in meta_rules: - counter_matched_list = 0 - counter_matched_list += self.check_combination(meta_rules[meta_rule_obj_id]['subject_categories'], - value['subject_categories']) - counter_matched_list += self.check_combination(meta_rules[meta_rule_obj_id]['object_categories'], - value['object_categories']) - counter_matched_list += self.check_combination(meta_rules[meta_rule_obj_id]['action_categories'], - value['action_categories']) - if counter_matched_list == 3: - raise exceptions.MetaRuleExisting("Same categories combination existed") - - return self.driver.set_meta_rule(meta_rule_id=meta_rule_id, value=value) - - @enforce(("read", "write"), "meta_rules") - def check_combination(self, list_one, list_two): - counter_removed_items = 0 - temp_list_two = copy.deepcopy(list_two) - for item in list_one: - if item in temp_list_two: - temp_list_two.remove(item) - counter_removed_items += 1 - - if counter_removed_items == len(list_two) and len(list_two) == len(list_one) and len(list_two): - return 1 - return 0 - - @enforce(("read", "write"), "meta_rules") - def delete_meta_rule(self, user_id, meta_rule_id=None): - if meta_rule_id not in self.driver.get_meta_rules(meta_rule_id=meta_rule_id): - raise exceptions.MetaRuleUnknown - # TODO (asteroide): check and/or delete data and assignments and rules linked to that meta_rule - models = self.get_models(user_id=user_id) - for model_id in models: - for id in models[model_id]['meta_rules']: - if id == meta_rule_id: - raise exceptions.DeleteMetaRuleWithModel - return self.driver.delete_meta_rule(meta_rule_id=meta_rule_id) - - @enforce("read", "meta_data") - def get_subject_categories(self, user_id, category_id=None): - return self.driver.get_subject_categories(category_id=category_id) - - @enforce(("read", "write"), "meta_data") - def add_subject_category(self, user_id, category_id=None, value=None): - subject_categories = self.driver.get_subject_categories(category_id=category_id) - - if not value['name']: - raise exceptions.CategoryNameInvalid - - if category_id in subject_categories: - raise exceptions.SubjectCategoryExisting - - return self.driver.add_subject_category(name=value["name"], - description=value["description"], uuid=category_id) - - @enforce(("read", "write"), "meta_data") - def delete_subject_category(self, user_id, category_id): - # TODO (asteroide): delete all data linked to that category - # TODO (asteroide): delete all meta_rules linked to that category - if category_id not in self.driver.get_subject_categories(category_id=category_id): - raise exceptions.SubjectCategoryUnknown - meta_rules = self.get_meta_rules(user_id=user_id) - for meta_rule_id in meta_rules: - for subject_category_id in meta_rules[meta_rule_id]['subject_categories']: - logger.info( - "delete_subject_category {} {}".format(subject_category_id, meta_rule_id)) - logger.info("delete_subject_category {}".format(meta_rules[meta_rule_id])) - if subject_category_id == category_id: - # has_rules = self.driver.is_meta_rule_has_rules(meta_rule_id) - # if has_rules: - raise exceptions.DeleteSubjectCategoryWithMetaRule - - if self.driver.is_subject_category_has_assignment(category_id): - raise exceptions.DeleteCategoryWithAssignment - - if self.driver.is_subject_data_exist(category_id=category_id): - raise exceptions.DeleteCategoryWithData - - return self.driver.delete_subject_category(category_id=category_id) - - @enforce("read", "meta_data") - def get_object_categories(self, user_id, category_id=None): - return self.driver.get_object_categories(category_id) - - @enforce(("read", "write"), "meta_data") - def add_object_category(self, user_id, category_id=None, value=None): - if not value['name']: - raise exceptions.CategoryNameInvalid - - object_categories = self.driver.get_object_categories(category_id=category_id) - if category_id in object_categories: - raise exceptions.ObjectCategoryExisting - - return self.driver.add_object_category(name=value["name"], description=value["description"], - uuid=category_id) - - @enforce(("read", "write"), "meta_data") - def delete_object_category(self, user_id, category_id): - # TODO (asteroide): delete all data linked to that category - # TODO (asteroide): delete all meta_rules linked to that category - if category_id not in self.driver.get_object_categories(category_id=category_id): - raise exceptions.ObjectCategoryUnknown - meta_rules = self.get_meta_rules(user_id=user_id) - for meta_rule_id in meta_rules: - for object_category_id in meta_rules[meta_rule_id]['object_categories']: - if object_category_id == category_id: - # has_rules = self.driver.is_meta_rule_has_rules(meta_rule_id) - # if has_rules: - raise exceptions.DeleteObjectCategoryWithMetaRule - - if self.driver.is_object_category_has_assignment(category_id): - raise exceptions.DeleteCategoryWithAssignment - - if self.driver.is_object_data_exist(category_id=category_id): - raise exceptions.DeleteCategoryWithData - - return self.driver.delete_object_category(category_id=category_id) - - @enforce("read", "meta_data") - def get_action_categories(self, user_id, category_id=None): - return self.driver.get_action_categories(category_id=category_id) - - @enforce(("read", "write"), "meta_data") - def add_action_category(self, user_id, category_id=None, value=None): - - if not value['name']: - raise exceptions.CategoryNameInvalid - - action_categories = self.driver.get_action_categories(category_id=category_id) - if category_id in action_categories: - raise exceptions.ActionCategoryExisting - - return self.driver.add_action_category(name=value["name"], description=value["description"], - uuid=category_id) - - @enforce(("read", "write"), "meta_data") - def delete_action_category(self, user_id, category_id): - # TODO (asteroide): delete all data linked to that category - # TODO (asteroide): delete all meta_rules linked to that category - if category_id not in self.driver.get_action_categories(category_id=category_id): - raise exceptions.ActionCategoryUnknown - meta_rules = self.get_meta_rules(user_id=user_id) - for meta_rule_id in meta_rules: - for action_category_id in meta_rules[meta_rule_id]['action_categories']: - if action_category_id == category_id: - # has_rules = self.driver.is_meta_rule_has_rules(meta_rule_id) - # if has_rules: - raise exceptions.DeleteActionCategoryWithMetaRule - - if self.driver.is_action_category_has_assignment(category_id): - raise exceptions.DeleteCategoryWithAssignment - - if self.driver.is_action_data_exist(category_id=category_id): - raise exceptions.DeleteCategoryWithData - - return self.driver.delete_action_category(category_id=category_id) diff --git a/python_moondb/python_moondb/api/pdp.py b/python_moondb/python_moondb/api/pdp.py deleted file mode 100644 index d0a071c9..00000000 --- a/python_moondb/python_moondb/api/pdp.py +++ /dev/null @@ -1,51 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -from uuid import uuid4 -import logging -from python_moonutilities.security_functions import enforce -from python_moondb.api.managers import Managers -from python_moonutilities import exceptions - -logger = logging.getLogger("moon.db.api.pdp") - - -class PDPManager(Managers): - - def __init__(self, connector=None): - self.driver = connector.driver - Managers.PDPManager = self - - @enforce(("read", "write"), "pdp") - def update_pdp(self, user_id, pdp_id, value): - if pdp_id not in self.driver.get_pdp(pdp_id=pdp_id): - raise exceptions.PdpUnknown - if value and 'security_pipeline' in value: - for policy_id in value['security_pipeline']: - if not Managers.PolicyManager.get_policies(user_id=user_id, policy_id=policy_id): - raise exceptions.PolicyUnknown - return self.driver.update_pdp(pdp_id=pdp_id, value=value) - - @enforce(("read", "write"), "pdp") - def delete_pdp(self, user_id, pdp_id): - if pdp_id not in self.driver.get_pdp(pdp_id=pdp_id): - raise exceptions.PdpUnknown - return self.driver.delete_pdp(pdp_id=pdp_id) - - @enforce(("read", "write"), "pdp") - def add_pdp(self, user_id, pdp_id=None, value=None): - if pdp_id in self.driver.get_pdp(pdp_id=pdp_id): - raise exceptions.PdpExisting - if not pdp_id: - pdp_id = uuid4().hex - if value and 'security_pipeline' in value: - for policy_id in value['security_pipeline']: - if not Managers.PolicyManager.get_policies(user_id=user_id, policy_id=policy_id): - raise exceptions.PolicyUnknown - return self.driver.add_pdp(pdp_id=pdp_id, value=value) - - @enforce("read", "pdp") - def get_pdp(self, user_id, pdp_id=None): - return self.driver.get_pdp(pdp_id=pdp_id) diff --git a/python_moondb/python_moondb/api/policy.py b/python_moondb/python_moondb/api/policy.py deleted file mode 100644 index 03a93ff5..00000000 --- a/python_moondb/python_moondb/api/policy.py +++ /dev/null @@ -1,751 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -from uuid import uuid4 -import logging -from python_moonutilities.security_functions import enforce -from python_moondb.api.managers import Managers -from python_moonutilities import exceptions - -# from python_moondb.core import PDPManager - -logger = logging.getLogger("moon.db.api.policy") - - -class PolicyManager(Managers): - - def __init__(self, connector=None): - self.driver = connector.driver - Managers.PolicyManager = self - - def get_policy_from_meta_rules(self, user_id, meta_rule_id): - policies = self.PolicyManager.get_policies("admin") - models = self.ModelManager.get_models("admin") - for pdp_key, pdp_value in self.PDPManager.get_pdp(user_id).items(): - if 'security_pipeline' not in pdp_value: - raise exceptions.PdpContentError - for policy_id in pdp_value["security_pipeline"]: - if not policies or policy_id not in policies: - raise exceptions.PolicyUnknown - model_id = policies[policy_id]["model_id"] - if not models: - raise exceptions.ModelUnknown - if model_id not in models: - raise exceptions.ModelUnknown - if meta_rule_id in models[model_id]["meta_rules"]: - return policy_id - - @enforce(("read", "write"), "policies") - def update_policy(self, user_id, policy_id, value): - - if not value or not value['name']: - raise exceptions.PolicyContentError - - policyList = self.driver.get_policies(policy_id=policy_id) - if not policy_id or policy_id not in policyList: - raise exceptions.PolicyUnknown - - policies = self.driver.get_policies(policy_name=value['name']) - if len(policies) and not (policy_id in policies): - raise exceptions.PolicyExisting("Policy name Existed") - - if 'model_id' in value and value['model_id']: - if not Managers.ModelManager.get_models(user_id, model_id=value['model_id']): - raise exceptions.ModelUnknown - - policy_obj = policyList[policy_id] - if (policy_obj["model_id"] and value["model_id"] != policy_obj["model_id"]): - - subjects = self.driver.get_subjects(policy_id=policy_id) - if subjects: - raise exceptions.PolicyUpdateError("Policy is used in subject") - objects = self.driver.get_objects(policy_id=policy_id) - if objects: - raise exceptions.PolicyUpdateError("Policy is used in object") - actions = self.driver.get_actions(policy_id=policy_id) - if actions: - raise exceptions.PolicyUpdateError("Policy is used in action") - - rules = self.driver.get_rules(policy_id=policy_id)["rules"] - if rules: - raise exceptions.PolicyUpdateError("Policy is used in rule") - - subject_data = self.get_subject_data(user_id, policy_id=policy_id) - if subject_data and subject_data[0]["data"]: - raise exceptions.PolicyUpdateError("Policy is used in subject_data") - object_data = self.get_object_data(user_id, policy_id=policy_id) - if object_data and object_data[0]["data"]: - raise exceptions.PolicyUpdateError("Policy is used in object_data") - action_data = self.get_action_data(user_id, policy_id=policy_id) - if action_data and action_data[0]["data"]: - raise exceptions.PolicyUpdateError("Policy is used in action_data") - - return self.driver.update_policy(policy_id=policy_id, value=value) - - @enforce(("read", "write"), "policies") - def delete_policy(self, user_id, policy_id): - # TODO (asteroide): unmap PDP linked to that policy - if policy_id not in self.driver.get_policies(policy_id=policy_id): - raise exceptions.PolicyUnknown - pdps = self.PDPManager.get_pdp(user_id=user_id) - for pdp in pdps: - for policy_id in pdps[pdp]['security_pipeline']: - if policy_id == policy_id: - raise exceptions.DeletePolicyWithPdp - subjects = self.driver.get_subjects(policy_id=policy_id) - if subjects: - raise exceptions.DeletePolicyWithPerimeter - objects = self.driver.get_objects(policy_id=policy_id) - if objects: - raise exceptions.DeletePolicyWithPerimeter - actions = self.driver.get_actions(policy_id=policy_id) - if actions: - raise exceptions.DeletePolicyWithPerimeter - - rules = self.driver.get_rules(policy_id=policy_id)["rules"] - if rules: - raise exceptions.DeletePolicyWithRules - - subject_data = self.get_subject_data(user_id, policy_id=policy_id) - if subject_data and subject_data[0]["data"]: - raise exceptions.DeletePolicyWithData - object_data = self.get_object_data(user_id, policy_id=policy_id) - if object_data and object_data[0]["data"]: - raise exceptions.DeletePolicyWithData - action_data = self.get_action_data(user_id, policy_id=policy_id) - if action_data and action_data[0]["data"]: - raise exceptions.DeletePolicyWithData - - return self.driver.delete_policy(policy_id=policy_id) - - @enforce(("read", "write"), "policies") - def add_policy(self, user_id, policy_id=None, value=None): - - if not value or not value['name']: - raise exceptions.PolicyContentError - if policy_id in self.driver.get_policies(policy_id=policy_id): - raise exceptions.PolicyExisting - - if len(self.driver.get_policies(policy_name=value['name'])): - raise exceptions.PolicyExisting("Policy name Existed") - - if not policy_id: - policy_id = uuid4().hex - if 'model_id' in value and value['model_id'] != "": - if not Managers.ModelManager.get_models(user_id, model_id=value['model_id']): - raise exceptions.ModelUnknown - return self.driver.add_policy(policy_id=policy_id, value=value) - - @enforce("read", "policies") - def get_policies(self, user_id, policy_id=None): - return self.driver.get_policies(policy_id=policy_id) - - @enforce("read", "perimeter") - def get_subjects(self, user_id, policy_id, perimeter_id=None): - # if not policy_id: - # raise exceptions.PolicyUnknown - if policy_id and (not self.get_policies(user_id=user_id, policy_id=policy_id)): - raise exceptions.PolicyUnknown - return self.driver.get_subjects(policy_id=policy_id, perimeter_id=perimeter_id) - - @enforce(("read", "write"), "perimeter") - def add_subject(self, user_id, policy_id, perimeter_id=None, value=None): - - if not value or "name" not in value or not value["name"].strip(): - raise exceptions.PerimeterContentError('invalid name') - - if not policy_id or (not self.get_policies(user_id=user_id, policy_id=policy_id)): - raise exceptions.PolicyUnknown - - if perimeter_id: - subjects = self.driver.get_subjects(policy_id=None, perimeter_id=perimeter_id) - if subjects and subjects[perimeter_id]['name'] != value['name']: - raise exceptions.PerimeterContentError - - if not perimeter_id: - subject_per = self.driver.get_subject_by_name(value['name']) - if len(subject_per): - perimeter_id = next(iter(subject_per)) - - k_user = Managers.KeystoneManager.get_user_by_name(value.get('name')) - if not k_user['users']: - k_user = Managers.KeystoneManager.create_user(value) - if not perimeter_id: - try: - logger.info("k_user={}".format(k_user)) - perimeter_id = k_user['users'][0].get('id', uuid4().hex) - except IndexError: - k_user = Managers.KeystoneManager.get_user_by_name( - value.get('name')) - perimeter_id = uuid4().hex - except KeyError: - k_user = Managers.KeystoneManager.get_user_by_name( - value.get('name')) - perimeter_id = uuid4().hex - - value.update(k_user['users'][0]) - - return self.driver.set_subject(policy_id=policy_id, perimeter_id=perimeter_id, value=value) - - @enforce(("read", "write"), "perimeter") - def update_subject(self, user_id, perimeter_id, value): - logger.debug("update_subject perimeter_id = {}".format(perimeter_id)) - - if not perimeter_id: - raise exceptions.SubjectUnknown - - subjects = self.driver.get_subjects(policy_id=None, perimeter_id=perimeter_id) - if not subjects or not (perimeter_id in subjects): - raise exceptions.PerimeterContentError - - if 'policy_list' in value or ('name' in value and not value['name']): - raise exceptions.PerimeterContentError - - return self.driver.update_subject(perimeter_id=perimeter_id, value=value) - - @enforce(("read", "write"), "perimeter") - def delete_subject(self, user_id, policy_id, perimeter_id): - - if not perimeter_id: - raise exceptions.SubjectUnknown - - if not policy_id: - raise exceptions.PolicyUnknown - - if not self.get_subjects(user_id=user_id, policy_id=policy_id, perimeter_id=perimeter_id): - raise exceptions.SubjectUnknown - - if not self.get_policies(user_id=user_id, policy_id=policy_id): - raise exceptions.PolicyUnknown - - subj_assig = self.driver.get_subject_assignments(policy_id=policy_id, - subject_id=perimeter_id) - if subj_assig: - raise exceptions.DeletePerimeterWithAssignment - - return self.driver.delete_subject(policy_id=policy_id, perimeter_id=perimeter_id) - - @enforce("read", "perimeter") - def get_objects(self, user_id, policy_id, perimeter_id=None): - # if not policy_id: - # pass - if policy_id and (not self.get_policies(user_id=user_id, policy_id=policy_id)): - raise exceptions.PolicyUnknown - return self.driver.get_objects(policy_id=policy_id, perimeter_id=perimeter_id) - - @enforce(("read", "write"), "perimeter") - def add_object(self, user_id, policy_id, perimeter_id=None, value=None): - if not value or "name" not in value or not value["name"].strip(): - raise exceptions.PerimeterContentError('invalid name') - - if not policy_id or (not self.get_policies(user_id=user_id, policy_id=policy_id)): - raise exceptions.PolicyUnknown - - if perimeter_id: - object_perimeter = self.driver.get_objects(policy_id=None, perimeter_id=perimeter_id) - if not object_perimeter: - raise exceptions.PerimeterContentError - - if not perimeter_id: - object_perimeter = self.driver.get_object_by_name(value['name']) - if len(object_perimeter): - perimeter_id = next(iter(object_perimeter)) - - if perimeter_id and object_perimeter[perimeter_id]['name'] != value['name']: - raise exceptions.PerimeterContentError - - if not perimeter_id: - perimeter_id = uuid4().hex - return self.driver.set_object(policy_id=policy_id, perimeter_id=perimeter_id, value=value) - - @enforce(("read", "write"), "perimeter") - def update_object(self, user_id, perimeter_id, value): - logger.debug("update_object perimeter_id = {}".format(perimeter_id)) - - if not perimeter_id: - raise exceptions.ObjectUnknown - - objects = self.driver.get_objects(policy_id=None, perimeter_id=perimeter_id) - if not objects or not (perimeter_id in objects): - raise exceptions.PerimeterContentError - - if 'policy_list' in value or ('name' in value and not value['name']): - raise exceptions.PerimeterContentError - - return self.driver.update_object(perimeter_id=perimeter_id, value=value) - - @enforce(("read", "write"), "perimeter") - def delete_object(self, user_id, policy_id, perimeter_id): - - if not perimeter_id: - raise exceptions.ObjectUnknown - - if not policy_id: - raise exceptions.PolicyUnknown - - if not self.get_objects(user_id=user_id, policy_id=policy_id, perimeter_id=perimeter_id): - raise exceptions.ObjectUnknown - - if not self.get_policies(user_id=user_id, policy_id=policy_id): - raise exceptions.PolicyUnknown - - obj_assig = self.driver.get_object_assignments(policy_id=policy_id, object_id=perimeter_id) - if obj_assig: - raise exceptions.DeletePerimeterWithAssignment - - return self.driver.delete_object(policy_id=policy_id, perimeter_id=perimeter_id) - - @enforce("read", "perimeter") - def get_actions(self, user_id, policy_id, perimeter_id=None): - # if not policy_id: - # pass - if policy_id and (not self.get_policies(user_id=user_id, policy_id=policy_id)): - raise exceptions.PolicyUnknown - return self.driver.get_actions(policy_id=policy_id, perimeter_id=perimeter_id) - - @enforce(("read", "write"), "perimeter") - def add_action(self, user_id, policy_id, perimeter_id=None, value=None): - logger.debug("add_action {}".format(policy_id)) - - if not value or "name" not in value or not value["name"].strip(): - raise exceptions.PerimeterContentError('invalid name') - - if not policy_id or (not self.get_policies(user_id=user_id, policy_id=policy_id)): - raise exceptions.PolicyUnknown - - if perimeter_id: - action_perimeter = self.driver.get_actions(policy_id=None, perimeter_id=perimeter_id) - if not action_perimeter: - raise exceptions.PerimeterContentError - - if not perimeter_id: - action_perimeter = self.driver.get_action_by_name(value['name']) - if len(action_perimeter): - perimeter_id = next(iter(action_perimeter)) - - if perimeter_id and action_perimeter[perimeter_id]['name'] != value['name']: - raise exceptions.PerimeterContentError - - if not perimeter_id: - perimeter_id = uuid4().hex - - return self.driver.set_action(policy_id=policy_id, perimeter_id=perimeter_id, value=value) - - @enforce(("read", "write"), "perimeter") - def update_action(self, user_id, perimeter_id, value): - logger.debug("update_action perimeter_id = {}".format(perimeter_id)) - - if not perimeter_id: - raise exceptions.ActionUnknown - - actions = self.driver.get_actions(policy_id=None, perimeter_id=perimeter_id) - if not actions or not (perimeter_id in actions): - raise exceptions.PerimeterContentError - - if 'policy_list' in value or ('name' in value and not value['name']): - raise exceptions.PerimeterContentError - - return self.driver.update_action(perimeter_id=perimeter_id, value=value) - - @enforce(("read", "write"), "perimeter") - def delete_action(self, user_id, policy_id, perimeter_id): - - if not perimeter_id: - raise exceptions.ActionUnknown - - if not policy_id: - raise exceptions.PolicyUnknown - - if not self.get_actions(user_id=user_id, policy_id=policy_id, perimeter_id=perimeter_id): - raise exceptions.ActionUnknown - - logger.debug("delete_action {} {} {}".format(policy_id, perimeter_id, - self.get_policies(user_id=user_id, - policy_id=policy_id))) - if not self.get_policies(user_id=user_id, policy_id=policy_id): - raise exceptions.PolicyUnknown - - act_assig = self.driver.get_action_assignments(policy_id=policy_id, action_id=perimeter_id) - if act_assig: - raise exceptions.DeletePerimeterWithAssignment - return self.driver.delete_action(policy_id=policy_id, perimeter_id=perimeter_id) - - @enforce("read", "data") - def get_subject_data(self, user_id, policy_id, data_id=None, category_id=None): - available_metadata = self.get_available_metadata(user_id, policy_id) - results = [] - if not category_id: - for cat in available_metadata["subject"]: - results.append(self.driver.get_subject_data(policy_id=policy_id, data_id=data_id, - category_id=cat)) - if category_id and category_id in available_metadata["subject"]: - results.append(self.driver.get_subject_data(policy_id=policy_id, data_id=data_id, - category_id=category_id)) - return results - - @enforce(("read", "write"), "data") - def set_subject_data(self, user_id, policy_id, data_id=None, category_id=None, value=None): - if not category_id or ( - not Managers.ModelManager.get_subject_categories(user_id=user_id, - category_id=category_id)): - raise exceptions.SubjectCategoryUnknown - - self.__category_dependency_validation(user_id, policy_id, category_id, 'subject_categories') - - if not data_id: - data_id = uuid4().hex - return self.driver.set_subject_data(policy_id=policy_id, data_id=data_id, - category_id=category_id, value=value) - - @enforce(("read", "write"), "data") - def delete_subject_data(self, user_id, policy_id, data_id, category_id=None): - # TODO (asteroide): check and/or delete assignments linked to that data - subject_assignments = self.get_subject_assignments(user_id=user_id, policy_id=policy_id, - category_id=category_id) - if subject_assignments: - raise exceptions.DeleteData - return self.driver.delete_subject_data(policy_id=policy_id, category_id=category_id, - data_id=data_id) - - @enforce("read", "data") - def get_object_data(self, user_id, policy_id, data_id=None, category_id=None): - available_metadata = self.get_available_metadata(user_id, policy_id) - results = [] - if not category_id: - for cat in available_metadata["object"]: - results.append(self.driver.get_object_data(policy_id=policy_id, data_id=data_id, - category_id=cat)) - if category_id and category_id in available_metadata["object"]: - results.append(self.driver.get_object_data(policy_id=policy_id, data_id=data_id, - category_id=category_id)) - return results - - @enforce(("read", "write"), "data") - def add_object_data(self, user_id, policy_id, data_id=None, category_id=None, value=None): - - if not category_id or ( - not Managers.ModelManager.get_object_categories(user_id=user_id, - category_id=category_id)): - raise exceptions.ObjectCategoryUnknown - - self.__category_dependency_validation(user_id, policy_id, category_id, 'object_categories') - - if not data_id: - data_id = uuid4().hex - return self.driver.set_object_data(policy_id=policy_id, data_id=data_id, - category_id=category_id, value=value) - - @enforce(("read", "write"), "data") - def delete_object_data(self, user_id, policy_id, data_id, category_id=None): - # TODO (asteroide): check and/or delete assignments linked to that data - object_assignments = self.get_object_assignments(user_id=user_id, policy_id=policy_id, - category_id=category_id) - if object_assignments: - raise exceptions.DeleteData - return self.driver.delete_object_data(policy_id=policy_id, category_id=category_id, - data_id=data_id) - - @enforce("read", "data") - def get_action_data(self, user_id, policy_id, data_id=None, category_id=None): - available_metadata = self.get_available_metadata(user_id, policy_id) - results = [] - if not category_id: - for cat in available_metadata["action"]: - results.append(self.driver.get_action_data(policy_id=policy_id, data_id=data_id, - category_id=cat)) - if category_id and category_id in available_metadata["action"]: - results.append(self.driver.get_action_data(policy_id=policy_id, data_id=data_id, - category_id=category_id)) - return results - - @enforce(("read", "write"), "data") - def add_action_data(self, user_id, policy_id, data_id=None, category_id=None, value=None): - if not category_id or ( - not Managers.ModelManager.get_action_categories(user_id=user_id, - category_id=category_id)): - raise exceptions.ActionCategoryUnknown - - self.__category_dependency_validation(user_id, policy_id, category_id, 'action_categories') - - if not data_id: - data_id = uuid4().hex - return self.driver.set_action_data(policy_id=policy_id, data_id=data_id, - category_id=category_id, value=value) - - @enforce(("read", "write"), "data") - def delete_action_data(self, user_id, policy_id, data_id, category_id=None): - # TODO (asteroide): check and/or delete assignments linked to that data - action_assignments = self.get_action_assignments(user_id=user_id, policy_id=policy_id, - category_id=category_id) - if action_assignments: - raise exceptions.DeleteData - return self.driver.delete_action_data(policy_id=policy_id, category_id=category_id, - data_id=data_id) - - @enforce("read", "assignments") - def get_subject_assignments(self, user_id, policy_id, subject_id=None, category_id=None): - return self.driver.get_subject_assignments(policy_id=policy_id, subject_id=subject_id, - category_id=category_id) - - @enforce(("read", "write"), "assignments") - def add_subject_assignment(self, user_id, policy_id, subject_id, category_id, data_id): - - if not category_id or ( - not Managers.ModelManager.get_subject_categories(user_id=user_id, - category_id=category_id)): - raise exceptions.SubjectCategoryUnknown - - self.__category_dependency_validation(user_id, policy_id, category_id, 'subject_categories') - - if not subject_id or ( - not self.get_subjects(user_id=user_id, policy_id=policy_id, - perimeter_id=subject_id)): - raise exceptions.SubjectUnknown - - if not data_id or ( - not self.get_subject_data(user_id=user_id, policy_id=policy_id, data_id=data_id, - category_id=category_id)): - raise exceptions.DataUnknown - - return self.driver.add_subject_assignment(policy_id=policy_id, subject_id=subject_id, - category_id=category_id, data_id=data_id) - - @enforce(("read", "write"), "assignments") - def delete_subject_assignment(self, user_id, policy_id, subject_id, category_id, data_id): - return self.driver.delete_subject_assignment(policy_id=policy_id, subject_id=subject_id, - category_id=category_id, data_id=data_id) - - @enforce("read", "assignments") - def get_object_assignments(self, user_id, policy_id, object_id=None, category_id=None): - return self.driver.get_object_assignments(policy_id=policy_id, object_id=object_id, - category_id=category_id) - - @enforce(("read", "write"), "assignments") - def add_object_assignment(self, user_id, policy_id, object_id, category_id, data_id): - - if not category_id or ( - not Managers.ModelManager.get_object_categories(user_id=user_id, - category_id=category_id)): - raise exceptions.ObjectCategoryUnknown - - self.__category_dependency_validation(user_id, policy_id, category_id, 'object_categories') - - if not object_id or ( - not self.get_objects(user_id=user_id, policy_id=policy_id, perimeter_id=object_id)): - raise exceptions.ObjectUnknown - - if not data_id or ( - not self.get_object_data(user_id=user_id, policy_id=policy_id, data_id=data_id, - category_id=category_id)): - raise exceptions.DataUnknown - - return self.driver.add_object_assignment(policy_id=policy_id, object_id=object_id, - category_id=category_id, data_id=data_id) - - @enforce(("read", "write"), "assignments") - def delete_object_assignment(self, user_id, policy_id, object_id, category_id, data_id): - return self.driver.delete_object_assignment(policy_id=policy_id, object_id=object_id, - category_id=category_id, data_id=data_id) - - @enforce("read", "assignments") - def get_action_assignments(self, user_id, policy_id, action_id=None, category_id=None): - return self.driver.get_action_assignments(policy_id=policy_id, action_id=action_id, - category_id=category_id) - - @enforce(("read", "write"), "assignments") - def add_action_assignment(self, user_id, policy_id, action_id, category_id, data_id): - - if not category_id or ( - not Managers.ModelManager.get_action_categories(user_id=user_id, - category_id=category_id)): - raise exceptions.ActionCategoryUnknown - - self.__category_dependency_validation(user_id, policy_id, category_id, 'action_categories') - - if not action_id or ( - not self.get_actions(user_id=user_id, policy_id=policy_id, perimeter_id=action_id)): - raise exceptions.ActionUnknown - - if not data_id or ( - not self.get_action_data(user_id=user_id, policy_id=policy_id, data_id=data_id, - category_id=category_id)): - raise exceptions.DataUnknown - - return self.driver.add_action_assignment(policy_id=policy_id, action_id=action_id, - category_id=category_id, data_id=data_id) - - @enforce(("read", "write"), "assignments") - def delete_action_assignment(self, user_id, policy_id, action_id, category_id, data_id): - return self.driver.delete_action_assignment(policy_id=policy_id, action_id=action_id, - category_id=category_id, data_id=data_id) - - @enforce("read", "rules") - def get_rules(self, user_id, policy_id, meta_rule_id=None, rule_id=None): - return self.driver.get_rules(policy_id=policy_id, meta_rule_id=meta_rule_id, - rule_id=rule_id) - - @enforce(("read", "write"), "rules") - def add_rule(self, user_id, policy_id, meta_rule_id, value): - if not meta_rule_id or ( - not self.ModelManager.get_meta_rules(user_id=user_id, meta_rule_id=meta_rule_id)): - raise exceptions.MetaRuleUnknown - - self.__check_existing_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, user_id=user_id, - rule_value=value) - self.__dependencies_validation(user_id, policy_id, meta_rule_id) - - return self.driver.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) - - def __check_existing_rule(self, user_id, policy_id, meta_rule_id, rule_value): - - if not meta_rule_id: - raise exceptions.MetaRuleUnknown - - meta_rule = self.ModelManager.get_meta_rules(user_id=user_id, meta_rule_id=meta_rule_id) - if not meta_rule: - raise exceptions.MetaRuleUnknown - - if len(meta_rule[meta_rule_id]['subject_categories']) + len( - meta_rule[meta_rule_id]['object_categories']) \ - + len(meta_rule[meta_rule_id]['action_categories']) > len(rule_value['rule']): - raise exceptions.RuleContentError(message="Missing Data") - - if len(meta_rule[meta_rule_id]['subject_categories']) + len( - meta_rule[meta_rule_id]['object_categories']) \ - + len(meta_rule[meta_rule_id]['action_categories']) < len(rule_value['rule']): - raise exceptions.MetaRuleContentError(message="Missing Data") - - temp_rule_data = list( - rule_value['rule'][0:len(meta_rule[meta_rule_id]['subject_categories'])]) - found_data_counter = 0 - start_sub = len(meta_rule[meta_rule_id]['subject_categories']) - - for sub_cat_id in meta_rule[meta_rule_id]['subject_categories']: - subjects_data = self.get_subject_data(user_id=user_id, - category_id=sub_cat_id, policy_id=policy_id) - found_data_counter = self.__validate_data_id(sub_cat_id, subjects_data[0]['data'], - temp_rule_data, - "Missing Subject_category " - , found_data_counter) - - if found_data_counter != len(meta_rule[meta_rule_id]['subject_categories']): - raise exceptions.RuleContentError(message="Missing Data") - - temp_rule_data = list( - rule_value['rule'][ - start_sub:start_sub + len(meta_rule[meta_rule_id]['object_categories'])]) - found_data_counter = 0 - start_sub = start_sub + len(meta_rule[meta_rule_id]['object_categories']) - - for ob_cat_id in meta_rule[meta_rule_id]['object_categories']: - object_data = self.get_object_data(user_id=user_id, - category_id=ob_cat_id, policy_id=policy_id) - - found_data_counter = self.__validate_data_id(ob_cat_id, object_data[0]['data'], - temp_rule_data, - "Missing Object_category ", - found_data_counter) - - if found_data_counter != len(meta_rule[meta_rule_id]['object_categories']): - raise exceptions.RuleContentError(message="Missing Data") - - temp_rule_data = list( - rule_value['rule'][ - start_sub:start_sub + len(meta_rule[meta_rule_id]['action_categories'])]) - found_data_counter = 0 - - for act_cat_id in meta_rule[meta_rule_id]['action_categories']: - action_data = self.get_action_data(user_id=user_id, category_id=act_cat_id, - policy_id=policy_id) - found_data_counter = self.__validate_data_id(act_cat_id, action_data[0]['data'], - temp_rule_data, - "Missing Action_category ", - found_data_counter) - - if found_data_counter != len(meta_rule[meta_rule_id]['action_categories']): - raise exceptions.RuleContentError(message="Missing Data") - - def __validate_data_id(self, cat_id, data_ids, temp_rule_data, error_msg, found_data_counter): - for ID in data_ids: - if ID in temp_rule_data: - temp_rule_data.remove(ID) - found_data_counter += 1 - # if no data id found in the rule, so rule not valid - if found_data_counter < 1: - raise exceptions.RuleContentError(message=error_msg + cat_id) - return found_data_counter - - @enforce(("read", "write"), "rules") - def delete_rule(self, user_id, policy_id, rule_id): - return self.driver.delete_rule(policy_id=policy_id, rule_id=rule_id) - - @enforce("read", "meta_data") - def get_available_metadata(self, user_id, policy_id): - categories = { - "subject": [], - "object": [], - "action": [] - } - policy = self.driver.get_policies(policy_id=policy_id) - if not policy: - raise exceptions.PolicyUnknown - model_id = policy[policy_id]["model_id"] - model = Managers.ModelManager.get_models(user_id=user_id, model_id=model_id) - try: - meta_rule_list = model[model_id]["meta_rules"] - for meta_rule_id in meta_rule_list: - meta_rule = Managers.ModelManager.get_meta_rules(user_id=user_id, - meta_rule_id=meta_rule_id) - categories["subject"].extend(meta_rule[meta_rule_id]["subject_categories"]) - categories["object"].extend(meta_rule[meta_rule_id]["object_categories"]) - categories["action"].extend(meta_rule[meta_rule_id]["action_categories"]) - finally: - return categories - - def __dependencies_validation(self, user_id, policy_id, meta_rule_id=None): - - policies = self.get_policies(user_id=user_id, policy_id=policy_id) - if not policy_id or (not policies): - raise exceptions.PolicyUnknown - - policy_content = policies[next(iter(policies))] - model_id = policy_content['model_id'] - models = Managers.ModelManager.get_models(user_id=user_id, model_id=model_id) - if not model_id or not models: - raise exceptions.ModelUnknown - - model_content = models[next(iter(models))] - if meta_rule_id: - meta_rule_exists = False - - for model_meta_rule_id in model_content['meta_rules']: - if model_meta_rule_id == meta_rule_id: - meta_rule_exists = True - break - - if not meta_rule_exists: - raise exceptions.MetaRuleNotLinkedWithPolicyModel - - meta_rule = self.ModelManager.get_meta_rules(user_id=user_id, meta_rule_id=meta_rule_id) - meta_rule_content = meta_rule[next(iter(meta_rule))] - if (not meta_rule_content['subject_categories']) or ( - not meta_rule_content['object_categories']) or ( - not meta_rule_content['action_categories']): - raise exceptions.MetaRuleContentError - return model_content - - def __category_dependency_validation(self, user_id, policy_id, category_id, category_key): - model = self.__dependencies_validation(user_id=user_id, policy_id=policy_id) - category_found = False - for model_meta_rule_id in model['meta_rules']: - meta_rule = self.ModelManager.get_meta_rules(user_id=user_id, - meta_rule_id=model_meta_rule_id) - meta_rule_content = meta_rule[next(iter(meta_rule))] - if meta_rule_content[category_key] and category_id in meta_rule_content[category_key]: - category_found = True - break - - if not category_found: - raise exceptions.CategoryNotAssignedMetaRule diff --git a/python_moondb/python_moondb/backends/__init__.py b/python_moondb/python_moondb/backends/__init__.py deleted file mode 100644 index 6f1cd3d5..00000000 --- a/python_moondb/python_moondb/backends/__init__.py +++ /dev/null @@ -1,96 +0,0 @@ -""" -intra_extensions = { - intra_extension_id1: { - name: xxx, - model: yyy, - description: zzz}, - intra_extension_id2: {...}, - ... -} - -tenants = { - tenant_id1: { - name: xxx, - description: yyy, - intra_authz_extension_id: zzz, - intra_admin_extension_id: zzz, - }, - tenant_id2: {...}, - ... -} - ---------------- for each intra-extension ----------------- - -subject_categories = { - subject_category_id1: { - name: xxx, - description: yyy}, - subject_category_id2: {...}, - ... -} - -subjects = { - subject_id1: { - name: xxx, - description: yyy, - ...}, - subject_id2: {...}, - ... -} - -subject_scopes = { - subject_category_id1: { - subject_scope_id1: { - name: xxx, - description: aaa}, - subject_scope_id2: { - name: yyy, - description: bbb}, - ...}, - subject_scope_id3: { - ...} - subject_category_id2: {...}, - ... -} - -subject_assignments = { - subject_id1: { - subject_category_id1: [subject_scope_id1, subject_scope_id2, ...], - subject_category_id2: [subject_scope_id3, subject_scope_id4, ...], - ... - }, - subject_id2: { - subject_category_id1: [subject_scope_id1, subject_scope_id2, ...], - subject_category_id2: [subject_scope_id3, subject_scope_id4, ...], - ... - }, - ... -} - -aggregation_algorithm = { - aggregation_algorithm_id: { - name: xxx, - description: yyy - } - } - -sub_meta_rules = { - sub_meta_rule_id_1: { - "name": xxx, - "algorithm": yyy, - "subject_categories": [subject_category_id1, subject_category_id2,...], - "object_categories": [object_category_id1, object_category_id2,...], - "action_categories": [action_category_id1, action_category_id2,...] - sub_meta_rule_id_2: {...}, - ... -} - -rules = { - sub_meta_rule_id1: { - rule_id1: [subject_scope1, subject_scope2, ..., action_scope1, ..., object_scope1, ... ], - rule_id2: [subject_scope3, subject_scope4, ..., action_scope3, ..., object_scope3, ... ], - rule_id3: [thomas, write, admin.subjects] - ...}, - sub_meta_rule_id2: { }, - ...} -""" diff --git a/python_moondb/python_moondb/backends/sql.py b/python_moondb/python_moondb/backends/sql.py deleted file mode 100644 index d25586ba..00000000 --- a/python_moondb/python_moondb/backends/sql.py +++ /dev/null @@ -1,1884 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import copy -import json -from uuid import uuid4 -import sqlalchemy as sql -import logging -from sqlalchemy.orm import sessionmaker -from sqlalchemy.ext.declarative import declarative_base, declared_attr -from sqlalchemy import create_engine -from contextlib import contextmanager -from sqlalchemy import types as sql_types -from python_moonutilities import configuration -from python_moonutilities import exceptions -from python_moondb.core import PDPDriver, PolicyDriver, ModelDriver -import sqlalchemy - -logger = logging.getLogger("moon.db.driver.sql") -Base = declarative_base() -DEBUG = True if configuration.get_configuration("logging")['logging']['loggers']['moon'][ - 'level'] == "DEBUG" else False - - -class DictBase: - attributes = [] - - @classmethod - def from_dict(cls, d): - new_d = d.copy() - return cls(**new_d) - # new_d = d.copy() - # - # new_d['extra'] = {k: new_d.pop(k) for k in six.iterkeys(d) - # if k not in cls.attributes and k != 'extra'} - # - # return cls(**new_d) - - def to_dict(self): - d = dict() - for attr in self.__class__.attributes: - d[attr] = getattr(self, attr) - return d - - def __getitem__(self, key): - # if "extra" in dir(self) and key in self.extra: - # return self.extra[key] - return getattr(self, key) - - -class JsonBlob(sql_types.TypeDecorator): - impl = sql.Text - - def process_bind_param(self, value, dialect): - return json.dumps(value) - - def process_result_value(self, value, dialect): - return json.loads(value) - - -class Model(Base, DictBase): - __tablename__ = 'models' - attributes = ['id', 'name', 'value'] - id = sql.Column(sql.String(64), primary_key=True) - name = sql.Column(sql.String(256), nullable=False) - value = sql.Column(JsonBlob(), nullable=True) - - def to_dict(self): - return { - "name": self.name, - "description": self.value.get("description", ""), - "meta_rules": self.value.get("meta_rules", list()), - } - - -class Policy(Base, DictBase): - __tablename__ = 'policies' - attributes = ['id', 'name', 'model_id', 'value'] - id = sql.Column(sql.String(64), primary_key=True) - name = sql.Column(sql.String(256), nullable=False) - model_id = sql.Column(sql.String(64), nullable=True, default="") - value = sql.Column(JsonBlob(), nullable=True) - - def to_dict(self): - return { - "description": self.value.get("description", ""), - "genre": self.value.get("genre", ""), - "model_id": self.model_id, - "name": self.name - } - - -class PDP(Base, DictBase): - __tablename__ = 'pdp' - attributes = ['id', 'name', 'keystone_project_id', 'value'] - id = sql.Column(sql.String(64), primary_key=True) - name = sql.Column(sql.String(256), nullable=False) - keystone_project_id = sql.Column(sql.String(64), nullable=True, default="") - value = sql.Column(JsonBlob(), nullable=True) - - def to_dict(self): - return { - "name": self.name, - "description": self.value.get("description", ""), - "keystone_project_id": self.keystone_project_id, - "security_pipeline": self.value.get("security_pipeline", []), - } - - -class PerimeterCategoryBase(DictBase): - attributes = ['id', 'name', 'description'] - id = sql.Column(sql.String(64), primary_key=True) - name = sql.Column(sql.String(256), nullable=False) - description = sql.Column(sql.String(256), nullable=True) - - -class SubjectCategory(Base, PerimeterCategoryBase): - __tablename__ = 'subject_categories' - - -class ObjectCategory(Base, PerimeterCategoryBase): - __tablename__ = 'object_categories' - - -class ActionCategory(Base, PerimeterCategoryBase): - __tablename__ = 'action_categories' - - -class PerimeterBase(DictBase): - attributes = ['id', 'name', 'value'] - id = sql.Column(sql.String(64), primary_key=True) - name = sql.Column(sql.String(256), nullable=False) - value = sql.Column(JsonBlob(), nullable=True) - __mapper_args__ = {'concrete': True} - - def __repr__(self): - return "{} with name {} : {}".format(self.id, self.name, json.dumps(self.value)) - - def to_return(self): - return { - 'id': self.id, - 'name': self.name, - 'description': self.value.get("description", ""), - 'email': self.value.get("email", ""), - 'extra': self.value.get("extra", dict()), - 'policy_list': self.value.get("policy_list", []) - } - - def to_dict(self): - dict_value = copy.deepcopy(self.value) - dict_value["name"] = self.name - return { - 'id': self.id, - 'value': dict_value - } - - -class Subject(Base, PerimeterBase): - __tablename__ = 'subjects' - - -class Object(Base, PerimeterBase): - __tablename__ = 'objects' - - -class Action(Base, PerimeterBase): - __tablename__ = 'actions' - - -class PerimeterDataBase(DictBase): - attributes = ['id', 'name', 'value', 'category_id', 'policy_id'] - id = sql.Column(sql.String(64), primary_key=True) - name = sql.Column(sql.String(256), nullable=False) - value = sql.Column(JsonBlob(), nullable=True) - - @declared_attr - def policy_id(cls): - return sql.Column(sql.ForeignKey("policies.id"), nullable=False) - - def to_dict(self): - return { - 'id': self.id, - 'name': self.name, - 'description': self.value.get("description", ""), - 'category_id': self.category_id, - 'policy_id': self.policy_id - } - - -class SubjectData(Base, PerimeterDataBase): - __tablename__ = 'subject_data' - category_id = sql.Column(sql.ForeignKey("subject_categories.id"), nullable=False) - - -class ObjectData(Base, PerimeterDataBase): - __tablename__ = 'object_data' - category_id = sql.Column(sql.ForeignKey("object_categories.id"), nullable=False) - - -class ActionData(Base, PerimeterDataBase): - __tablename__ = 'action_data' - category_id = sql.Column(sql.ForeignKey("action_categories.id"), nullable=False) - - -class PerimeterAssignmentBase(DictBase): - attributes = ['id', 'assignments', 'policy_id', 'subject_id', 'category_id'] - id = sql.Column(sql.String(64), primary_key=True) - assignments = sql.Column(JsonBlob(), nullable=True) - category_id = None - - @declared_attr - def policy_id(cls): - return sql.Column(sql.ForeignKey("policies.id"), nullable=False) - - def _to_dict(self, element_key, element_value): - return { - "id": self.id, - "policy_id": self.policy_id, - element_key: element_value, - "category_id": self.category_id, - "assignments": self.assignments, - } - - -class SubjectAssignment(Base, PerimeterAssignmentBase): - __tablename__ = 'subject_assignments' - subject_id = sql.Column(sql.ForeignKey("subjects.id"), nullable=False) - category_id = sql.Column(sql.ForeignKey("subject_categories.id"), nullable=False) - - def to_dict(self): - return self._to_dict("subject_id", self.subject_id) - - -class ObjectAssignment(Base, PerimeterAssignmentBase): - __tablename__ = 'object_assignments' - attributes = ['id', 'assignments', 'policy_id', 'object_id', 'category_id'] - object_id = sql.Column(sql.ForeignKey("objects.id"), nullable=False) - category_id = sql.Column(sql.ForeignKey("object_categories.id"), nullable=False) - - def to_dict(self): - return self._to_dict("object_id", self.object_id) - - -class ActionAssignment(Base, PerimeterAssignmentBase): - __tablename__ = 'action_assignments' - attributes = ['id', 'assignments', 'policy_id', 'action_id', 'category_id'] - action_id = sql.Column(sql.ForeignKey("actions.id"), nullable=False) - category_id = sql.Column(sql.ForeignKey("action_categories.id"), nullable=False) - - def to_dict(self): - return self._to_dict("action_id", self.action_id) - - -class MetaRule(Base, DictBase): - __tablename__ = 'meta_rules' - attributes = ['id', 'name', 'subject_categories', 'object_categories', 'action_categories', - 'value'] - id = sql.Column(sql.String(64), primary_key=True) - name = sql.Column(sql.String(256), nullable=False) - subject_categories = sql.Column(JsonBlob(), nullable=True) - object_categories = sql.Column(JsonBlob(), nullable=True) - action_categories = sql.Column(JsonBlob(), nullable=True) - value = sql.Column(JsonBlob(), nullable=True) - - def to_dict(self): - return { - "name": self.name, - "description": self.value.get("description", ""), - "subject_categories": self.subject_categories, - "object_categories": self.object_categories, - "action_categories": self.action_categories, - } - - -class Rule(Base, DictBase): - __tablename__ = 'rules' - attributes = ['id', 'rule', 'policy_id', 'meta_rule_id'] - id = sql.Column(sql.String(64), primary_key=True) - rule = sql.Column(JsonBlob(), nullable=True) - policy_id = sql.Column(sql.ForeignKey("policies.id"), nullable=False) - meta_rule_id = sql.Column(sql.ForeignKey("meta_rules.id"), nullable=False) - - def to_dict(self): - return { - 'id': self.id, - 'rule': self.rule["rule"], - 'instructions': self.rule["instructions"], - 'enabled': self.rule["enabled"], - 'policy_id': self.policy_id, - 'meta_rule_id': self.meta_rule_id - } - - def __repr__(self): - return "{}".format(self.rule) - - -@contextmanager -def session_scope(engine): - """Provide a transactional scope around a series of operations.""" - if type(engine) is str: - echo = DEBUG - engine = create_engine(engine, echo=echo) - session = sessionmaker(bind=engine)() - try: - yield session - session.commit() - except: - session.rollback() - raise - finally: - session.close() - - -class BaseConnector(object): - """Provide a base connector to connect them all""" - engine = "" - - def __init__(self, engine_name): - echo = DEBUG - self.engine = create_engine(engine_name, echo=echo) - - def init_db(self): - Base.metadata.create_all(self.engine) - - def set_engine(self, engine_name): - self.engine = engine_name - - def get_session(self): - return session_scope(self.engine) - - def get_session_for_read(self): - return self.get_session() - - def get_session_for_write(self): - return self.get_session() - - -class PDPConnector(BaseConnector, PDPDriver): - - def update_pdp(self, pdp_id, value): - try: - with self.get_session_for_write() as session: - query = session.query(PDP) - query = query.filter_by(id=pdp_id) - ref = query.first() - if ref: - value_wo_name = copy.deepcopy(value) - value_wo_name.pop("name", None) - value_wo_name.pop("keystone_project_id", None) - ref.name = value["name"] - ref.keystone_project_id = value["keystone_project_id"] - d = dict(ref.value) - d.update(value_wo_name) - setattr(ref, "value", d) - return {ref.id: ref.to_dict()} - except sqlalchemy.exc.IntegrityError as error: - if 'UNIQUE constraint' in str(error): - raise exceptions.PdpExisting - raise error - - def delete_pdp(self, pdp_id): - with self.get_session_for_write() as session: - ref = session.query(PDP).get(pdp_id) - session.delete(ref) - - def add_pdp(self, pdp_id=None, value=None): - try: - with self.get_session_for_write() as session: - value_wo_name = copy.deepcopy(value) - value_wo_name.pop("name", None) - value_wo_name.pop("keystone_project_id", None) - new = PDP.from_dict({ - "id": pdp_id if pdp_id else uuid4().hex, - "name": value["name"], - "keystone_project_id": value["keystone_project_id"], - "value": value_wo_name - }) - session.add(new) - return {new.id: new.to_dict()} - except sqlalchemy.exc.IntegrityError as error: - if 'UNIQUE constraint' in str(error): - raise exceptions.PdpExisting - raise error - - def get_pdp(self, pdp_id=None): - with self.get_session_for_read() as session: - query = session.query(PDP) - if pdp_id: - query = query.filter_by(id=pdp_id) - ref_list = query.all() - return {_ref.id: _ref.to_dict() for _ref in ref_list} - - -class PolicyConnector(BaseConnector, PolicyDriver): - - def update_policy(self, policy_id, value): - try: - with self.get_session_for_write() as session: - query = session.query(Policy) - query = query.filter_by(id=policy_id) - ref = query.first() - - if ref: - value_wo_other_info = copy.deepcopy(value) - value_wo_other_info.pop("name", None) - value_wo_other_info.pop("model_id", None) - ref.name = value["name"] - ref.model_id = value["model_id"] - d = dict(ref.value) - d.update(value_wo_other_info) - setattr(ref, "value", d) - return {ref.id: ref.to_dict()} - - except sqlalchemy.exc.IntegrityError as error: - if 'UNIQUE constraint' in str(error): - raise exceptions.PolicyExisting - raise error - - def delete_policy(self, policy_id): - with self.get_session_for_write() as session: - ref = session.query(Policy).get(policy_id) - session.delete(ref) - - def add_policy(self, policy_id=None, value=None): - try: - with self.get_session_for_write() as session: - value_wo_other_info = copy.deepcopy(value) - value_wo_other_info.pop("name", None) - value_wo_other_info.pop("model_id", None) - new = Policy.from_dict({ - "id": policy_id if policy_id else uuid4().hex, - "name": value["name"], - "model_id": value.get("model_id", ""), - "value": value_wo_other_info - }) - session.add(new) - return {new.id: new.to_dict()} - - except sqlalchemy.exc.IntegrityError as error: - if 'UNIQUE constraint' in str(error): - raise exceptions.PolicyExisting - raise error - - def get_policies(self, policy_id=None, policy_name=None): - with self.get_session_for_read() as session: - query = session.query(Policy) - if policy_id: - query = query.filter_by(id=policy_id) - elif policy_name: - query = query.filter_by(name=policy_name) - - ref_list = query.all() - return {_ref.id: _ref.to_dict() for _ref in ref_list} - - def __get_perimeters(self, ClassType, policy_id, perimeter_id=None): - # if not policy_id: - # raise exceptions.PolicyUnknown - - with self.get_session_for_read() as session: - query = session.query(ClassType) - - if perimeter_id: - query = query.filter_by(id=perimeter_id) - - ref_list = copy.deepcopy(query.all()) - - if policy_id: - results = [] - for _ref in ref_list: - _ref_value = _ref.to_return() - if policy_id in _ref_value["policy_list"]: - results.append(_ref) - return {_ref.id: _ref.to_return() for _ref in results} - return {_ref.id: _ref.to_return() for _ref in ref_list} - - def __get_perimeter_by_name(self, ClassType, perimeter_name): - # if not policy_id: - # raise exceptions.PolicyUnknown - with self.get_session_for_read() as session: - query = session.query(ClassType) - if not perimeter_name or not perimeter_name.strip(): - raise exceptions.PerimeterContentError('invalid name') - query = query.filter_by(name=perimeter_name) - ref_list = copy.deepcopy(query.all()) - return {_ref.id: _ref.to_return() for _ref in ref_list} - - def __update_perimeter(self, class_type, class_type_exception, perimeter_id, value): - if not perimeter_id: - return exceptions.PerimeterContentError - with self.get_session_for_write() as session: - query = session.query(class_type) - query = query.filter_by(id=perimeter_id) - _perimeter = query.first() - if not _perimeter: - raise class_type_exception - temp_perimeter = copy.deepcopy(_perimeter.to_dict()) - if 'name' in value: - temp_perimeter['value']['name'] = value['name'] - if 'description' in value: - temp_perimeter['value']['description'] = value['description'] - if 'extra' in value: - temp_perimeter['value']['extra'] = value['extra'] - name = temp_perimeter['value']['name'] - temp_perimeter['value'].pop("name", None) - new_perimeter = class_type.from_dict({ - "id": temp_perimeter["id"], - "name": name, - "value": temp_perimeter["value"] - }) - _perimeter.value = new_perimeter.value - _perimeter.name = new_perimeter.name - return {_perimeter.id: _perimeter.to_return()} - - def __set_perimeter(self, ClassType, ClassTypeException, policy_id, perimeter_id=None, - value=None): - if not value or "name" not in value or not value["name"].strip(): - raise exceptions.PerimeterContentError('invalid name') - with self.get_session_for_write() as session: - _perimeter = None - if perimeter_id: - query = session.query(ClassType) - query = query.filter_by(id=perimeter_id) - _perimeter = query.first() - if not perimeter_id and not _perimeter: - query = session.query(ClassType) - query = query.filter_by(name=value['name']) - _perimeter = query.first() - if _perimeter: - raise ClassTypeException - if not _perimeter: - if "policy_list" not in value or type(value["policy_list"]) is not list: - value["policy_list"] = [] - if policy_id and policy_id not in value["policy_list"]: - value["policy_list"] = [policy_id, ] - - value_wo_name = copy.deepcopy(value) - value_wo_name.pop("name", None) - new = ClassType.from_dict({ - "id": perimeter_id if perimeter_id else uuid4().hex, - "name": value["name"], - "value": value_wo_name - }) - session.add(new) - return {new.id: new.to_return()} - else: - _value = copy.deepcopy(_perimeter.to_dict()) - if "policy_list" not in _value["value"] or type( - _value["value"]["policy_list"]) is not list: - _value["value"]["policy_list"] = [] - if policy_id and policy_id not in _value["value"]["policy_list"]: - _value["value"]["policy_list"].append(policy_id) - else: - if policy_id: - raise exceptions.PolicyExisting - raise exceptions.PerimeterContentError - - _value["value"].update(value) - - name = _value["value"]["name"] - _value["value"].pop("name") - new_perimeter = ClassType.from_dict({ - "id": _value["id"], - "name": name, - "value": _value["value"] - }) - _perimeter.value = new_perimeter.value - _perimeter.name = new_perimeter.name - return {_perimeter.id: _perimeter.to_return()} - - def __delete_perimeter(self, ClassType, ClassUnknownException, policy_id, perimeter_id): - with self.get_session_for_write() as session: - query = session.query(ClassType) - query = query.filter_by(id=perimeter_id) - _perimeter = query.first() - if not _perimeter: - raise ClassUnknownException - old_perimeter = copy.deepcopy(_perimeter.to_dict()) - try: - old_perimeter["value"]["policy_list"].remove(policy_id) - new_perimeter = ClassType.from_dict(old_perimeter) - if not new_perimeter.value["policy_list"]: - session.delete(_perimeter) - else: - setattr(_perimeter, "value", getattr(new_perimeter, "value")) - except ValueError: - if not _perimeter.value["policy_list"]: - session.delete(_perimeter) - - def get_subjects(self, policy_id, perimeter_id=None): - return self.__get_perimeters(Subject, policy_id, perimeter_id) - - def get_subject_by_name(self, perimeter_name): - return self.__get_perimeter_by_name(Subject, perimeter_name) - - def set_subject(self, policy_id, perimeter_id=None, value=None): - try: - return self.__set_perimeter(Subject, exceptions.SubjectExisting, policy_id, - perimeter_id=perimeter_id, value=value) - except sqlalchemy.exc.IntegrityError as error: - if 'UNIQUE constraint' in str(error): - raise exceptions.SubjectExisting - raise error - - def update_subject(self, perimeter_id, value): - try: - return self.__update_perimeter(Subject, exceptions.SubjectExisting, perimeter_id, value) - except sqlalchemy.exc.IntegrityError as error: - if 'UNIQUE constraint' in str(error): - raise exceptions.SubjectExisting - raise error - - def delete_subject(self, policy_id, perimeter_id): - self.__delete_perimeter(Subject, exceptions.SubjectUnknown, policy_id, perimeter_id) - - def get_objects(self, policy_id, perimeter_id=None): - return self.__get_perimeters(Object, policy_id, perimeter_id) - - def get_object_by_name(self, perimeter_name): - return self.__get_perimeter_by_name(Object, perimeter_name) - - def set_object(self, policy_id, perimeter_id=None, value=None): - try: - return self.__set_perimeter(Object, exceptions.ObjectExisting, policy_id, - perimeter_id=perimeter_id, value=value) - except sqlalchemy.exc.IntegrityError as error: - logger.exception("IntegrityError {}".format(error)) - if 'UNIQUE constraint' in str(error): - raise exceptions.ObjectExisting - raise error - - def update_object(self, perimeter_id, value): - try: - return self.__update_perimeter(Object, exceptions.ObjectExisting, perimeter_id, value) - except sqlalchemy.exc.IntegrityError as error: - if 'UNIQUE constraint' in str(error): - raise exceptions.ObjectExisting - raise error - - def delete_object(self, policy_id, perimeter_id): - self.__delete_perimeter(Object, exceptions.ObjectUnknown, policy_id, perimeter_id) - - def get_actions(self, policy_id, perimeter_id=None): - return self.__get_perimeters(Action, policy_id, perimeter_id) - - def get_action_by_name(self, perimeter_name): - return self.__get_perimeter_by_name(Action, perimeter_name) - - def set_action(self, policy_id, perimeter_id=None, value=None): - try: - return self.__set_perimeter(Action, exceptions.ActionExisting, policy_id, - perimeter_id=perimeter_id, value=value) - except sqlalchemy.exc.IntegrityError as error: - if 'UNIQUE constraint' in str(error): - raise exceptions.ActionExisting - raise error - - def update_action(self, perimeter_id, value): - try: - return self.__update_perimeter(Action, exceptions.ActionExisting, perimeter_id, value) - except sqlalchemy.exc.IntegrityError as error: - if 'UNIQUE constraint' in str(error): - raise exceptions.ActionExisting - raise error - - def delete_action(self, policy_id, perimeter_id): - self.__delete_perimeter(Action, exceptions.ActionUnknown, policy_id, perimeter_id) - - def __is_data_exist(self, ClassType, category_id=None): - - with self.get_session_for_read() as session: - query = session.query(ClassType) - query = query.filter_by(category_id=category_id) - ref_list = query.all() - if ref_list: - return True - return False - - def __get_data(self, ClassType, policy_id, data_id=None, category_id=None): - with self.get_session_for_read() as session: - query = session.query(ClassType) - if policy_id and data_id and category_id: - query = query.filter_by(policy_id=policy_id, id=data_id, category_id=category_id) - elif policy_id and category_id: - query = query.filter_by(policy_id=policy_id, category_id=category_id) - elif category_id: - query = query.filter_by(category_id=category_id) - elif policy_id: - query = query.filter_by(policy_id=policy_id) - else: - raise exceptions.PolicyUnknown - - ref_list = query.all() - return { - "policy_id": policy_id, - "category_id": category_id, - "data": {_ref.id: _ref.to_dict() for _ref in ref_list} - } - - def __set_data(self, ClassType, ClassTypeData, policy_id, data_id=None, category_id=None, - value=None): - with self.get_session_for_write() as session: - query = session.query(ClassTypeData) - query = query.filter_by(policy_id=policy_id, id=data_id, category_id=category_id) - ref = query.first() - if not ref: - value_wo_name = copy.deepcopy(value) - value_wo_name.pop("name", None) - new_ref = ClassTypeData.from_dict( - { - "id": data_id if data_id else uuid4().hex, - 'name': value["name"], - 'value': value_wo_name, - 'category_id': category_id, - 'policy_id': policy_id, - } - ) - session.add(new_ref) - ref = new_ref - else: - for attr in ClassType.attributes: - if attr != 'id': - setattr(ref, attr, getattr(ref, attr)) - # session.flush() - return { - "policy_id": policy_id, - "category_id": category_id, - "data": {ref.id: ref.to_dict()} - } - - def __delete_data(self, ClassType, policy_id, category_id, data_id): - - if not data_id: - raise exceptions.DataUnknown - with self.get_session_for_write() as session: - query = session.query(ClassType) - if category_id: - query = query.filter_by(policy_id=policy_id, category_id=category_id, id=data_id) - else: - query = query.filter_by(policy_id=policy_id, id=data_id) - ref = query.first() - if ref: - session.delete(ref) - - def is_subject_data_exist(self, category_id=None): - return self.__is_data_exist(SubjectData, category_id=category_id) - - def get_subject_data(self, policy_id, data_id=None, category_id=None): - return self.__get_data(SubjectData, policy_id, data_id=data_id, category_id=category_id) - - def set_subject_data(self, policy_id, data_id=None, category_id=None, value=None): - try: - return self.__set_data(Subject, SubjectData, policy_id, data_id=data_id, - category_id=category_id, value=value) - except sqlalchemy.exc.IntegrityError as error: - if 'UNIQUE constraint' in str(error): - raise exceptions.SubjectScopeExisting - raise error - - def delete_subject_data(self, policy_id, category_id, data_id): - return self.__delete_data(SubjectData, policy_id, category_id, data_id) - - def is_object_data_exist(self, category_id=None): - return self.__is_data_exist(ObjectData, category_id=category_id) - - def get_object_data(self, policy_id, data_id=None, category_id=None): - return self.__get_data(ObjectData, policy_id, data_id=data_id, category_id=category_id) - - def set_object_data(self, policy_id, data_id=None, category_id=None, value=None): - try: - return self.__set_data(Object, ObjectData, policy_id, data_id=data_id, - category_id=category_id, value=value) - except sqlalchemy.exc.IntegrityError as error: - if 'UNIQUE constraint' in str(error): - raise exceptions.ObjectScopeExisting - raise error - - def delete_object_data(self, policy_id, category_id, data_id): - return self.__delete_data(ObjectData, policy_id, category_id, data_id) - - def is_action_data_exist(self, category_id=None): - return self.__is_data_exist(ActionData, category_id=category_id) - - def get_action_data(self, policy_id, data_id=None, category_id=None): - return self.__get_data(ActionData, policy_id, data_id=data_id, category_id=category_id) - - def set_action_data(self, policy_id, data_id=None, category_id=None, value=None): - try: - return self.__set_data(Action, ActionData, policy_id, data_id=data_id, - category_id=category_id, value=value) - except sqlalchemy.exc.IntegrityError as error: - if 'UNIQUE constraint' in str(error): - raise exceptions.ActionScopeExisting - raise error - - def delete_action_data(self, policy_id, category_id, data_id): - return self.__delete_data(ActionData, policy_id, category_id, data_id) - - def get_subject_assignments(self, policy_id, subject_id=None, category_id=None): - with self.get_session_for_write() as session: - query = session.query(SubjectAssignment) - if subject_id and category_id: - # TODO change the subject_id to perimeter_id to allow code refactoring - query = query.filter_by(policy_id=policy_id, subject_id=subject_id, - category_id=category_id) - elif subject_id: - query = query.filter_by(policy_id=policy_id, subject_id=subject_id) - else: - query = query.filter_by(policy_id=policy_id) - ref_list = query.all() - return {_ref.id: _ref.to_dict() for _ref in ref_list} - - def add_subject_assignment(self, policy_id, subject_id, category_id, data_id): - with self.get_session_for_write() as session: - query = session.query(SubjectAssignment) - query = query.filter_by(policy_id=policy_id, subject_id=subject_id, - category_id=category_id) - ref = query.first() - if ref: - old_ref = copy.deepcopy(ref.to_dict()) - assignments = old_ref["assignments"] - if data_id not in assignments: - assignments.append(data_id) - setattr(ref, "assignments", assignments) - else: - raise exceptions.SubjectAssignmentExisting - else: - ref = SubjectAssignment.from_dict( - { - "id": uuid4().hex, - "policy_id": policy_id, - "subject_id": subject_id, - "category_id": category_id, - "assignments": [data_id, ], - } - ) - session.add(ref) - return {ref.id: ref.to_dict()} - - def is_subject_category_has_assignment(self, category_id): - return self.__is_category_has_assignment(SubjectAssignment, category_id) - - def is_object_category_has_assignment(self, category_id): - return self.__is_category_has_assignment(ObjectAssignment, category_id) - - def is_action_category_has_assignment(self, category_id): - return self.__is_category_has_assignment(ActionAssignment, category_id) - - def __is_category_has_assignment(self, ClassType, category_id): - with self.get_session_for_write() as session: - query = session.query(ClassType) - query = query.filter_by(category_id=category_id) - count = query.count() - return count > 0 - - def delete_subject_assignment(self, policy_id, subject_id, category_id, data_id): - with self.get_session_for_write() as session: - query = session.query(SubjectAssignment) - query = query.filter_by(policy_id=policy_id, subject_id=subject_id, - category_id=category_id) - ref = query.first() - if ref: - old_ref = copy.deepcopy(ref.to_dict()) - assignments = old_ref["assignments"] - # TODO (asteroide): if data_id is None, delete all - if data_id in assignments: - assignments.remove(data_id) - # FIXME (asteroide): the setattr doesn't work here ; the assignments is not updated in the database - setattr(ref, "assignments", assignments) - if not assignments: - session.delete(ref) - - def get_object_assignments(self, policy_id, object_id=None, category_id=None): - with self.get_session_for_write() as session: - query = session.query(ObjectAssignment) - if object_id and category_id: - # TODO change the object_id to perimeter_id to allow code refactoring - query = query.filter_by(policy_id=policy_id, object_id=object_id, - category_id=category_id) - elif object_id: - query = query.filter_by(policy_id=policy_id, object_id=object_id) - else: - query = query.filter_by(policy_id=policy_id) - ref_list = query.all() - return {_ref.id: _ref.to_dict() for _ref in ref_list} - - def add_object_assignment(self, policy_id, object_id, category_id, data_id): - with self.get_session_for_write() as session: - query = session.query(ObjectAssignment) - query = query.filter_by(policy_id=policy_id, object_id=object_id, - category_id=category_id) - ref = query.first() - if ref: - old_ref = copy.deepcopy(ref.to_dict()) - assignments = old_ref["assignments"] - if data_id not in assignments: - assignments.append(data_id) - setattr(ref, "assignments", assignments) - else: - raise exceptions.ObjectAssignmentExisting - else: - ref = ObjectAssignment.from_dict( - { - "id": uuid4().hex, - "policy_id": policy_id, - "object_id": object_id, - "category_id": category_id, - "assignments": [data_id, ], - } - ) - session.add(ref) - return {ref.id: ref.to_dict()} - - def delete_object_assignment(self, policy_id, object_id, category_id, data_id): - with self.get_session_for_write() as session: - query = session.query(ObjectAssignment) - query = query.filter_by(policy_id=policy_id, object_id=object_id, - category_id=category_id) - ref = query.first() - if ref: - old_ref = copy.deepcopy(ref.to_dict()) - assignments = old_ref["assignments"] - # TODO (asteroide): if data_id is None, delete all - if data_id in assignments: - assignments.remove(data_id) - # FIXME (asteroide): the setattr doesn't work here ; the assignments is not updated in the database - setattr(ref, "assignments", assignments) - if not assignments: - session.delete(ref) - - def get_action_assignments(self, policy_id, action_id=None, category_id=None): - with self.get_session_for_write() as session: - if not policy_id: - return exceptions.PolicyUnknown - query = session.query(ActionAssignment) - if action_id and category_id: - # TODO change the action_id to perimeter_id to allow code refactoring - query = query.filter_by(policy_id=policy_id, action_id=action_id, - category_id=category_id) - elif action_id: - query = query.filter_by(policy_id=policy_id, action_id=action_id) - elif category_id: - query = query.filter_by(policy_id=policy_id, category_id=category_id) - else: - query = query.filter_by(policy_id=policy_id) - ref_list = query.all() - return {_ref.id: _ref.to_dict() for _ref in ref_list} - - def add_action_assignment(self, policy_id, action_id, category_id, data_id): - with self.get_session_for_write() as session: - query = session.query(ActionAssignment) - query = query.filter_by(policy_id=policy_id, action_id=action_id, - category_id=category_id) - ref = query.first() - if ref: - old_ref = copy.deepcopy(ref.to_dict()) - assignments = old_ref["assignments"] - if data_id not in assignments: - assignments.append(data_id) - setattr(ref, "assignments", assignments) - else: - raise exceptions.ActionAssignmentExisting - else: - ref = ActionAssignment.from_dict( - { - "id": uuid4().hex, - "policy_id": policy_id, - "action_id": action_id, - "category_id": category_id, - "assignments": [data_id, ], - } - ) - session.add(ref) - return {ref.id: ref.to_dict()} - - def delete_action_assignment(self, policy_id, action_id, category_id, data_id): - with self.get_session_for_write() as session: - query = session.query(ActionAssignment) - query = query.filter_by(policy_id=policy_id, action_id=action_id, - category_id=category_id) - ref = query.first() - if ref: - old_ref = copy.deepcopy(ref.to_dict()) - assignments = old_ref["assignments"] - # TODO (asteroide): if data_id is None, delete all - if data_id in assignments: - assignments.remove(data_id) - # FIXME (asteroide): the setattr doesn't work here ; the assignments is not updated in the database - setattr(ref, "assignments", assignments) - if not assignments: - session.delete(ref) - - def get_rules(self, policy_id, rule_id=None, meta_rule_id=None): - with self.get_session_for_read() as session: - query = session.query(Rule) - if rule_id: - query = query.filter_by(policy_id=policy_id, rule_id=rule_id) - ref = query.first() - return {ref.id: ref.to_dict()} - elif meta_rule_id and policy_id: - query = query.filter_by(policy_id=policy_id, meta_rule_id=meta_rule_id) - ref_list = query.all() - return { - "meta_rule_id": meta_rule_id, - "policy_id": policy_id, - "rules": list(map(lambda x: x.to_dict(), ref_list)) - } - else: - query = query.filter_by(policy_id=policy_id) - ref_list = query.all() - return { - "policy_id": policy_id, - "rules": list(map(lambda x: x.to_dict(), ref_list)) - } - - def is_meta_rule_has_rules(self, meta_rule_id): - with self.get_session_for_read() as session: - query = session.query(Rule) - - query = query.filter_by(meta_rule_id=meta_rule_id) - count = query.count() - return count > 0 - - def add_rule(self, policy_id, meta_rule_id, value): - try: - rules = self.get_rules(policy_id, meta_rule_id=meta_rule_id) - for _rule in map(lambda x: x["rule"], rules["rules"]): - if list(value.get('rule')) == list(_rule): - raise exceptions.RuleExisting - with self.get_session_for_write() as session: - ref = Rule.from_dict( - { - "id": uuid4().hex, - "policy_id": policy_id, - "meta_rule_id": meta_rule_id, - "rule": value - } - ) - session.add(ref) - return {ref.id: ref.to_dict()} - except sqlalchemy.exc.IntegrityError as error: - if 'UNIQUE constraint' in str(error): - raise exceptions.RuleExisting - raise error - - def delete_rule(self, policy_id, rule_id): - with self.get_session_for_write() as session: - query = session.query(Rule) - query = query.filter_by(policy_id=policy_id, id=rule_id) - ref = query.first() - if ref: - session.delete(ref) - - -class ModelConnector(BaseConnector, ModelDriver): - - def update_model(self, model_id, value): - try: - with self.get_session_for_write() as session: - query = session.query(Model) - if model_id: - query = query.filter_by(id=model_id) - ref = query.first() - if ref: - value_wo_name = copy.deepcopy(value) - value_wo_name.pop("name", None) - setattr(ref, "name", value["name"]) - d = dict(ref.value) - d.update(value_wo_name) - setattr(ref, "value", d) - return {ref.id: ref.to_dict()} - except sqlalchemy.exc.IntegrityError as error: - if 'UNIQUE constraint' in str(error): - raise exceptions.ModelExisting - raise error - - def delete_model(self, model_id): - with self.get_session_for_write() as session: - ref = session.query(Model).get(model_id) - session.delete(ref) - - def add_model(self, model_id=None, value=None): - try: - with self.get_session_for_write() as session: - value_wo_name = copy.deepcopy(value) - value_wo_name.pop("name", None) - new = Model.from_dict({ - "id": model_id if model_id else uuid4().hex, - "name": value["name"], - "value": value_wo_name - }) - session.add(new) - return {new.id: new.to_dict()} - except sqlalchemy.exc.IntegrityError as error: - if 'UNIQUE constraint' in str(error): - raise exceptions.ModelExisting - - def get_models(self, model_id=None): - with self.get_session_for_read() as session: - query = session.query(Model) - if model_id: - ref_list = query.filter(Model.id == model_id) - else: - ref_list = query.all() - - r = {_ref.id: _ref.to_dict() for _ref in ref_list} - return r - - def set_meta_rule(self, meta_rule_id, value): - try: - with self.get_session_for_write() as session: - value_wo_other_data = copy.deepcopy(value) - value_wo_other_data.pop("name", None) - value_wo_other_data.pop("subject_categories", None) - value_wo_other_data.pop("object_categories", None) - value_wo_other_data.pop("action_categories", None) - if meta_rule_id is None: - try: - ref = MetaRule.from_dict( - { - "id": uuid4().hex, - "name": value["name"], - "subject_categories": value["subject_categories"], - "object_categories": value["object_categories"], - "action_categories": value["action_categories"], - "value": value_wo_other_data - } - ) - session.add(ref) - except sqlalchemy.exc.IntegrityError as error: - if 'UNIQUE constraint' in str(error): - raise exceptions.MetaRuleExisting - raise error - else: - query = session.query(MetaRule) - query = query.filter_by(id=meta_rule_id) - ref = query.first() - setattr(ref, "name", value["name"]) - setattr(ref, "subject_categories", value["subject_categories"]) - setattr(ref, "object_categories", value["object_categories"]) - setattr(ref, "action_categories", value["action_categories"]) - setattr(ref, "value", value_wo_other_data) - return {ref.id: ref.to_dict()} - except sqlalchemy.exc.IntegrityError as error: - if 'UNIQUE constraint' in str(error): - raise exceptions.MetaRuleExisting - raise error - - def get_meta_rules(self, meta_rule_id=None): - with self.get_session_for_read() as session: - query = session.query(MetaRule) - if meta_rule_id: - query = query.filter_by(id=meta_rule_id) - ref_list = query.all() - return {_ref.id: _ref.to_dict() for _ref in ref_list} - - def delete_meta_rule(self, meta_rule_id=None): - with self.get_session_for_write() as session: - query = session.query(MetaRule) - query = query.filter_by(id=meta_rule_id) - ref = query.first() - if ref: - session.delete(ref) - - def __get_perimeter_categories(self, ClassType, category_id=None): - with self.get_session_for_read() as session: - query = session.query(ClassType) - if category_id: - query = query.filter_by(id=category_id) - ref_list = query.all() - return {_ref.id: _ref.to_dict() for _ref in ref_list} - - def __add_perimeter_category(self, ClassType, name, description, uuid=None): - if not name or not name.strip(): - raise exceptions.CategoryNameInvalid - with self.get_session_for_write() as session: - ref = ClassType.from_dict( - { - "id": uuid if uuid else uuid4().hex, - "name": name, - "description": description - } - ) - session.add(ref) - return {ref.id: ref.to_dict()} - - def __delete_perimeter_category(self, ClassType, category_id): - with self.get_session_for_write() as session: - query = session.query(ClassType) - query = query.filter_by(id=category_id) - ref = query.first() - if ref: - session.delete(ref) - - def get_subject_categories(self, category_id=None): - return self.__get_perimeter_categories(SubjectCategory, category_id=category_id) - - def add_subject_category(self, name, description, uuid=None): - try: - return self.__add_perimeter_category(SubjectCategory, name, description, uuid=uuid) - except sql.exc.IntegrityError as error: - if 'UNIQUE constraint' in str(error): - raise exceptions.SubjectCategoryExisting - raise error - - def delete_subject_category(self, category_id): - self.__delete_perimeter_category(SubjectCategory, category_id) - - def get_object_categories(self, category_id=None): - return self.__get_perimeter_categories(ObjectCategory, category_id=category_id) - - def add_object_category(self, name, description, uuid=None): - try: - return self.__add_perimeter_category(ObjectCategory, name, description, uuid=uuid) - except sql.exc.IntegrityError as error: - if 'UNIQUE constraint' in str(error): - raise exceptions.ObjectCategoryExisting - raise error - - def delete_object_category(self, category_id): - self.__delete_perimeter_category(ObjectCategory, category_id) - - def get_action_categories(self, category_id=None): - - return self.__get_perimeter_categories(ActionCategory, category_id=category_id) - - def add_action_category(self, name, description, uuid=None): - try: - return self.__add_perimeter_category(ActionCategory, name, description, uuid=uuid) - except sql.exc.IntegrityError as error: - if 'UNIQUE constraint' in str(error): - raise exceptions.ActionCategoryExisting - raise error - - def delete_action_category(self, category_id): - self.__delete_perimeter_category(ActionCategory, category_id) - - # Getter and Setter for subject_category - - # def get_subject_categories_dict(self, intra_extension_id): - # with self.get_session_for_read() as session: - # query = session.query(SubjectCategory) - # query = query.filter_by(intra_extension_id=intra_extension_id) - # ref_list = query.all() - # return {_ref.id: _ref.subject_category for _ref in ref_list} - # - # def set_subject_category_dict(self, intra_extension_id, subject_category_id, subject_category_dict): - # with self.get_session_for_write() as session: - # query = session.query(SubjectCategory) - # query = query.filter_by(intra_extension_id=intra_extension_id, id=subject_category_id) - # ref = query.first() - # new_ref = SubjectCategory.from_dict( - # { - # "id": subject_category_id, - # 'subject_category': subject_category_dict, - # 'intra_extension_id': intra_extension_id - # } - # ) - # if not ref: - # session.add(new_ref) - # ref = new_ref - # else: - # for attr in SubjectCategory.attributes: - # if attr != 'id': - # setattr(ref, attr, getattr(new_ref, attr)) - # # # session.flush() - # return {subject_category_id: SubjectCategory.to_dict(ref)['subject_category']} - # - # def del_subject_category(self, intra_extension_id, subject_category_id): - # with self.get_session_for_write() as session: - # query = session.query(SubjectCategory) - # query = query.filter_by(intra_extension_id=intra_extension_id, id=subject_category_id) - # ref = query.first() - # self.del_subject_assignment(intra_extension_id, None, None, None) - # session.delete(ref) - # - # # Getter and Setter for object_category - # - # def get_object_categories_dict(self, intra_extension_id): - # with self.get_session_for_read() as session: - # query = session.query(ObjectCategory) - # query = query.filter_by(intra_extension_id=intra_extension_id) - # ref_list = query.all() - # return {_ref.id: _ref.object_category for _ref in ref_list} - # - # def set_object_category_dict(self, intra_extension_id, object_category_id, object_category_dict): - # with self.get_session_for_write() as session: - # query = session.query(ObjectCategory) - # query = query.filter_by(intra_extension_id=intra_extension_id, id=object_category_id) - # ref = query.first() - # new_ref = ObjectCategory.from_dict( - # { - # "id": object_category_id, - # 'object_category': object_category_dict, - # 'intra_extension_id': intra_extension_id - # } - # ) - # if not ref: - # session.add(new_ref) - # ref = new_ref - # else: - # for attr in ObjectCategory.attributes: - # if attr != 'id': - # setattr(ref, attr, getattr(new_ref, attr)) - # # session.flush() - # return {object_category_id: ObjectCategory.to_dict(ref)['object_category']} - # - # def del_object_category(self, intra_extension_id, object_category_id): - # with self.get_session_for_write() as session: - # query = session.query(ObjectCategory) - # query = query.filter_by(intra_extension_id=intra_extension_id, id=object_category_id) - # ref = query.first() - # self.del_object_assignment(intra_extension_id, None, None, None) - # session.delete(ref) - # - # # Getter and Setter for action_category - # - # def get_action_categories_dict(self, intra_extension_id): - # with self.get_session_for_read() as session: - # query = session.query(ActionCategory) - # query = query.filter_by(intra_extension_id=intra_extension_id) - # ref_list = query.all() - # return {_ref.id: _ref.action_category for _ref in ref_list} - # - # def set_action_category_dict(self, intra_extension_id, action_category_id, action_category_dict): - # with self.get_session_for_write() as session: - # query = session.query(ActionCategory) - # query = query.filter_by(intra_extension_id=intra_extension_id, id=action_category_id) - # ref = query.first() - # new_ref = ActionCategory.from_dict( - # { - # "id": action_category_id, - # 'action_category': action_category_dict, - # 'intra_extension_id': intra_extension_id - # } - # ) - # if not ref: - # session.add(new_ref) - # ref = new_ref - # else: - # for attr in ActionCategory.attributes: - # if attr != 'id': - # setattr(ref, attr, getattr(new_ref, attr)) - # # session.flush() - # return {action_category_id: ActionCategory.to_dict(ref)['action_category']} - # - # def del_action_category(self, intra_extension_id, action_category_id): - # with self.get_session_for_write() as session: - # query = session.query(ActionCategory) - # query = query.filter_by(intra_extension_id=intra_extension_id, id=action_category_id) - # ref = query.first() - # self.del_action_assignment(intra_extension_id, None, None, None) - # session.delete(ref) - - # Perimeter - - # def get_subjects_dict(self, intra_extension_id): - # with self.get_session_for_read() as session: - # query = session.query(Subject) - # query = query.filter_by(intra_extension_id=intra_extension_id) - # ref_list = query.all() - # return {_ref.id: _ref.subject for _ref in ref_list} - # - # def set_subject_dict(self, intra_extension_id, subject_id, subject_dict): - # with self.get_session_for_write() as session: - # query = session.query(Subject) - # query = query.filter_by(intra_extension_id=intra_extension_id, id=subject_id) - # ref = query.first() - # # if 'id' in subject_dict: - # # subject_dict['id'] = subject_id - # new_ref = Subject.from_dict( - # { - # "id": subject_id, - # 'subject': subject_dict, - # 'intra_extension_id': intra_extension_id - # } - # ) - # if not ref: - # session.add(new_ref) - # ref = new_ref - # else: - # for attr in Subject.attributes: - # if attr != 'id': - # setattr(ref, attr, getattr(new_ref, attr)) - # # session.flush() - # return {subject_id: Subject.to_dict(ref)['subject']} - # - # def del_subject(self, intra_extension_id, subject_id): - # with self.get_session_for_write() as session: - # query = session.query(Subject) - # query = query.filter_by(intra_extension_id=intra_extension_id, id=subject_id) - # ref = query.first() - # session.delete(ref) - # - # def get_objects_dict(self, intra_extension_id): - # with self.get_session_for_read() as session: - # query = session.query(Object) - # query = query.filter_by(intra_extension_id=intra_extension_id) - # ref_list = query.all() - # return {_ref.id: _ref.object for _ref in ref_list} - # - # def set_object_dict(self, intra_extension_id, object_id, object_dict): - # with self.get_session_for_write() as session: - # query = session.query(Object) - # query = query.filter_by(intra_extension_id=intra_extension_id, id=object_id) - # ref = query.first() - # new_ref = Object.from_dict( - # { - # "id": object_id, - # 'object': object_dict, - # 'intra_extension_id': intra_extension_id - # } - # ) - # if not ref: - # session.add(new_ref) - # ref = new_ref - # else: - # for attr in Object.attributes: - # if attr != 'id': - # setattr(ref, attr, getattr(new_ref, attr)) - # # session.flush() - # return {object_id: Object.to_dict(ref)['object']} - # - # def del_object(self, intra_extension_id, object_id): - # with self.get_session_for_write() as session: - # query = session.query(Object) - # query = query.filter_by(intra_extension_id=intra_extension_id, id=object_id) - # ref = query.first() - # session.delete(ref) - # - # def get_actions_dict(self, intra_extension_id): - # with self.get_session_for_read() as session: - # query = session.query(Action) - # query = query.filter_by(intra_extension_id=intra_extension_id) - # ref_list = query.all() - # return {_ref.id: _ref.action for _ref in ref_list} - # - # def set_action_dict(self, intra_extension_id, action_id, action_dict): - # with self.get_session_for_write() as session: - # query = session.query(Action) - # query = query.filter_by(intra_extension_id=intra_extension_id, id=action_id) - # ref = query.first() - # new_ref = Action.from_dict( - # { - # "id": action_id, - # 'action': action_dict, - # 'intra_extension_id': intra_extension_id - # } - # ) - # if not ref: - # session.add(new_ref) - # ref = new_ref - # else: - # for attr in Action.attributes: - # if attr != 'id': - # setattr(ref, attr, getattr(new_ref, attr)) - # # session.flush() - # return {action_id: Action.to_dict(ref)['action']} - # - # def del_action(self, intra_extension_id, action_id): - # with self.get_session_for_write() as session: - # query = session.query(Action) - # query = query.filter_by(intra_extension_id=intra_extension_id, id=action_id) - # ref = query.first() - # session.delete(ref) - - # Getter and Setter for subject_scope - - # def get_subject_scopes_dict(self, intra_extension_id, subject_category_id): - # with self.get_session_for_read() as session: - # query = session.query(SubjectScope) - # query = query.filter_by(intra_extension_id=intra_extension_id, subject_category_id=subject_category_id) - # ref_list = query.all() - # return {_ref.id: _ref.subject_scope for _ref in ref_list} - # - # def set_subject_scope_dict(self, intra_extension_id, subject_category_id, subject_scope_id, subject_scope_dict): - # with self.get_session_for_write() as session: - # query = session.query(SubjectScope) - # query = query.filter_by(intra_extension_id=intra_extension_id, subject_category_id=subject_category_id, id=subject_scope_id) - # ref = query.first() - # new_ref = SubjectScope.from_dict( - # { - # "id": subject_scope_id, - # 'subject_scope': subject_scope_dict, - # 'intra_extension_id': intra_extension_id, - # 'subject_category_id': subject_category_id - # } - # ) - # if not ref: - # session.add(new_ref) - # ref = new_ref - # else: - # for attr in Subject.attributes: - # if attr != 'id': - # setattr(ref, attr, getattr(new_ref, attr)) - # # session.flush() - # return {subject_scope_id: SubjectScope.to_dict(ref)['subject_scope']} - # - # def del_subject_scope(self, intra_extension_id, subject_category_id, subject_scope_id): - # with self.get_session_for_write() as session: - # query = session.query(SubjectScope) - # if not subject_category_id or not subject_scope_id: - # query = query.filter_by(intra_extension_id=intra_extension_id) - # for ref in query.all(): - # session.delete(ref) - # else: - # query = query.filter_by(intra_extension_id=intra_extension_id, subject_category_id=subject_category_id, id=subject_scope_id) - # ref = query.first() - # session.delete(ref) - # - # # Getter and Setter for object_category_scope - # - # def get_object_scopes_dict(self, intra_extension_id, object_category_id): - # with self.get_session_for_read() as session: - # query = session.query(ObjectScope) - # query = query.filter_by(intra_extension_id=intra_extension_id, object_category_id=object_category_id) - # ref_list = query.all() - # return {_ref.id: _ref.object_scope for _ref in ref_list} - # - # def set_object_scope_dict(self, intra_extension_id, object_category_id, object_scope_id, object_scope_dict): - # with self.get_session_for_write() as session: - # query = session.query(ObjectScope) - # query = query.filter_by(intra_extension_id=intra_extension_id, object_category_id=object_category_id, id=object_scope_id) - # ref = query.first() - # new_ref = ObjectScope.from_dict( - # { - # "id": object_scope_id, - # 'object_scope': object_scope_dict, - # 'intra_extension_id': intra_extension_id, - # 'object_category_id': object_category_id - # } - # ) - # if not ref: - # session.add(new_ref) - # ref = new_ref - # else: - # for attr in Object.attributes: - # if attr != 'id': - # setattr(ref, attr, getattr(new_ref, attr)) - # # session.flush() - # return {object_scope_id: ObjectScope.to_dict(ref)['object_scope']} - # - # def del_object_scope(self, intra_extension_id, object_category_id, object_scope_id): - # with self.get_session_for_write() as session: - # query = session.query(ObjectScope) - # if not object_category_id or not object_scope_id: - # query = query.filter_by(intra_extension_id=intra_extension_id) - # for ref in query.all(): - # session.delete(ref) - # else: - # query = query.filter_by(intra_extension_id=intra_extension_id, object_category_id=object_category_id, id=object_scope_id) - # ref = query.first() - # session.delete(ref) - # - # # Getter and Setter for action_scope - # - # def get_action_scopes_dict(self, intra_extension_id, action_category_id): - # with self.get_session_for_read() as session: - # query = session.query(ActionScope) - # query = query.filter_by(intra_extension_id=intra_extension_id, action_category_id=action_category_id) - # ref_list = query.all() - # return {_ref.id: _ref.action_scope for _ref in ref_list} - # - # def set_action_scope_dict(self, intra_extension_id, action_category_id, action_scope_id, action_scope_dict): - # with self.get_session_for_write() as session: - # query = session.query(ActionScope) - # query = query.filter_by(intra_extension_id=intra_extension_id, action_category_id=action_category_id, id=action_scope_id) - # ref = query.first() - # new_ref = ActionScope.from_dict( - # { - # "id": action_scope_id, - # 'action_scope': action_scope_dict, - # 'intra_extension_id': intra_extension_id, - # 'action_category_id': action_category_id - # } - # ) - # if not ref: - # session.add(new_ref) - # ref = new_ref - # else: - # for attr in Action.attributes: - # if attr != 'id': - # setattr(ref, attr, getattr(new_ref, attr)) - # # session.flush() - # return {action_scope_id: ActionScope.to_dict(ref)['action_scope']} - # - # def del_action_scope(self, intra_extension_id, action_category_id, action_scope_id): - # with self.get_session_for_write() as session: - # query = session.query(ActionScope) - # if not action_category_id or not action_scope_id: - # query = query.filter_by(intra_extension_id=intra_extension_id) - # for ref in query.all(): - # session.delete(ref) - # else: - # query = query.filter_by(intra_extension_id=intra_extension_id, action_category_id=action_category_id, id=action_scope_id) - # ref = query.first() - # session.delete(ref) - # - # # Getter and Setter for subject_category_assignment - # - # def get_subject_assignment_list(self, intra_extension_id, subject_id, subject_category_id): - # with self.get_session_for_read() as session: - # query = session.query(SubjectAssignment) - # if not subject_id or not subject_category_id or not subject_category_id: - # query = query.filter_by(intra_extension_id=intra_extension_id) - # ref = query.all() - # return ref - # else: - # query = query.filter_by(intra_extension_id=intra_extension_id, subject_id=subject_id, subject_category_id=subject_category_id) - # ref = query.first() - # if not ref: - # return list() - # LOG.info("get_subject_assignment_list {}".format(ref.subject_assignment)) - # return list(ref.subject_assignment) - # - # def set_subject_assignment_list(self, intra_extension_id, subject_id, subject_category_id, subject_assignment_list=[]): - # with self.get_session_for_write() as session: - # query = session.query(SubjectAssignment) - # query = query.filter_by(intra_extension_id=intra_extension_id, subject_id=subject_id, subject_category_id=subject_category_id) - # ref = query.first() - # new_ref = SubjectAssignment.from_dict( - # { - # "id": uuid4().hex, - # 'subject_assignment': subject_assignment_list, - # 'intra_extension_id': intra_extension_id, - # 'subject_id': subject_id, - # 'subject_category_id': subject_category_id - # } - # ) - # if not ref: - # session.add(new_ref) - # ref = new_ref - # else: - # for attr in SubjectAssignment.attributes: - # if attr != 'id': - # setattr(ref, attr, getattr(new_ref, attr)) - # # session.flush() - # return subject_assignment_list - # - # def add_subject_assignment_list(self, intra_extension_id, subject_id, subject_category_id, subject_scope_id): - # new_subject_assignment_list = self.get_subject_assignment_list(intra_extension_id, subject_id, subject_category_id) - # if subject_scope_id not in new_subject_assignment_list: - # new_subject_assignment_list.append(subject_scope_id) - # return self.set_subject_assignment_list(intra_extension_id, subject_id, subject_category_id, new_subject_assignment_list) - # - # def del_subject_assignment(self, intra_extension_id, subject_id, subject_category_id, subject_scope_id): - # if not subject_id or not subject_category_id or not subject_category_id: - # with self.get_session_for_write() as session: - # for ref in self.get_subject_assignment_list(intra_extension_id, None, None): - # session.delete(ref) - # session.flush() - # return - # new_subject_assignment_list = self.get_subject_assignment_list(intra_extension_id, subject_id, subject_category_id) - # new_subject_assignment_list.remove(subject_scope_id) - # return self.set_subject_assignment_list(intra_extension_id, subject_id, subject_category_id, new_subject_assignment_list) - # - # # Getter and Setter for object_category_assignment - # - # def get_object_assignment_list(self, intra_extension_id, object_id, object_category_id): - # with self.get_session_for_read() as session: - # query = session.query(ObjectAssignment) - # if not object_id or not object_category_id or not object_category_id: - # query = query.filter_by(intra_extension_id=intra_extension_id) - # ref = query.all() - # return ref - # else: - # query = query.filter_by(intra_extension_id=intra_extension_id, object_id=object_id, object_category_id=object_category_id) - # ref = query.first() - # if not ref: - # return list() - # return list(ref.object_assignment) - # - # def set_object_assignment_list(self, intra_extension_id, object_id, object_category_id, object_assignment_list=[]): - # with self.get_session_for_write() as session: - # query = session.query(ObjectAssignment) - # query = query.filter_by(intra_extension_id=intra_extension_id, object_id=object_id, object_category_id=object_category_id) - # ref = query.first() - # new_ref = ObjectAssignment.from_dict( - # { - # "id": uuid4().hex, - # 'object_assignment': object_assignment_list, - # 'intra_extension_id': intra_extension_id, - # 'object_id': object_id, - # 'object_category_id': object_category_id - # } - # ) - # if not ref: - # session.add(new_ref) - # else: - # for attr in ObjectAssignment.attributes: - # if attr != 'id': - # setattr(ref, attr, getattr(new_ref, attr)) - # # session.flush() - # return self.get_object_assignment_list(intra_extension_id, object_id, object_category_id) - # - # def add_object_assignment_list(self, intra_extension_id, object_id, object_category_id, object_scope_id): - # new_object_assignment_list = self.get_object_assignment_list(intra_extension_id, object_id, object_category_id) - # if object_scope_id not in new_object_assignment_list: - # new_object_assignment_list.append(object_scope_id) - # return self.set_object_assignment_list(intra_extension_id, object_id, object_category_id, new_object_assignment_list) - # - # def del_object_assignment(self, intra_extension_id, object_id, object_category_id, object_scope_id): - # if not object_id or not object_category_id or not object_category_id: - # with self.get_session_for_write() as session: - # for ref in self.get_object_assignment_list(intra_extension_id, None, None): - # session.delete(ref) - # session.flush() - # return - # new_object_assignment_list = self.get_object_assignment_list(intra_extension_id, object_id, object_category_id) - # new_object_assignment_list.remove(object_scope_id) - # return self.set_object_assignment_list(intra_extension_id, object_id, object_category_id, new_object_assignment_list) - # - # # Getter and Setter for action_category_assignment - # - # def get_action_assignment_list(self, intra_extension_id, action_id, action_category_id): - # with self.get_session_for_read() as session: - # query = session.query(ActionAssignment) - # if not action_id or not action_category_id or not action_category_id: - # query = query.filter_by(intra_extension_id=intra_extension_id) - # ref = query.all() - # return ref - # else: - # query = query.filter_by(intra_extension_id=intra_extension_id, action_id=action_id, action_category_id=action_category_id) - # ref = query.first() - # if not ref: - # return list() - # return list(ref.action_assignment) - # - # def set_action_assignment_list(self, intra_extension_id, action_id, action_category_id, action_assignment_list=[]): - # with self.get_session_for_write() as session: - # query = session.query(ActionAssignment) - # query = query.filter_by(intra_extension_id=intra_extension_id, action_id=action_id, action_category_id=action_category_id) - # ref = query.first() - # new_ref = ActionAssignment.from_dict( - # { - # "id": uuid4().hex, - # 'action_assignment': action_assignment_list, - # 'intra_extension_id': intra_extension_id, - # 'action_id': action_id, - # 'action_category_id': action_category_id - # } - # ) - # if not ref: - # session.add(new_ref) - # else: - # for attr in ActionAssignment.attributes: - # if attr != 'id': - # setattr(ref, attr, getattr(new_ref, attr)) - # # session.flush() - # return self.get_action_assignment_list(intra_extension_id, action_id, action_category_id) - # - # def add_action_assignment_list(self, intra_extension_id, action_id, action_category_id, action_scope_id): - # new_action_assignment_list = self.get_action_assignment_list(intra_extension_id, action_id, action_category_id) - # if action_scope_id not in new_action_assignment_list: - # new_action_assignment_list.append(action_scope_id) - # return self.set_action_assignment_list(intra_extension_id, action_id, action_category_id, new_action_assignment_list) - # - # def del_action_assignment(self, intra_extension_id, action_id, action_category_id, action_scope_id): - # if not action_id or not action_category_id or not action_category_id: - # with self.get_session_for_write() as session: - # for ref in self.get_action_assignment_list(intra_extension_id, None, None): - # session.delete(ref) - # session.flush() - # return - # new_action_assignment_list = self.get_action_assignment_list(intra_extension_id, action_id, action_category_id) - # new_action_assignment_list.remove(action_scope_id) - # return self.set_action_assignment_list(intra_extension_id, action_id, action_category_id, new_action_assignment_list) - # - # # Getter and Setter for sub_meta_rule - # - # def get_aggregation_algorithm_id(self, intra_extension_id): - # with self.get_session_for_read() as session: - # query = session.query(IntraExtension) - # query = query.filter_by(id=intra_extension_id) - # ref = query.first() - # try: - # return {"aggregation_algorithm": ref.intra_extension["aggregation_algorithm"]} - # except KeyError: - # return "" - # - # def set_aggregation_algorithm_id(self, intra_extension_id, aggregation_algorithm_id): - # with self.get_session_for_write() as session: - # query = session.query(IntraExtension) - # query = query.filter_by(id=intra_extension_id) - # ref = query.first() - # intra_extension_dict = dict(ref.intra_extension) - # intra_extension_dict["aggregation_algorithm"] = aggregation_algorithm_id - # setattr(ref, "intra_extension", intra_extension_dict) - # # session.flush() - # return {"aggregation_algorithm": ref.intra_extension["aggregation_algorithm"]} - # - # def del_aggregation_algorithm(self, intra_extension_id): - # with self.get_session_for_write() as session: - # query = session.query(IntraExtension) - # query = query.filter_by(id=intra_extension_id) - # ref = query.first() - # intra_extension_dict = dict(ref.intra_extension) - # intra_extension_dict["aggregation_algorithm"] = "" - # setattr(ref, "intra_extension", intra_extension_dict) - # return self.get_aggregation_algorithm_id(intra_extension_id) - # - # # Getter and Setter for sub_meta_rule - # - # def get_sub_meta_rules_dict(self, intra_extension_id): - # with self.get_session_for_read() as session: - # query = session.query(SubMetaRule) - # query = query.filter_by(intra_extension_id=intra_extension_id) - # ref_list = query.all() - # return {_ref.id: _ref.sub_meta_rule for _ref in ref_list} - # - # def set_sub_meta_rule_dict(self, intra_extension_id, sub_meta_rule_id, sub_meta_rule_dict): - # with self.get_session_for_write() as session: - # query = session.query(SubMetaRule) - # query = query.filter_by(intra_extension_id=intra_extension_id, id=sub_meta_rule_id) - # ref = query.first() - # new_ref = SubMetaRule.from_dict( - # { - # "id": sub_meta_rule_id, - # 'sub_meta_rule': sub_meta_rule_dict, - # 'intra_extension_id': intra_extension_id - # } - # ) - # if not ref: - # session.add(new_ref) - # else: - # _sub_meta_rule_dict = dict(ref.sub_meta_rule) - # _sub_meta_rule_dict.update(sub_meta_rule_dict) - # setattr(new_ref, "sub_meta_rule", _sub_meta_rule_dict) - # for attr in SubMetaRule.attributes: - # if attr != 'id': - # setattr(ref, attr, getattr(new_ref, attr)) - # # session.flush() - # return self.get_sub_meta_rules_dict(intra_extension_id) - # - # def del_sub_meta_rule(self, intra_extension_id, sub_meta_rule_id): - # with self.get_session_for_write() as session: - # query = session.query(SubMetaRule) - # query = query.filter_by(intra_extension_id=intra_extension_id, id=sub_meta_rule_id) - # ref = query.first() - # session.delete(ref) - # - # # Getter and Setter for rules - # - # def get_rules_dict(self, intra_extension_id, sub_meta_rule_id): - # with self.get_session_for_read() as session: - # query = session.query(Rule) - # query = query.filter_by(intra_extension_id=intra_extension_id, sub_meta_rule_id=sub_meta_rule_id) - # ref_list = query.all() - # return {_ref.id: _ref.rule for _ref in ref_list} - # - # def set_rule_dict(self, intra_extension_id, sub_meta_rule_id, rule_id, rule_list): - # with self.get_session_for_write() as session: - # query = session.query(Rule) - # query = query.filter_by(intra_extension_id=intra_extension_id, sub_meta_rule_id=sub_meta_rule_id, id=rule_id) - # ref = query.first() - # new_ref = Rule.from_dict( - # { - # "id": rule_id, - # 'rule': rule_list, - # 'intra_extension_id': intra_extension_id, - # 'sub_meta_rule_id': sub_meta_rule_id - # } - # ) - # if not ref: - # session.add(new_ref) - # ref = new_ref - # else: - # for attr in Rule.attributes: - # if attr != 'id': - # setattr(ref, attr, getattr(new_ref, attr)) - # # session.flush() - # return {rule_id: ref.rule} - # - # def del_rule(self, intra_extension_id, sub_meta_rule_id, rule_id): - # with self.get_session_for_write() as session: - # query = session.query(Rule) - # query = query.filter_by(intra_extension_id=intra_extension_id, sub_meta_rule_id=sub_meta_rule_id, id=rule_id) - # ref = query.first() - # session.delete(ref) - - -class SQLConnector(PDPConnector, PolicyConnector, ModelConnector): - pass diff --git a/python_moondb/python_moondb/core.py b/python_moondb/python_moondb/core.py deleted file mode 100644 index 3fee146b..00000000 --- a/python_moondb/python_moondb/core.py +++ /dev/null @@ -1,228 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import logging -from stevedore.driver import DriverManager -from python_moonutilities import configuration -from python_moondb.api import model, policy, pdp, keystone - -logger = logging.getLogger("moon.db") - - -class Driver(DriverManager): - - def __init__(self, driver_name, engine_name): - logger.info("initialization of Driver {}".format(driver_name)) - super(Driver, self).__init__( - namespace='moon_db.driver', - name=driver_name, - invoke_on_load=True, - invoke_args=(engine_name,), - ) - - -class ModelDriver(Driver): - - def __init__(self, driver_name, engine_name): - super(ModelDriver, self).__init__(driver_name, engine_name) - - def update_model(self, model_id, value): - raise NotImplementedError() # pragma: no cover - - def delete_model(self, model_id): - raise NotImplementedError() # pragma: no cover - - def add_model(self, model_id=None, value=None): - raise NotImplementedError() # pragma: no cover - - def get_models(self, model_id=None): - raise NotImplementedError() # pragma: no cover - - def set_meta_rule(self, meta_rule_id, value): - raise NotImplementedError() # pragma: no cover - - def get_meta_rules(self, meta_rule_id=None): - raise NotImplementedError() # pragma: no cover - - def delete_meta_rule(self, meta_rule_id=None): - raise NotImplementedError() # pragma: no cover - - def get_subject_categories(self, category_id=None): - raise NotImplementedError() # pragma: no cover - - def add_subject_category(self, name, description): - raise NotImplementedError() # pragma: no cover - - def delete_subject_category(self, category_id): - raise NotImplementedError() # pragma: no cover - - def get_object_categories(self, category_id): - raise NotImplementedError() # pragma: no cover - - def add_object_category(self, category_id, value): - raise NotImplementedError() # pragma: no cover - - def delete_object_category(self, category_id): - raise NotImplementedError() # pragma: no cover - - def get_action_categories(self, category_id): - raise NotImplementedError() # pragma: no cover - - def add_action_category(self, category_id, value): - raise NotImplementedError() # pragma: no cover - - def delete_action_category(self, category_id): - raise NotImplementedError() # pragma: no cover - - -class PolicyDriver(Driver): - - def __init__(self, driver_name, engine_name): - super(PolicyDriver, self).__init__(driver_name, engine_name) - - def update_policy(self, policy_id, value): - raise NotImplementedError() # pragma: no cover - - def delete_policy(self, policy_id): - raise NotImplementedError() # pragma: no cover - - def add_policy(self, policy_id=None, value=None): - raise NotImplementedError() # pragma: no cover - - def get_policies(self, policy_id=None): - raise NotImplementedError() # pragma: no cover - - def get_subjects(self, policy_id, perimeter_id=None): - raise NotImplementedError() # pragma: no cover - - def set_subject(self, policy_id, perimeter_id=None, value=None): - raise NotImplementedError() # pragma: no cover - - def delete_subject(self, policy_id, perimeter_id): - raise NotImplementedError() # pragma: no cover - - def get_objects(self, policy_id, perimeter_id=None): - raise NotImplementedError() # pragma: no cover - - def set_object(self, policy_id, perimeter_id=None, value=None): - raise NotImplementedError() # pragma: no cover - - def delete_object(self, policy_id, perimeter_id): - raise NotImplementedError() # pragma: no cover - - def get_actions(self, policy_id, perimeter_id=None): - raise NotImplementedError() # pragma: no cover - - def set_action(self, policy_id, perimeter_id=None, value=None): - raise NotImplementedError() # pragma: no cover - - def delete_action(self, policy_id, perimeter_id): - raise NotImplementedError() # pragma: no cover - - def get_subject_data(self, policy_id, data_id=None, category_id=None): - raise NotImplementedError() # pragma: no cover - - def set_subject_data(self, policy_id, data_id=None, category_id=None, value=None): - raise NotImplementedError() # pragma: no cover - - def delete_subject_data(self, policy_id, data_id): - raise NotImplementedError() # pragma: no cover - - def get_object_data(self, policy_id, data_id=None, category_id=None): - raise NotImplementedError() # pragma: no cover - - def set_object_data(self, policy_id, data_id=None, category_id=None, value=None): - raise NotImplementedError() # pragma: no cover - - def delete_object_data(self, policy_id, data_id): - raise NotImplementedError() # pragma: no cover - - def get_action_data(self, policy_id, data_id=None, category_id=None): - raise NotImplementedError() # pragma: no cover - - def set_action_data(self, policy_id, data_id=None, category_id=None, value=None): - raise NotImplementedError() # pragma: no cover - - def delete_action_data(self, policy_id, data_id): - raise NotImplementedError() # pragma: no cover - - def get_subject_assignments(self, policy_id, subject_id=None, category_id=None): - raise NotImplementedError() # pragma: no cover - - def add_subject_assignment(self, policy_id, subject_id, category_id, data_id): - raise NotImplementedError() # pragma: no cover - - def delete_subject_assignment(self, policy_id, subject_id, category_id, data_id): - raise NotImplementedError() # pragma: no cover - - def get_object_assignments(self, policy_id, assignment_id=None): - raise NotImplementedError() # pragma: no cover - - def add_object_assignment(self, policy_id, subject_id, category_id, data_id): - raise NotImplementedError() # pragma: no cover - - def delete_object_assignment(self, policy_id, object_id, category_id, data_id): - raise NotImplementedError() # pragma: no cover - - def get_action_assignments(self, policy_id, assignment_id=None): - raise NotImplementedError() # pragma: no cover - - def add_action_assignment(self, policy_id, action_id, category_id, data_id): - raise NotImplementedError() # pragma: no cover - - def delete_action_assignment(self, policy_id, action_id, category_id, data_id): - raise NotImplementedError() # pragma: no cover - - def get_rules(self, policy_id, rule_id=None, meta_rule_id=None): - raise NotImplementedError() # pragma: no cover - - def add_rule(self, policy_id, meta_rule_id, value): - raise NotImplementedError() # pragma: no cover - - def delete_rule(self, policy_id, rule_id): - raise NotImplementedError() # pragma: no cover - - -class PDPDriver(Driver): - - def __init__(self, driver_name, engine_name): - super(PDPDriver, self).__init__(driver_name, engine_name) - - def update_pdp(self, pdp_id, value): - raise NotImplementedError() # pragma: no cover - - def delete_pdp(self, pdp_id): - raise NotImplementedError() # pragma: no cover - - def add_pdp(self, pdp_id=None, value=None): - raise NotImplementedError() # pragma: no cover - - def get_pdp(self, pdp_id=None): - raise NotImplementedError() # pragma: no cover - - -class KeystoneDriver(Driver): - - def __init__(self, driver_name, engine_name): - super(KeystoneDriver, self).__init__(driver_name, engine_name) - - -conf = configuration.get_configuration("database")['database'] - -KeystoneManager = keystone.KeystoneManager( - KeystoneDriver(conf['driver'], conf['url']) -) - -ModelManager = model.ModelManager( - ModelDriver(conf['driver'], conf['url']) -) - -PolicyManager = policy.PolicyManager( - PolicyDriver(conf['driver'], conf['url']) -) - -PDPManager = pdp.PDPManager( - PDPDriver(conf['driver'], conf['url']) -) diff --git a/python_moondb/python_moondb/db_manager.py b/python_moondb/python_moondb/db_manager.py deleted file mode 100644 index c251afbb..00000000 --- a/python_moondb/python_moondb/db_manager.py +++ /dev/null @@ -1,82 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. -""" -""" - -import os -import glob -import importlib -import argparse -import logging -from sqlalchemy import create_engine -from python_moonutilities import configuration -from python_moondb.migrate_repo import versions - - -def init_args(): - parser = argparse.ArgumentParser() - parser.add_argument('command', help='command (upgrade or downgrade)', - nargs=1) - parser.add_argument("--verbose", "-v", action='store_true', - help="verbose mode") - parser.add_argument("--debug", "-d", action='store_true', - help="debug mode") - args = parser.parse_args() - - FORMAT = '%(asctime)-15s %(levelname)s %(message)s' - if args.debug: - logging.basicConfig( - format=FORMAT, - level=logging.DEBUG) - elif args.verbose: - logging.basicConfig( - format=FORMAT, - level=logging.INFO) - else: - logging.basicConfig( - format=FORMAT, - level=logging.WARNING) - - requests_log = logging.getLogger("requests.packages.urllib3") - requests_log.setLevel(logging.WARNING) - requests_log.propagate = True - - logger = logging.getLogger("moon.db.manager") - return args, logger - - -def init_engine(): - db_conf = configuration.get_configuration("database")["database"] - return create_engine(db_conf['url']) - - -def main(command, logger, engine): - files = glob.glob(versions.__path__[0] + "/[0-9][0-9][0-9]*.py") - for filename in files: - filename = os.path.basename(filename).replace(".py", "") - o = importlib.import_module( - "python_moondb.migrate_repo.versions.{}".format(filename)) - logger.info("Command is {}".format(command)) - if command in ("upgrade", "u", "up"): - logger.info( - "upgrading python_moondb.migrate_repo.versions.{}".format(filename)) - o.upgrade(engine) - elif command in ("downgrade", "d", "down"): - logger.info( - "downgrading python_moondb.migrate_repo.versions.{}".format( - filename)) - o.downgrade(engine) - else: - logger.critical("Cannot understand the command!") - - -def run(): - args, logger = init_args() - engine = init_engine() - main(args.command[0], logger, engine) - - -if __name__ == "__main__": - run() diff --git a/python_moondb/python_moondb/migrate_repo/__init__.py b/python_moondb/python_moondb/migrate_repo/__init__.py deleted file mode 100644 index e69de29b..00000000 diff --git a/python_moondb/python_moondb/migrate_repo/versions/001_moon.py b/python_moondb/python_moondb/migrate_repo/versions/001_moon.py deleted file mode 100644 index 13670b91..00000000 --- a/python_moondb/python_moondb/migrate_repo/versions/001_moon.py +++ /dev/null @@ -1,267 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import json -import sqlalchemy as sql -from sqlalchemy import types as sql_types - - -class JsonBlob(sql_types.TypeDecorator): - impl = sql.Text - - def process_bind_param(self, value, dialect): - return json.dumps(value) - - def process_result_value(self, value, dialect): - return json.loads(value) - - -def upgrade(migrate_engine): - meta = sql.MetaData() - meta.bind = migrate_engine - - table = sql.Table( - 'pdp', - meta, - sql.Column('id', sql.String(64), primary_key=True), - sql.Column('name', sql.String(256), nullable=False), - sql.Column('keystone_project_id', sql.String(64), nullable=True, default=""), - sql.Column('value', JsonBlob(), nullable=True), - sql.UniqueConstraint('name', 'keystone_project_id', name='unique_constraint_models'), - mysql_engine='InnoDB', - mysql_charset='utf8') - table.create(migrate_engine, checkfirst=True) - - table = sql.Table( - 'policies', - meta, - sql.Column('id', sql.String(64), primary_key=True), - sql.Column('name', sql.String(256), nullable=False), - sql.Column('model_id', sql.String(64), nullable=True, default=""), - sql.Column('value', JsonBlob(), nullable=True), - sql.UniqueConstraint('name', 'model_id', name='unique_constraint_models'), - mysql_engine='InnoDB', - mysql_charset='utf8') - table.create(migrate_engine, checkfirst=True) - - table = sql.Table( - 'models', - meta, - sql.Column('id', sql.String(64), primary_key=True), - sql.Column('name', sql.String(256), nullable=False), - sql.Column('value', JsonBlob(), nullable=True), - sql.UniqueConstraint('name', name='unique_constraint_models'), - mysql_engine='InnoDB', - mysql_charset='utf8') - table.create(migrate_engine, checkfirst=True) - - subject_categories_table = sql.Table( - 'subject_categories', - meta, - sql.Column('id', sql.String(64), primary_key=True), - sql.Column('name', sql.String(256), nullable=False), - sql.Column('description', sql.String(256), nullable=True), - - sql.UniqueConstraint('name', name='unique_constraint_subject_categories'), - mysql_engine='InnoDB', - mysql_charset='utf8') - subject_categories_table.create(migrate_engine, checkfirst=True) - - object_categories_table = sql.Table( - 'object_categories', - meta, - sql.Column('id', sql.String(64), primary_key=True), - sql.Column('name', sql.String(256), nullable=False), - sql.Column('description', sql.String(256), nullable=True), - - sql.UniqueConstraint('name', name='unique_constraint_object_categories'), - mysql_engine='InnoDB', - mysql_charset='utf8') - object_categories_table.create(migrate_engine, checkfirst=True) - - action_categories_table = sql.Table( - 'action_categories', - meta, - sql.Column('id', sql.String(64), primary_key=True), - sql.Column('name', sql.String(256), nullable=False), - sql.Column('description', sql.String(256), nullable=True), - - sql.UniqueConstraint('name', name='unique_constraint_action_categories'), - mysql_engine='InnoDB', - mysql_charset='utf8') - action_categories_table.create(migrate_engine, checkfirst=True) - - subjects_table = sql.Table( - 'subjects', - meta, - sql.Column('id', sql.String(64), primary_key=True), - sql.Column('name', sql.String(256), nullable=False), - sql.Column('value', JsonBlob(), nullable=True), - sql.UniqueConstraint('name', name='unique_constraint_subjects'), - mysql_engine='InnoDB', - mysql_charset='utf8') - subjects_table.create(migrate_engine, checkfirst=True) - - objects_table = sql.Table( - 'objects', - meta, - sql.Column('id', sql.String(64), primary_key=True), - sql.Column('name', sql.String(256), nullable=False), - sql.Column('value', JsonBlob(), nullable=True), - sql.UniqueConstraint('name', name='unique_constraint_objects'), - mysql_engine='InnoDB', - mysql_charset='utf8') - objects_table.create(migrate_engine, checkfirst=True) - - actions_table = sql.Table( - 'actions', - meta, - sql.Column('id', sql.String(64), primary_key=True), - sql.Column('name', sql.String(256), nullable=False), - sql.Column('value', JsonBlob(), nullable=True), - sql.UniqueConstraint('name', name='unique_constraint_actions'), - mysql_engine='InnoDB', - mysql_charset='utf8') - actions_table.create(migrate_engine, checkfirst=True) - - subject_data_table = sql.Table( - 'subject_data', - meta, - sql.Column('id', sql.String(64), primary_key=True), - sql.Column('name', sql.String(256), nullable=False), - sql.Column('value', JsonBlob(), nullable=True), - sql.Column('category_id', sql.ForeignKey("subject_categories.id"), nullable=False), - sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False), - sql.UniqueConstraint('name', 'category_id', 'policy_id', - name='unique_constraint_subject_data'), - mysql_engine='InnoDB', - mysql_charset='utf8') - subject_data_table.create(migrate_engine, checkfirst=True) - - object_data_table = sql.Table( - 'object_data', - meta, - sql.Column('id', sql.String(64), primary_key=True), - sql.Column('name', sql.String(256), nullable=False), - sql.Column('value', JsonBlob(), nullable=True), - sql.Column('category_id', sql.ForeignKey("object_categories.id"), nullable=False), - sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False), - sql.UniqueConstraint('name', 'category_id', 'policy_id', - name='unique_constraint_object_data'), - mysql_engine='InnoDB', - mysql_charset='utf8') - object_data_table.create(migrate_engine, checkfirst=True) - - action_data_table = sql.Table( - 'action_data', - meta, - sql.Column('id', sql.String(64), primary_key=True), - sql.Column('name', sql.String(256), nullable=False), - sql.Column('value', JsonBlob(), nullable=True), - sql.Column('category_id', sql.ForeignKey("action_categories.id"), nullable=False), - sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False), - sql.UniqueConstraint('name', 'category_id', 'policy_id', - name='unique_constraint_action_data'), - mysql_engine='InnoDB', - mysql_charset='utf8') - action_data_table.create(migrate_engine, checkfirst=True) - - subject_assignments_table = sql.Table( - 'subject_assignments', - meta, - sql.Column('id', sql.String(64), primary_key=True), - sql.Column('assignments', sql.String(256), nullable=True), - sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False), - sql.Column('subject_id', sql.ForeignKey("subjects.id"), nullable=False), - sql.Column('category_id', sql.ForeignKey("subject_categories.id"), nullable=False), - sql.UniqueConstraint('policy_id', 'subject_id', 'category_id', - name='unique_constraint_subject_assignment'), - mysql_engine='InnoDB', - mysql_charset='utf8') - subject_assignments_table.create(migrate_engine, checkfirst=True) - - object_assignments_table = sql.Table( - 'object_assignments', - meta, - sql.Column('id', sql.String(64), primary_key=True), - sql.Column('assignments', sql.String(256), nullable=True), - sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False), - sql.Column('object_id', sql.ForeignKey("objects.id"), nullable=False), - sql.Column('category_id', sql.ForeignKey("object_categories.id"), nullable=False), - sql.UniqueConstraint('policy_id', 'object_id', 'category_id', - name='unique_constraint_object_assignment'), - mysql_engine='InnoDB', - mysql_charset='utf8') - object_assignments_table.create(migrate_engine, checkfirst=True) - - action_assignments_table = sql.Table( - 'action_assignments', - meta, - sql.Column('id', sql.String(64), primary_key=True), - sql.Column('assignments', sql.String(256), nullable=True), - sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False), - sql.Column('action_id', sql.ForeignKey("actions.id"), nullable=False), - sql.Column('category_id', sql.ForeignKey("action_categories.id"), nullable=False), - sql.UniqueConstraint('policy_id', 'action_id', 'category_id', - name='unique_constraint_action_assignment'), - mysql_engine='InnoDB', - mysql_charset='utf8') - action_assignments_table.create(migrate_engine, checkfirst=True) - - meta_rules_table = sql.Table( - 'meta_rules', - meta, - sql.Column('id', sql.String(64), primary_key=True), - sql.Column('name', sql.String(256), nullable=False), - sql.Column('subject_categories', JsonBlob(), nullable=False), - sql.Column('object_categories', JsonBlob(), nullable=False), - sql.Column('action_categories', JsonBlob(), nullable=False), - sql.Column('value', JsonBlob(), nullable=True), - sql.UniqueConstraint('name', name='unique_constraint_meta_rule_name'), - # sql.UniqueConstraint('subject_categories', 'object_categories', 'action_categories', name='unique_constraint_meta_rule_def'), - mysql_engine='InnoDB', - mysql_charset='utf8') - meta_rules_table.create(migrate_engine, checkfirst=True) - - rules_table = sql.Table( - 'rules', - meta, - sql.Column('id', sql.String(64), primary_key=True), - sql.Column('rule', JsonBlob(), nullable=True), - sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False), - sql.Column('meta_rule_id', sql.ForeignKey("meta_rules.id"), nullable=False), - mysql_engine='InnoDB', - mysql_charset='utf8') - rules_table.create(migrate_engine, checkfirst=True) - - -def downgrade(migrate_engine): - meta = sql.MetaData() - meta.bind = migrate_engine - - for _table in ( - 'rules', - 'meta_rules', - 'action_assignments', - 'object_assignments', - 'subject_assignments', - 'action_data', - 'object_data', - 'subject_data', - 'actions', - 'objects', - 'subjects', - 'action_categories', - 'object_categories', - 'subject_categories', - 'models', - 'policies', - 'pdp' - ): - try: - table = sql.Table(_table, meta, autoload=True) - table.drop(migrate_engine, checkfirst=True) - except Exception as e: - print(e) diff --git a/python_moondb/python_moondb/migrate_repo/versions/__init__.py b/python_moondb/python_moondb/migrate_repo/versions/__init__.py deleted file mode 100644 index e69de29b..00000000 diff --git a/python_moondb/requirements.txt b/python_moondb/requirements.txt deleted file mode 100644 index a205666f..00000000 --- a/python_moondb/requirements.txt +++ /dev/null @@ -1,4 +0,0 @@ -stevedore -sqlalchemy -pymysql -requests diff --git a/python_moondb/setup.py b/python_moondb/setup.py deleted file mode 100644 index e34369d4..00000000 --- a/python_moondb/setup.py +++ /dev/null @@ -1,54 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -from setuptools import setup, find_packages -import python_moondb - - -with open('requirements.txt') as f: - required = f.read().splitlines() - -setup( - - name='python-moondb', - - version=python_moondb.__version__, - - packages=find_packages(), - - author="Thomas Duval", - - author_email="thomas.duval@orange.com", - - description="This library is a helper to interact with the Moon database.", - - long_description=open('README.md').read(), - - install_requires=required, - - include_package_data=True, - - url='https://git.opnfv.org/cgit/moon/', - - classifiers=[ - "Programming Language :: Python", - "Development Status :: 1 - Planning", - "License :: OSI Approved", - "Natural Language :: English", - "Operating System :: OS Independent", - "Programming Language :: Python :: 3", - ], - - entry_points={ - "moon_db.driver": - [ - "sql = python_moondb.backends.sql:SQLConnector", - ], - 'console_scripts': [ - 'moon_db_manager = python_moondb.db_manager:run', - ], - } - -) diff --git a/python_moondb/tests/unit_python/conftest.py b/python_moondb/tests/unit_python/conftest.py deleted file mode 100644 index a1057907..00000000 --- a/python_moondb/tests/unit_python/conftest.py +++ /dev/null @@ -1,145 +0,0 @@ -import base64 -import json -import logging -import os -import pytest -import requests_mock -import mock_components -import mock_keystone - -CONF = { - "openstack": { - "keystone": { - "url": "http://keystone:5000/v3", - "user": "admin", - "check_token": False, - "password": "p4ssw0rd", - "domain": "default", - "certificate": False, - "project": "admin" - } - }, - "components": { - "wrapper": { - "bind": "0.0.0.0", - "port": 8080, - "container": "wukongsun/moon_wrapper:v4.3", - "timeout": 5, - "hostname": "wrapper" - }, - "manager": { - "bind": "0.0.0.0", - "port": 8082, - "container": "wukongsun/moon_manager:v4.3", - "hostname": "manager" - }, - "port_start": 31001, - "orchestrator": { - "bind": "0.0.0.0", - "port": 8083, - "container": "wukongsun/moon_orchestrator:v4.3", - "hostname": "interface" - }, - "interface": { - "bind": "0.0.0.0", - "port": 8080, - "container": "wukongsun/moon_interface:v4.3", - "hostname": "interface" - } - }, - "plugins": { - "session": { - "port": 8082, - "container": "asteroide/session:latest" - }, - "authz": { - "port": 8081, - "container": "wukongsun/moon_authz:v4.3" - } - }, - "logging": { - "handlers": { - "file": { - "filename": "/tmp/moon.log", - "class": "logging.handlers.RotatingFileHandler", - "level": "DEBUG", - "formatter": "custom", - "backupCount": 3, - "maxBytes": 1048576 - }, - "console": { - "class": "logging.StreamHandler", - "formatter": "brief", - "level": "INFO", - "stream": "ext://sys.stdout" - } - }, - "formatters": { - "brief": { - "format": "%(levelname)s %(name)s %(message)-30s" - }, - "custom": { - "format": "%(asctime)-15s %(levelname)s %(name)s %(message)s" - } - }, - "root": { - "handlers": [ - "console" - ], - "level": "ERROR" - }, - "version": 1, - "loggers": { - "moon": { - "handlers": [ - "console", - "file" - ], - "propagate": False, - "level": "DEBUG" - } - } - }, - "slave": { - "name": None, - "master": { - "url": None, - "login": None, - "password": None - } - }, - "docker": { - "url": "tcp://172.88.88.1:2376", - "network": "moon" - }, - "database": { - "url": "sqlite:///database.db", - # "url": "mysql+pymysql://moon:p4sswOrd1@db/moon", - "driver": "sql" - }, - "messenger": { - "url": "rabbit://moon:p4sswOrd1@messenger:5672/moon" - } -} - - -@pytest.fixture -def db(): - return CONF['database'] - - -@pytest.fixture(autouse=True) -def set_consul_and_db(monkeypatch): - """ Modify the response from Requests module - """ - with requests_mock.Mocker(real_http=True) as m: - mock_components.register_components(m) - mock_keystone.register_keystone(m) - - from python_moondb.db_manager import init_engine, main - engine = init_engine() - main("upgrade", logging.getLogger("db_manager"), engine) - yield m - os.unlink(CONF['database']['url'].replace("sqlite:///", "")) - - diff --git a/python_moondb/tests/unit_python/helpers/__init__.py b/python_moondb/tests/unit_python/helpers/__init__.py deleted file mode 100644 index e69de29b..00000000 diff --git a/python_moondb/tests/unit_python/helpers/assignment_helper.py b/python_moondb/tests/unit_python/helpers/assignment_helper.py deleted file mode 100644 index 22a56e38..00000000 --- a/python_moondb/tests/unit_python/helpers/assignment_helper.py +++ /dev/null @@ -1,49 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -def get_action_assignments(policy_id, action_id=None, category_id=None): - from python_moondb.core import PolicyManager - return PolicyManager.get_action_assignments("", policy_id, action_id, category_id) - - -def add_action_assignment(policy_id, action_id, category_id, data_id): - from python_moondb.core import PolicyManager - return PolicyManager.add_action_assignment("", policy_id, action_id, category_id, data_id) - - -def delete_action_assignment(policy_id, action_id, category_id, data_id): - from python_moondb.core import PolicyManager - PolicyManager.delete_action_assignment("", policy_id, action_id, category_id, data_id) - - -def get_object_assignments(policy_id, object_id=None, category_id=None): - from python_moondb.core import PolicyManager - return PolicyManager.get_object_assignments("", policy_id, object_id, category_id) - - -def add_object_assignment(policy_id, object_id, category_id, data_id): - from python_moondb.core import PolicyManager - return PolicyManager.add_object_assignment("", policy_id, object_id, category_id, data_id) - - -def delete_object_assignment(policy_id, object_id, category_id, data_id): - from python_moondb.core import PolicyManager - PolicyManager.delete_object_assignment("", policy_id, object_id, category_id, data_id) - - -def get_subject_assignments(policy_id, subject_id=None, category_id=None): - from python_moondb.core import PolicyManager - return PolicyManager.get_subject_assignments("", policy_id, subject_id, category_id) - - -def add_subject_assignment(policy_id, subject_id, category_id, data_id): - from python_moondb.core import PolicyManager - return PolicyManager.add_subject_assignment("", policy_id, subject_id, category_id, data_id) - - -def delete_subject_assignment(policy_id, subject_id, category_id, data_id): - from python_moondb.core import PolicyManager - PolicyManager.delete_subject_assignment("", policy_id, subject_id, category_id, data_id) - diff --git a/python_moondb/tests/unit_python/helpers/category_helper.py b/python_moondb/tests/unit_python/helpers/category_helper.py deleted file mode 100644 index 55e95d91..00000000 --- a/python_moondb/tests/unit_python/helpers/category_helper.py +++ /dev/null @@ -1,54 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -def add_subject_category(cat_id=None, value=None): - from python_moondb.core import ModelManager - category = ModelManager.add_subject_category(user_id=None, category_id=cat_id, value=value) - return category - - -def get_subject_category(cat_id=None): - from python_moondb.core import ModelManager - category = ModelManager.get_subject_categories(user_id=None, category_id=cat_id) - return category - - -def add_object_category(cat_id=None, value=None): - from python_moondb.core import ModelManager - category = ModelManager.add_object_category(user_id=None, category_id=cat_id, value=value) - return category - - -def get_object_category(cat_id=None): - from python_moondb.core import ModelManager - category = ModelManager.get_object_categories(user_id=None, category_id=cat_id) - return category - - -def add_action_category(cat_id=None, value=None): - from python_moondb.core import ModelManager - category = ModelManager.add_action_category(user_id=None, category_id=cat_id, value=value) - return category - - -def get_action_category(cat_id=None): - from python_moondb.core import ModelManager - category = ModelManager.get_action_categories(user_id=None, category_id=cat_id) - return category - - -def delete_subject_category(category_id=None): - from python_moondb.core import ModelManager - return ModelManager.delete_subject_category("", category_id=category_id) - - -def delete_object_category(category_id=None): - from python_moondb.core import ModelManager - return ModelManager.delete_object_category("", category_id=category_id) - - -def delete_action_category(category_id=None): - from python_moondb.core import ModelManager - return ModelManager.delete_action_category("", category_id=category_id) diff --git a/python_moondb/tests/unit_python/helpers/data_helper.py b/python_moondb/tests/unit_python/helpers/data_helper.py deleted file mode 100644 index 8a8238f5..00000000 --- a/python_moondb/tests/unit_python/helpers/data_helper.py +++ /dev/null @@ -1,98 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -def get_action_data(policy_id, data_id=None, category_id=None): - from python_moondb.core import PolicyManager - return PolicyManager.get_action_data("", policy_id, data_id, category_id) - - -def add_action_data(policy_id, data_id=None, category_id=None, value=None): - from python_moondb.core import PolicyManager - return PolicyManager.add_action_data("", policy_id, data_id, category_id, value) - - -def delete_action_data(policy_id, data_id): - from python_moondb.core import PolicyManager - PolicyManager.delete_action_data("",policy_id=policy_id, data_id=data_id) - - -def get_object_data(policy_id, data_id=None, category_id=None): - from python_moondb.core import PolicyManager - return PolicyManager.get_object_data("", policy_id, data_id, category_id) - - -def add_object_data(policy_id, data_id=None, category_id=None, value=None): - from python_moondb.core import PolicyManager - return PolicyManager.add_object_data("", policy_id, data_id, category_id, value) - - -def delete_object_data(policy_id, data_id): - from python_moondb.core import PolicyManager - PolicyManager.delete_object_data("", policy_id=policy_id, data_id=data_id) - - -def get_subject_data(policy_id, data_id=None, category_id=None): - from python_moondb.core import PolicyManager - return PolicyManager.get_subject_data("", policy_id, data_id, category_id) - - -def add_subject_data(policy_id, data_id=None, category_id=None, value=None): - from python_moondb.core import PolicyManager - return PolicyManager.set_subject_data("", policy_id, data_id, category_id, value) - - -def delete_subject_data(policy_id, data_id): - from python_moondb.core import PolicyManager - PolicyManager.delete_subject_data("", policy_id=policy_id, data_id=data_id) - - -def get_actions(policy_id, perimeter_id=None): - from python_moondb.core import PolicyManager - return PolicyManager.get_actions("", policy_id, perimeter_id) - - -def add_action(policy_id, perimeter_id=None, value=None): - from python_moondb.core import PolicyManager - return PolicyManager.add_action("", policy_id, perimeter_id, value) - - -def delete_action(policy_id, perimeter_id): - from python_moondb.core import PolicyManager - PolicyManager.delete_action("", policy_id, perimeter_id) - - -def get_objects(policy_id, perimeter_id=None): - from python_moondb.core import PolicyManager - return PolicyManager.get_objects("", policy_id, perimeter_id) - - -def add_object(policy_id, perimeter_id=None, value=None): - from python_moondb.core import PolicyManager - return PolicyManager.add_object("", policy_id, perimeter_id, value) - - -def delete_object(policy_id, perimeter_id): - from python_moondb.core import PolicyManager - PolicyManager.delete_object("", policy_id, perimeter_id) - - -def get_subjects(policy_id, perimeter_id=None): - from python_moondb.core import PolicyManager - return PolicyManager.get_subjects("", policy_id, perimeter_id) - - -def add_subject(policy_id, perimeter_id=None, value=None): - from python_moondb.core import PolicyManager - return PolicyManager.add_subject("", policy_id, perimeter_id, value) - - -def delete_subject(policy_id, perimeter_id): - from python_moondb.core import PolicyManager - PolicyManager.delete_subject("", policy_id, perimeter_id) - - -def get_available_metadata(policy_id): - from python_moondb.core import PolicyManager - return PolicyManager.get_available_metadata("", policy_id) diff --git a/python_moondb/tests/unit_python/helpers/meta_rule_helper.py b/python_moondb/tests/unit_python/helpers/meta_rule_helper.py deleted file mode 100644 index 87af250a..00000000 --- a/python_moondb/tests/unit_python/helpers/meta_rule_helper.py +++ /dev/null @@ -1,48 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -from helpers import mock_data - - -def update_meta_rule(meta_rule_id, value=None): - from python_moondb.core import ModelManager - if not value: - action_category_id = mock_data.create_action_category("action_category_id1") - subject_category_id = mock_data.create_subject_category("subject_category_id1") - object_category_id = mock_data.create_object_category("object_category_id1") - value = { - "name": "MLS_meta_rule", - "description": "test", - "subject_categories": [subject_category_id], - "object_categories": [object_category_id], - "action_categories": [action_category_id] - } - return ModelManager.update_meta_rule(user_id=None, meta_rule_id=meta_rule_id, value=value) - - -def add_meta_rule(meta_rule_id=None, value=None): - from python_moondb.core import ModelManager - if not value: - action_category_id = mock_data.create_action_category("action_category_id1") - subject_category_id = mock_data.create_subject_category("subject_category_id1") - object_category_id = mock_data.create_object_category("object_category_id1") - value = { - "name": "MLS_meta_rule", - "description": "test", - "subject_categories": [subject_category_id], - "object_categories": [object_category_id], - "action_categories": [action_category_id] - } - return ModelManager.add_meta_rule(user_id=None, meta_rule_id=meta_rule_id, value=value) - - -def get_meta_rules(meta_rule_id=None): - from python_moondb.core import ModelManager - return ModelManager.get_meta_rules(user_id=None, meta_rule_id=meta_rule_id) - - -def delete_meta_rules(meta_rule_id=None): - from python_moondb.core import ModelManager - ModelManager.delete_meta_rule(user_id=None, meta_rule_id=meta_rule_id) diff --git a/python_moondb/tests/unit_python/helpers/mock_data.py b/python_moondb/tests/unit_python/helpers/mock_data.py deleted file mode 100644 index 0d65ea02..00000000 --- a/python_moondb/tests/unit_python/helpers/mock_data.py +++ /dev/null @@ -1,156 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -from .category_helper import * -from .policy_helper import * -from .data_helper import * -from .model_helper import * -from .meta_rule_helper import * -from uuid import uuid4 - - -def create_subject_category(name): - subject_category = add_subject_category( - value={"name": name, "description": "description 1"}) - return list(subject_category.keys())[0] - - -def create_object_category(name): - object_category = add_object_category( - value={"name": name, "description": "description 1"}) - return list(object_category.keys())[0] - - -def create_action_category(name): - action_category = add_action_category( - value={"name": name, "description": "description 1"}) - return list(action_category.keys())[0] - - -def create_model(meta_rule_id, model_name="test_model"): - value = { - "name": model_name, - "description": "test", - "meta_rules": [meta_rule_id] - - } - return value - - -def create_policy(model_id, policy_name="policy_1"): - value = { - "name": policy_name, - "model_id": model_id, - "genre": "authz", - "description": "test", - } - return value - - -def create_pdp(policies_ids): - value = { - "name": "test_pdp", - "security_pipeline": policies_ids, - "keystone_project_id": "keystone_project_id1", - "description": "...", - } - return value - - -def create_new_policy(subject_category_name="subjectCategory", object_category_name="objectCategory", - action_category_name="actionCategory", - model_name="test_model", policy_name="policy_name", - meta_rule_name="meta_rule_"): - if policy_name == "policy_name": - policy_name = "policy_name_" + uuid4().hex - - subject_category_id, object_category_id, action_category_id, meta_rule_id = create_new_meta_rule( - subject_category_name=subject_category_name + uuid4().hex, - object_category_name=object_category_name + uuid4().hex, - action_category_name=action_category_name + uuid4().hex, - meta_rule_name=meta_rule_name + uuid4().hex - ) - model = add_model(value=create_model(meta_rule_id, model_name)) - model_id = list(model.keys())[0] - value = create_policy(model_id, policy_name) - policy = add_policies(value=value) - assert policy - policy_id = list(policy.keys())[0] - return subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id - - -def create_new_meta_rule(subject_category_name="subject_category" + uuid4().hex, - object_category_name="object_category" + uuid4().hex, - action_category_name="action_category" + uuid4().hex, - meta_rule_name="meta_rule" + uuid4().hex): - from python_moondb.core import ModelManager - - subject_category_id = create_subject_category(subject_category_name) - object_category_id = create_object_category(object_category_name) - action_category_id = create_action_category(action_category_name) - value = {"name": meta_rule_name, - "algorithm": "name of the meta rule algorithm", - "subject_categories": [subject_category_id], - "object_categories": [object_category_id], - "action_categories": [action_category_id] - } - # meta_rule = add_meta_rule(value=value) - meta_rule = ModelManager.add_meta_rule(user_id=None, meta_rule_id=None, value=value) - return subject_category_id, object_category_id, action_category_id, list(meta_rule.keys())[0] - - -def create_subject(policy_id): - value = { - "name": "testuser", - "description": "test", - } - subject = add_subject(policy_id=policy_id, value=value) - return list(subject.keys())[0] - - -def create_object(policy_id): - value = { - "name": "testobject", - "description": "test", - } - object = add_object(policy_id=policy_id, value=value) - return list(object.keys())[0] - - -def create_action(policy_id): - value = { - "name": "testaction", - "description": "test", - } - action = add_action(policy_id=policy_id, value=value) - return list(action.keys())[0] - - -def create_subject_data(policy_id, category_id): - value = { - "name": uuid4().hex, - "description": {uuid4().hex: "", uuid4().hex: "", uuid4().hex: ""}, - } - subject_data = add_subject_data(policy_id=policy_id, category_id=category_id, value=value).get('data') - assert subject_data - return list(subject_data.keys())[0] - - -def create_object_data(policy_id, category_id): - value = { - "name": uuid4().hex, - "description": {uuid4().hex: "", uuid4().hex: "", uuid4().hex: ""}, - } - object_data = add_object_data(policy_id=policy_id, category_id=category_id, value=value).get('data') - return list(object_data.keys())[0] - - -def create_action_data(policy_id, category_id): - value = { - "name": uuid4().hex, - "description": {uuid4().hex: "", uuid4().hex: "", uuid4().hex: ""}, - } - action_data = add_action_data(policy_id=policy_id, category_id=category_id, value=value).get('data') - return list(action_data.keys())[0] diff --git a/python_moondb/tests/unit_python/helpers/model_helper.py b/python_moondb/tests/unit_python/helpers/model_helper.py deleted file mode 100644 index 98a6271d..00000000 --- a/python_moondb/tests/unit_python/helpers/model_helper.py +++ /dev/null @@ -1,47 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -from helpers import mock_data -from uuid import uuid4 - -def get_models(model_id=None): - from python_moondb.core import ModelManager - return ModelManager.get_models(user_id=None, model_id=model_id) - - -def add_model(model_id=None, value=None): - from python_moondb.core import ModelManager - if not value: - subject_category_id, object_category_id, action_category_id, meta_rule_id = mock_data.create_new_meta_rule() - name = "MLS" if model_id is None else "MLS " + model_id - value = { - "name": name, - "description": "test", - "meta_rules": [meta_rule_id] - } - return ModelManager.add_model(user_id=None, model_id=model_id, value=value) - - -def delete_models(uuid=None, name=None): - from python_moondb.core import ModelManager - if not uuid: - for model_id, model_value in get_models(): - if name == model_value['name']: - uuid = model_id - break - ModelManager.delete_model(user_id=None, model_id=uuid) - - -def delete_all_models(): - from python_moondb.core import ModelManager - models_values = get_models() - print(models_values) - for model_id, model_value in models_values.items(): - ModelManager.delete_model(user_id=None, model_id=model_id) - - -def update_model(model_id=None, value=None): - from python_moondb.core import ModelManager - return ModelManager.update_model(user_id=None, model_id=model_id, value=value) diff --git a/python_moondb/tests/unit_python/helpers/pdp_helper.py b/python_moondb/tests/unit_python/helpers/pdp_helper.py deleted file mode 100644 index 3d169b06..00000000 --- a/python_moondb/tests/unit_python/helpers/pdp_helper.py +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -def update_pdp(pdp_id, value): - from python_moondb.core import PDPManager - return PDPManager.update_pdp("", pdp_id, value) - - -def delete_pdp(pdp_id): - from python_moondb.core import PDPManager - PDPManager.delete_pdp("", pdp_id) - - -def add_pdp(pdp_id=None, value=None): - from python_moondb.core import PDPManager - return PDPManager.add_pdp("", pdp_id, value) - - -def get_pdp(pdp_id=None): - from python_moondb.core import PDPManager - return PDPManager.get_pdp("", pdp_id) diff --git a/python_moondb/tests/unit_python/helpers/policy_helper.py b/python_moondb/tests/unit_python/helpers/policy_helper.py deleted file mode 100644 index 93d81c62..00000000 --- a/python_moondb/tests/unit_python/helpers/policy_helper.py +++ /dev/null @@ -1,72 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. -from helpers import mock_data as mock_data -from helpers import meta_rule_helper - -def get_policies(): - from python_moondb.core import PolicyManager - return PolicyManager.get_policies("admin") - - -def add_policies(policy_id=None, value=None): - from python_moondb.core import PolicyManager - if not value: - value = { - "name": "test_policy", - "model_id": "", - "genre": "authz", - "description": "test", - } - return PolicyManager.add_policy("admin", policy_id=policy_id, value=value) - - -def delete_policies(uuid=None, name=None): - from python_moondb.core import PolicyManager - if not uuid: - for policy_id, policy_value in get_policies(): - if name == policy_value['name']: - uuid = policy_id - break - PolicyManager.delete_policy("admin", uuid) - - -def update_policy(policy_id, value): - from python_moondb.core import PolicyManager - return PolicyManager.update_policy("admin", policy_id, value) - - -def get_policy_from_meta_rules(meta_rule_id): - from python_moondb.core import PolicyManager - return PolicyManager.get_policy_from_meta_rules("admin", meta_rule_id) - - -def get_rules(policy_id=None, meta_rule_id=None, rule_id=None): - from python_moondb.core import PolicyManager - return PolicyManager.get_rules("", policy_id, meta_rule_id, rule_id) - - -def add_rule(policy_id, meta_rule_id, value=None): - from python_moondb.core import PolicyManager - if not value: - meta_rule = meta_rule_helper.get_meta_rules(meta_rule_id) - sub_cat_id = meta_rule[meta_rule_id]['subject_categories'][0] - ob_cat_id = meta_rule[meta_rule_id]['object_categories'][0] - act_cat_id = meta_rule[meta_rule_id]['action_categories'][0] - - subject_data_id = mock_data.create_subject_data(policy_id=policy_id, category_id=sub_cat_id) - object_data_id = mock_data.create_object_data(policy_id=policy_id, category_id=ob_cat_id) - action_data_id = mock_data.create_action_data(policy_id=policy_id, category_id=act_cat_id) - - value = { - "rule": (subject_data_id, object_data_id, action_data_id), - "instructions": ({"decision": "grant"}), - "enabled": "", - } - return PolicyManager.add_rule("", policy_id, meta_rule_id, value) - - -def delete_rule(policy_id=None, rule_id=None): - from python_moondb.core import PolicyManager - PolicyManager.delete_rule("", policy_id, rule_id) diff --git a/python_moondb/tests/unit_python/mock_components.py b/python_moondb/tests/unit_python/mock_components.py deleted file mode 100644 index a0319e1a..00000000 --- a/python_moondb/tests/unit_python/mock_components.py +++ /dev/null @@ -1,27 +0,0 @@ -import utilities - -COMPONENTS = ( - "logging", - "openstack/keystone", - "database", - "slave", - "components/manager", - "components/orchestrator", - "components/interface", -) - - -def register_components(m): - for component in COMPONENTS: - m.register_uri( - 'GET', 'http://consul:8500/v1/kv/{}'.format(component), - json=[{'Key': component, 'Value': utilities.get_b64_conf(component)}] - ) - - m.register_uri( - 'GET', 'http://consul:8500/v1/kv/components?recurse=true', - json=[ - {"Key": key, "Value": utilities.get_b64_conf(key)} for key in COMPONENTS - ], - # json={'Key': "components", 'Value': get_b64_conf("components")} - ) \ No newline at end of file diff --git a/python_moondb/tests/unit_python/mock_keystone.py b/python_moondb/tests/unit_python/mock_keystone.py deleted file mode 100644 index 3f262538..00000000 --- a/python_moondb/tests/unit_python/mock_keystone.py +++ /dev/null @@ -1,33 +0,0 @@ -def register_keystone(m): - m.register_uri( - 'POST', 'http://keystone:5000/v3/auth/tokens', - headers={'X-Subject-Token': "111111111"} - ) - m.register_uri( - 'DELETE', 'http://keystone:5000/v3/auth/tokens', - headers={'X-Subject-Token': "111111111"} - ) - m.register_uri( - 'POST', 'http://keystone:5000/v3/users?name=testuser&domain_id=default', - json={"users": {}} - ) - m.register_uri( - 'GET', 'http://keystone:5000/v3/users?name=testuser&domain_id=default', - json={"users": {}} - ) - m.register_uri( - 'POST', 'http://keystone:5000/v3/users/', - json={"users": [{ - "id": "1111111111111" - }]} - ) - m.register_uri( - 'POST', 'http://keystone:5000/v3/projects/', - json={ - "description": "test_project", - "domain_id": ['domain_id_1'], - "enabled": True, - "is_domain": False, - "name": 'project_1' - } - ) diff --git a/python_moondb/tests/unit_python/models/__init__.py b/python_moondb/tests/unit_python/models/__init__.py deleted file mode 100755 index e69de29b..00000000 diff --git a/python_moondb/tests/unit_python/models/test_categories.py b/python_moondb/tests/unit_python/models/test_categories.py deleted file mode 100644 index 39dc4c71..00000000 --- a/python_moondb/tests/unit_python/models/test_categories.py +++ /dev/null @@ -1,111 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import pytest -import logging -from python_moonutilities.exceptions import * -from helpers import category_helper - -logger = logging.getLogger("moon.db.tests.models.test_categories") - - -def test_add_subject_category_twice(): - category = category_helper.add_subject_category( - value={"name": "category name", "description": "description 1"}) - category_id = list(category.keys())[0] - assert category is not None - with pytest.raises(SubjectCategoryExisting): - category_helper.add_subject_category(category_id, - value={"name": "category name", - "description": "description 2"}) - - -def test_add_subject_category_name_space(): - with pytest.raises(CategoryNameInvalid) as exp: - category = category_helper.add_subject_category(value={"name": " ", "description": - "description 1"}) - assert exp.value.code == 400 - assert exp.value.description == 'The given category name is invalid.' - - -def test_get_subject_categories(): - added_category = category_helper.add_subject_category( - value={"name": "category name", "description": "description 1"}) - category_id = list(added_category.keys())[0] - subject_category = category_helper.get_subject_category(category_id) - assert subject_category == added_category - - -def test_get_subject_categories_with_invalid_id(): - category_id = "invalid_id" - subject_category = category_helper.get_subject_category(category_id) - assert len(subject_category) == 0 - - -def test_add_object_category_twice(): - category = category_helper.add_object_category( - value={"name": "category name", "description": "description 1"}) - category_id = list(category.keys())[0] - assert category is not None - with pytest.raises(ObjectCategoryExisting): - category_helper.add_object_category(category_id, - value={"name": "category name", - "description": "description 2"}) - - -def test_add_object_category_name_space(): - with pytest.raises(CategoryNameInvalid) as exp: - category = category_helper.add_object_category(value={"name": " ", "description": - "description 1"}) - assert exp.value.code == 400 - assert exp.value.description == 'The given category name is invalid.' - - -def test_get_object_categories(): - added_category = category_helper.add_object_category( - value={"name": "category name", "description": "description 1"}) - category_id = list(added_category.keys())[0] - object_category = category_helper.get_object_category(category_id) - assert object_category == added_category - - -def test_get_object_categories_with_invalid_id(): - category_id = "invalid_id" - object_category = category_helper.get_object_category(category_id) - assert len(object_category) == 0 - - -def test_add_action_category_twice(): - category = category_helper.add_action_category( - value={"name": "category name", "description": "description 1"}) - category_id = list(category.keys())[0] - assert category is not None - with pytest.raises(ActionCategoryExisting) as exp_info: - category_helper.add_action_category(category_id, - value={"name": "category name", - "description": "description 2"}) - assert str(exp_info.value)=='409: Action Category Existing' - - -def test_add_action_category_name_space(): - with pytest.raises(CategoryNameInvalid) as exp: - category = category_helper.add_action_category(value={"name": " ", "description": - "description 1"}) - assert exp.value.code == 400 - assert exp.value.description == 'The given category name is invalid.' - - -def test_get_action_categories(): - added_category = category_helper.add_action_category( - value={"name": "category name", "description": "description 1"}) - category_id = list(added_category.keys())[0] - action_category = category_helper.get_action_category(category_id) - assert action_category == added_category - - -def test_get_action_categories_with_invalid_id(): - category_id = "invalid_id" - action_category = category_helper.get_action_category(category_id) - assert len(action_category) == 0 diff --git a/python_moondb/tests/unit_python/models/test_meta_rules.py b/python_moondb/tests/unit_python/models/test_meta_rules.py deleted file mode 100644 index 3b2b5b0e..00000000 --- a/python_moondb/tests/unit_python/models/test_meta_rules.py +++ /dev/null @@ -1,403 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import pytest -from helpers import meta_rule_helper -from helpers import policy_helper -import helpers.mock_data as mock_data -import helpers.model_helper as model_helper -from python_moonutilities.exceptions import * -from uuid import uuid4 - - -def test_update_not_exist_meta_rule_error(db): - # set not existing meta rule and expect to raise and error - with pytest.raises(MetaRuleUnknown) as exception_info: - meta_rule_helper.update_meta_rule(meta_rule_id=None) - assert str(exception_info.value) == '400: Meta Rule Unknown' - - -def test_update_meta_rule_connected_with_policy_and_rule(): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1", - model_name="model1") - subject_data_id = mock_data.create_subject_data(policy_id=policy_id, - category_id=subject_category_id) - object_data_id = mock_data.create_object_data(policy_id=policy_id, - category_id=object_category_id) - action_data_id = mock_data.create_action_data(policy_id=policy_id, - category_id=action_category_id) - - value = { - "rule": (subject_data_id, object_data_id, action_data_id), - "instructions": ({"decision": "grant"}), - "enabled": "", - } - - rules = policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) - assert rules - assert len(rules) == 1 - - action_category_id = mock_data.create_action_category("action_category_id2") - subject_category_id = mock_data.create_subject_category("subject_category_id2") - object_category_id = mock_data.create_object_category("object_category_id2") - - updated_value = { - "name": "MLS_meta_rule", - "description": "test", - "subject_categories": [subject_category_id], - "object_categories": [object_category_id], - "action_categories": [action_category_id] - } - with pytest.raises(MetaRuleUpdateError) as exception_info: - updated_meta_rule = meta_rule_helper.update_meta_rule(meta_rule_id, updated_value) - assert str(exception_info.value) == '400: Meta_Rule Update Error' - - -def test_update_meta_rule_connected_with_policy(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1", - model_name="model1") - action_category_id = mock_data.create_action_category("action_category_id2") - subject_category_id = mock_data.create_subject_category("subject_category_id2") - object_category_id = mock_data.create_object_category("object_category_id2") - value = { - "name": "MLS_meta_rule", - "description": "test", - "subject_categories": [subject_category_id], - "object_categories": [object_category_id], - "action_categories": [action_category_id] - } - meta_rules = meta_rule_helper.add_meta_rule(value=value) - assert isinstance(meta_rules, dict) - assert meta_rules - assert len(meta_rules) is 1 - meta_rule_id = list(meta_rules.keys())[0] - for key in ( - "name", "description", "subject_categories", "object_categories", "action_categories"): - assert key in meta_rules[meta_rule_id] - assert meta_rules[meta_rule_id][key] == value[key] - - -def test_add_new_meta_rule_success(db): - action_category_id = mock_data.create_action_category("action_category_id1") - subject_category_id = mock_data.create_subject_category("subject_category_id1") - object_category_id = mock_data.create_object_category("object_category_id1") - value = { - "name": "MLS_meta_rule", - "description": "test", - "subject_categories": [subject_category_id], - "object_categories": [object_category_id], - "action_categories": [action_category_id] - } - meta_rules = meta_rule_helper.add_meta_rule(value=value) - assert isinstance(meta_rules, dict) - assert meta_rules - assert len(meta_rules) is 1 - meta_rule_id = list(meta_rules.keys())[0] - for key in ( - "name", "description", "subject_categories", "object_categories", "action_categories"): - assert key in meta_rules[meta_rule_id] - assert meta_rules[meta_rule_id][key] == value[key] - - -def test_meta_rule_with_blank_name(db): - action_category_id = mock_data.create_action_category(uuid4().hex) - subject_category_id = mock_data.create_subject_category(uuid4().hex) - object_category_id = mock_data.create_object_category(uuid4().hex) - value = { - "name": "", - "description": "test", - "subject_categories": [subject_category_id], - "object_categories": [object_category_id], - "action_categories": [action_category_id] - } - with pytest.raises(MetaRuleContentError) as exception_info: - meta_rule_helper.add_meta_rule(value=value) - assert str(exception_info.value) == '400: Meta Rule Error' - - -def test_update_meta_rule_success(db): - # arrange - meta_rules = meta_rule_helper.add_meta_rule() - meta_rule_id = list(meta_rules.keys())[0] - action_category_id = mock_data.create_action_category("action_category_id2") - subject_category_id = mock_data.create_subject_category("subject_category_id2") - object_category_id = mock_data.create_object_category("object_category_id2") - updated_value = { - "name": "MLS_meta_rule", - "description": "test", - "subject_categories": [subject_category_id], - "object_categories": [object_category_id], - "action_categories": [action_category_id] - } - # action - updated_meta_rule = meta_rule_helper.update_meta_rule(meta_rule_id, updated_value) - # assert - updated_meta_rule_id = list(updated_meta_rule.keys())[0] - assert updated_meta_rule_id == meta_rule_id - assert updated_meta_rule[updated_meta_rule_id]["subject_categories"] == updated_value[ - "subject_categories"] - - -def test_update_meta_rule_with_existed_categories_combination(db): - action_category_id1 = mock_data.create_action_category(uuid4().hex) - subject_category_id1 = mock_data.create_subject_category(uuid4().hex) - object_category_id1 = mock_data.create_object_category(uuid4().hex) - meta_rule_name1=uuid4().hex - value1 = { - "name": meta_rule_name1, - "description": "test", - "subject_categories": [subject_category_id1], - "object_categories": [object_category_id1], - "action_categories": [action_category_id1] - } - meta_rules = meta_rule_helper.add_meta_rule(value=value1) - - action_category_id2 = mock_data.create_action_category(uuid4().hex) - subject_category_id2 = mock_data.create_subject_category(uuid4().hex) - object_category_id2 = mock_data.create_object_category(uuid4().hex) - meta_rule_name2 = uuid4().hex - value2 = { - "name": meta_rule_name2, - "description": "test", - "subject_categories": [subject_category_id2], - "object_categories": [object_category_id2], - "action_categories": [action_category_id2] - } - meta_rules = meta_rule_helper.add_meta_rule(value=value2) - meta_rule_id2 = list(meta_rules.keys())[0] - value1['name']=value2['name'] - with pytest.raises(MetaRuleExisting) as exception_info: - updated_meta_rule = meta_rule_helper.update_meta_rule(meta_rule_id2, value1) - assert str(exception_info.value) == '409: Meta Rule Existing' - assert exception_info.value.description=="Same categories combination existed" - - -def test_update_meta_rule_with_different_categories_combination_but_same_data(db): - action_category_id1 = mock_data.create_action_category(uuid4().hex) - subject_category_id1 = mock_data.create_subject_category(uuid4().hex) - object_category_id1 = mock_data.create_object_category(uuid4().hex) - meta_rule_name1=uuid4().hex - value1 = { - "name": meta_rule_name1, - "description": "test", - "subject_categories": [subject_category_id1], - "object_categories": [object_category_id1], - "action_categories": [action_category_id1] - } - meta_rules = meta_rule_helper.add_meta_rule(value=value1) - - action_category_id2 = mock_data.create_action_category(uuid4().hex) - subject_category_id2 = mock_data.create_subject_category(uuid4().hex) - object_category_id2 = mock_data.create_object_category(uuid4().hex) - meta_rule_name2 = uuid4().hex - value2 = { - "name": meta_rule_name2, - "description": "test", - "subject_categories": [subject_category_id2], - "object_categories": [object_category_id2], - "action_categories": [action_category_id2] - } - meta_rules = meta_rule_helper.add_meta_rule(value=value2) - meta_rule_id2 = list(meta_rules.keys())[0] - value1['name']=value2['name'] - value1['object_categories']+=[object_category_id1] - updated_meta_rule = meta_rule_helper.update_meta_rule(meta_rule_id2, value1) - assert meta_rule_id2 in updated_meta_rule - - -def test_add_existing_meta_rule_error(db): - action_category_id = mock_data.create_action_category("action_category_id3") - subject_category_id = mock_data.create_subject_category("subject_category_id3") - object_category_id = mock_data.create_object_category("object_category_id3") - value = { - "name": "MLS_meta_rule", - "description": "test", - "subject_categories": [subject_category_id], - "object_categories": [object_category_id], - "action_categories": [action_category_id] - } - meta_rules = meta_rule_helper.add_meta_rule(value=value) - meta_rule_id = list(meta_rules.keys())[0] - with pytest.raises(MetaRuleExisting) as exception_info: - meta_rule_helper.add_meta_rule(meta_rule_id=meta_rule_id) - assert str(exception_info.value) == '409: Meta Rule Existing' - - -def test_add_meta_rule_with_existing_name_error(db): - action_category_id = mock_data.create_action_category(uuid4().hex) - subject_category_id = mock_data.create_subject_category(uuid4().hex) - object_category_id = mock_data.create_object_category(uuid4().hex) - name = uuid4().hex - value = { - "name": name, - "description": "test", - "subject_categories": [subject_category_id], - "object_categories": [object_category_id], - "action_categories": [action_category_id] - } - meta_rule_helper.add_meta_rule(value=value) - action_category_id = mock_data.create_action_category(uuid4().hex) - subject_category_id = mock_data.create_subject_category(uuid4().hex) - object_category_id = mock_data.create_object_category(uuid4().hex) - value = { - "name": name, - "description": 'test', - "subject_categories": [subject_category_id], - "object_categories": [object_category_id], - "action_categories": [action_category_id] - } - with pytest.raises(MetaRuleExisting) as exception_info: - meta_rule_helper.add_meta_rule(value=value) - assert str(exception_info.value) == '409: Meta Rule Existing' - assert exception_info.value.description == 'The meta rule already exists.' - - -def test_add_meta_rule_with_existing_categories_combination(db): - action_category_id = mock_data.create_action_category(uuid4().hex) - subject_category_id = mock_data.create_subject_category(uuid4().hex) - object_category_id = mock_data.create_object_category(uuid4().hex) - name = uuid4().hex - value = { - "name": name, - "description": "test", - "subject_categories": [subject_category_id], - "object_categories": [object_category_id], - "action_categories": [action_category_id] - } - meta_rule_helper.add_meta_rule(value=value) - value['name'] = uuid4().hex - with pytest.raises(MetaRuleExisting) as exception_info: - meta_rule_helper.add_meta_rule(value=value) - assert str(exception_info.value) == '409: Meta Rule Existing' - assert exception_info.value.description == "Same categories combination existed" - - -def test_add_meta_rule_with_different_categories_combination_but_same_data(db): - action_category_id = mock_data.create_action_category(uuid4().hex) - subject_category_id = mock_data.create_subject_category(uuid4().hex) - object_category_id1 = mock_data.create_object_category(uuid4().hex) - object_category_id2 = mock_data.create_object_category(uuid4().hex) - - name1 = uuid4().hex - value = { - "name": name1, - "description": "test", - "subject_categories": [subject_category_id], - "object_categories": [object_category_id1], - "action_categories": [action_category_id] - } - meta_rule_helper.add_meta_rule(value=value) - name2 = uuid4().hex - value['name'] = name2 - value['object_categories'] += [object_category_id2] - meta_rules = meta_rule_helper.add_meta_rule(value=value) - bool_found_meta_rule = 0 - for meta_rule_id in meta_rules: - if meta_rules[meta_rule_id]['name'] == name2: - bool_found_meta_rule = 1 - break - assert bool_found_meta_rule - - -def test_get_meta_rule_success(db): - # arrange - action_category_id = mock_data.create_action_category("action_type") - subject_category_id = mock_data.create_subject_category("user_security_level") - object_category_id = mock_data.create_object_category("vm_security_level") - values = {} - value1 = { - "name": "MLS_meta_rule", - "description": "test", - "subject_categories": [subject_category_id], - "object_categories": [object_category_id], - "action_categories": [action_category_id] - } - meta_rules1 = meta_rule_helper.add_meta_rule(value=value1) - meta_rule_id1 = list(meta_rules1.keys())[0] - values[meta_rule_id1] = value1 - action_category_id = mock_data.create_action_category("action_type2") - subject_category_id = mock_data.create_subject_category("user_security_level2") - object_category_id = mock_data.create_object_category("vm_security_level2") - value2 = { - "name": "rbac_meta_rule", - "description": "test", - "subject_categories": [subject_category_id], - "object_categories": [object_category_id], - "action_categories": [action_category_id] - } - meta_rules2 = meta_rule_helper.add_meta_rule(value=value2) - meta_rule_id2 = list(meta_rules2.keys())[0] - values[meta_rule_id2] = value2 - - # action - meta_rules = meta_rule_helper.get_meta_rules() - # assert - assert isinstance(meta_rules, dict) - assert meta_rules - assert len(meta_rules) is 2 - for meta_rule_id in meta_rules: - for key in ( - "name", "description", "subject_categories", "object_categories", "action_categories"): - assert key in meta_rules[meta_rule_id] - assert meta_rules[meta_rule_id][key] == values[meta_rule_id][key] - - -def test_get_specific_meta_rule_success(db): - # arrange - added_meta_rules = meta_rule_helper.add_meta_rule() - added_meta_rule_id = list(added_meta_rules.keys())[0] - # action - meta_rules = meta_rule_helper.get_meta_rules(meta_rule_id=added_meta_rule_id) - meta_rule_id = list(meta_rules.keys())[0] - # assert - assert meta_rule_id == added_meta_rule_id - for key in ( - "name", "description", "subject_categories", "object_categories", "action_categories"): - assert key in meta_rules[meta_rule_id] - assert meta_rules[meta_rule_id][key] == added_meta_rules[added_meta_rule_id][key] - - -def test_delete_meta_rules_success(db): - action_category_id = mock_data.create_action_category("action_type") - subject_category_id = mock_data.create_subject_category("user_security_level") - object_category_id = mock_data.create_object_category("vm_security_level") - # arrange - value1 = { - "name": "MLS_meta_rule", - "description": "test", - "subject_categories": [subject_category_id], - "object_categories": [object_category_id], - "action_categories": [action_category_id] - } - meta_rules1 = meta_rule_helper.add_meta_rule(value=value1) - meta_rule_id1 = list(meta_rules1.keys())[0] - - # action - meta_rule_helper.delete_meta_rules(meta_rule_id1) - # assert - meta_rules = meta_rule_helper.get_meta_rules() - assert meta_rule_id1 not in meta_rules - - -def test_delete_meta_rules_with_model(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() - - with pytest.raises(DeleteMetaRuleWithModel) as exception_info: - meta_rule_helper.delete_meta_rules(meta_rule_id) - assert str(exception_info.value) == '400: Meta rule With Model Error' - - -def test_delete_invalid_meta_rules_error(db): - with pytest.raises(MetaRuleUnknown) as exception_info: - meta_rule_helper.delete_meta_rules("INVALID_META_RULE_ID") - assert str(exception_info.value) == '400: Meta Rule Unknown' diff --git a/python_moondb/tests/unit_python/models/test_models.py b/python_moondb/tests/unit_python/models/test_models.py deleted file mode 100644 index 1b171069..00000000 --- a/python_moondb/tests/unit_python/models/test_models.py +++ /dev/null @@ -1,622 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import pytest -from python_moonutilities.exceptions import * -import logging -import helpers.mock_data as mock_data -import helpers.model_helper as model_helper -import helpers.category_helper as category_helper -import helpers.policy_helper as policy_helper -import helpers.assignment_helper as assignment_helper -from uuid import uuid4 - -logger = logging.getLogger("moon.db.tests.test_model") - - -def test_get_models_empty(db): - # act - models = model_helper.get_models() - # assert - assert isinstance(models, dict) - assert not models - - -def test_get_model(db): - # prepare - model_helper.add_model(model_id="mls_model_id") - # act - models = model_helper.get_models() - # assert - assert isinstance(models, dict) - assert models # assert model is not empty - assert len(models) is 1 - model_helper.delete_all_models() - - -def test_get_specific_model(db): - # prepare - model_helper.add_model(model_id="mls_model_id") - # act - models = model_helper.get_models(model_id="mls_model_id") - # assert - assert isinstance(models, dict) - assert models # assert model is not empty - assert len(models) is 1 - model_helper.delete_all_models() - - -def test_add_model(db): - # act - model = model_helper.add_model() - # assert - assert isinstance(model, dict) - assert model # assert model is not empty - assert len(model) is 1 - model_helper.delete_all_models() - - -def test_add_same_model_twice(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id = mock_data.create_new_meta_rule( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1") - value = { - "name": "model1", - "description": "test", - "meta_rules": [meta_rule_id] - } - # prepare - model_helper.add_model(model_id="model_1", value=value) # add model twice - # act - subject_category_id, object_category_id, action_category_id, meta_rule_id = mock_data.create_new_meta_rule( - subject_category_name="subject_category2", - object_category_name="object_category2", - action_category_name="action_category2", - meta_rule_name="meta_rule_2") - value = { - "name": "model2", - "description": "test", - "meta_rules": [meta_rule_id] - } - with pytest.raises(ModelExisting) as exception_info: - model_helper.add_model(model_id="model_1", value=value) - model_helper.delete_all_models() - assert str(exception_info.value) == '409: Model Error' - - -def test_add_model_generate_new_uuid(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id1 = mock_data.create_new_meta_rule( - subject_category_name="subject_category3", - object_category_name="object_category3", - action_category_name="action_category3", - meta_rule_name="meta_rule_3") - model_value1 = { - "name": "MLS", - "description": "test", - "meta_rules": [meta_rule_id1] - } - model1 = model_helper.add_model(value=model_value1) - subject_category_id, object_category_id, action_category_id, meta_rule_id2 = mock_data.create_new_meta_rule( - subject_category_name="subject_category4", - object_category_name="object_category4", - action_category_name="action_category4", - meta_rule_name="meta_rule_4") - model_value2 = { - "name": "rbac", - "description": "test", - "meta_rules": [meta_rule_id2] - } - model2 = model_helper.add_model(value=model_value2) - - assert list(model1)[0] != list(model2)[0] - model_helper.delete_all_models() - - -def test_add_models(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id = mock_data.create_new_meta_rule( - subject_category_name="subject_category5", - object_category_name="object_category5", - action_category_name="action_category5") - model_value1 = { - "name": "MLS", - "description": "test", - "meta_rules": [meta_rule_id] - } - models = model_helper.add_model(value=model_value1) - assert isinstance(models, dict) - assert models - assert len(models.keys()) == 1 - model_id = list(models.keys())[0] - for key in ("name", "meta_rules", "description"): - assert key in models[model_id] - assert models[model_id][key] == model_value1[key] - model_helper.delete_all_models() - - -def test_add_models_with_same_name_twice(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id = mock_data.create_new_meta_rule( - subject_category_name="subject_category5", - object_category_name="object_category5", - action_category_name="action_category5") - model_value1 = { - "name": "MLS", - "description": "test", - "meta_rules": [meta_rule_id] - } - models = model_helper.add_model(value=model_value1) - assert isinstance(models, dict) - assert models - with pytest.raises(Exception) as exception_info: - model_helper.add_model(value=model_value1) - model_helper.delete_all_models() - assert str(exception_info.value) == '409: Model Error' - -def test_add_model_with_existed_meta_rules_list(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id = mock_data.create_new_meta_rule( - subject_category_name=uuid4().hex, - object_category_name=uuid4().hex, - action_category_name=uuid4().hex) - model_value1 = { - "name": uuid4().hex, - "description": "test", - "meta_rules": [meta_rule_id] - } - models = model_helper.add_model(value=model_value1) - assert isinstance(models, dict) - assert models - model_value1 = { - "name": uuid4().hex, - "description": "test", - "meta_rules": [meta_rule_id] - } - with pytest.raises(Exception) as exception_info: - model_helper.add_model(value=model_value1) - model_helper.delete_all_models() - assert str(exception_info.value) == '409: Model Error' - assert str(exception_info.value.description)=='Meta Rules List Existed in another Model' - - -def test_delete_models(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id1 = mock_data.create_new_meta_rule( - subject_category_name="subject_category6", - object_category_name="object_category6", - action_category_name="action_category6", - meta_rule_name="meta_rule_6") - model_value1 = { - "name": "MLS", - "description": "test", - "meta_rules": [meta_rule_id1] - } - model1 = model_helper.add_model(value=model_value1) - subject_category_id, object_category_id, action_category_id, meta_rule_id2 = mock_data.create_new_meta_rule( - subject_category_name="subject_category7", - object_category_name="object_category7", - action_category_name="action_category7", - meta_rule_name="meta_rule_7") - model_value2 = { - "name": "rbac", - "description": "test", - "meta_rules": [meta_rule_id2] - } - model_helper.add_model(value=model_value2) - - id = list(model1)[0] - model_helper.delete_models(id) - # assert - models = model_helper.get_models() - assert id not in models - model_helper.delete_all_models() - - -def test_update_model(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id1 = mock_data.create_new_meta_rule( - subject_category_name="subject_category8", - object_category_name="object_category8", - action_category_name="action_category8", - meta_rule_name="meta_rule_8") - # prepare - model_value = { - "name": "MLS", - "description": "test", - "meta_rules": [meta_rule_id1] - } - model = model_helper.add_model(value=model_value) - model_id = list(model)[0] - subject_category_id, object_category_id, action_category_id, meta_rule_id2 = mock_data.create_new_meta_rule( - subject_category_name="subject_category9", - object_category_name="object_category9", - action_category_name="action_category9", - meta_rule_name="meta_rule_9") - new_model_value = { - "name": "MLS2", - "description": "test", - "meta_rules": [meta_rule_id2] - } - # act - model_helper.update_model(model_id=model_id, value=new_model_value) - # assert - model = model_helper.get_models(model_id) - - for key in ("name", "meta_rules", "description"): - assert key in model[model_id] - assert model[model_id][key] == new_model_value[key] - model_helper.delete_all_models() - - -def test_delete_model_assigned_to_policy(db): - model_value1 = { - "name": "MLS", - "description": "test", - "meta_rules": [] - } - models = model_helper.add_model(value=model_value1) - assert isinstance(models, dict) - assert models - assert len(models.keys()) == 1 - model_id = list(models.keys())[0] - value = { - "name": "test_policy", - "model_id": model_id, - "genre": "authz", - "description": "test", - } - policy_helper.add_policies(value=value) - with pytest.raises(DeleteModelWithPolicy) as exception_info: - model_helper.delete_models(uuid=model_id) - assert str(exception_info.value) == '400: Model With Policy Error' - - -def test_add_subject_category(db): - category_id = "category_id1" - value = { - "name": "subject_category", - "description": "description subject_category" - } - subject_category = category_helper.add_subject_category(category_id, value) - assert subject_category - assert len(subject_category) == 1 - - -def test_add_subject_categories_with_existed_name(db): - name = uuid4().hex - value = { - "name": name, - "description": "description subject_category" - } - subject_category = category_helper.add_subject_category(value=value) - assert subject_category - assert len(subject_category) == 1 - - value = { - "name": name, - "description": "description subject_category" - } - with pytest.raises(SubjectCategoryExisting) as exception_info: - category_helper.add_subject_category(value=value) - assert str(exception_info.value) == '409: Subject Category Existing' - - -def test_add_subject_category_with_empty_name(db): - category_id = "category_id1" - value = { - "name": "", - "description": "description subject_category" - } - with pytest.raises(CategoryNameInvalid) as exception_info: - category_helper.add_subject_category(category_id, value) - assert str(exception_info.value) == '400: Category Name Invalid' - - -def test_add_subject_category_with_same_category_id(db): - category_id = "category_id1" - value = { - "name": "subject_category", - "description": "description subject_category" - } - category_helper.add_subject_category(category_id, value) - with pytest.raises(SubjectCategoryExisting) as exception_info: - category_helper.add_subject_category(category_id, value) - assert str(exception_info.value) == '409: Subject Category Existing' - - -def test_get_subject_category(db): - category_id = "category_id1" - value = { - "name": "subject_category", - "description": "description subject_category" - } - category_helper.add_subject_category(category_id, value) - subject_category = category_helper.get_subject_category(category_id) - assert subject_category - assert len(subject_category) == 1 - - -def test_delete_subject_category(db): - category_id = "category_id1" - value = { - "name": "subject_category", - "description": "description subject_category" - } - category_helper.add_subject_category(category_id, value) - subject_category = category_helper.delete_subject_category(category_id) - assert not subject_category - - -def test_delete_subject_category_with_data(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() - - mock_data.create_subject_data(policy_id, subject_category_id) - - with pytest.raises(DeleteSubjectCategoryWithMetaRule) as exception_info: - category_helper.delete_subject_category(subject_category_id) - assert str(exception_info.value) == '400: Subject Category With Meta Rule Error' - - -def test_delete_subject_category_with_assignment(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() - - subject_id = mock_data.create_subject(policy_id) - data_id = mock_data.create_subject_data(policy_id, subject_category_id) - assignment_helper.add_subject_assignment(policy_id, subject_id, subject_category_id, data_id) - - with pytest.raises(DeleteSubjectCategoryWithMetaRule) as exception_info: - category_helper.delete_subject_category(subject_category_id) - assert str(exception_info.value) == '400: Subject Category With Meta Rule Error' - - -def test_delete_subject_category_with_rule(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() - policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id) - - with pytest.raises(DeleteSubjectCategoryWithMetaRule) as exception_info: - category_helper.delete_subject_category(subject_category_id) - assert str(exception_info.value) == '400: Subject Category With Meta Rule Error' - - -def test_delete_subject_category_with_unkown_category_id(db): - category_id = "invalid_category_id" - - with pytest.raises(SubjectCategoryUnknown) as exception_info: - category_helper.delete_subject_category(category_id) - assert str(exception_info.value) == '400: Subject Category Unknown' - - -def test_add_object_category(db): - category_id = "category_id1" - value = { - "name": "object_category", - "description": "description object_category" - } - object_category = category_helper.add_object_category(category_id, value) - assert object_category - assert len(object_category) == 1 - - -def test_add_object_categories_with_existed_name(db): - name = uuid4().hex - value = { - "name": name, - "description": "description object_category" - } - object_category = category_helper.add_object_category(value=value) - assert object_category - assert len(object_category) == 1 - with pytest.raises(ObjectCategoryExisting) as exception_info: - category_helper.add_object_category(value=value) - assert str(exception_info.value) == '409: Object Category Existing' - - -def test_add_object_category_with_same_category_id(db): - category_id = "category_id1" - value = { - "name": "object_category", - "description": "description object_category" - } - category_helper.add_object_category(category_id, value) - with pytest.raises(ObjectCategoryExisting) as exception_info: - category_helper.add_object_category(category_id, value) - assert str(exception_info.value) == '409: Object Category Existing' - - -def test_add_object_category_with_empty_name(db): - category_id = "category_id1" - value = { - "name": "", - "description": "description object_category" - } - with pytest.raises(CategoryNameInvalid) as exception_info: - category_helper.add_object_category(category_id, value) - assert str(exception_info.value) == '400: Category Name Invalid' - - -def test_get_object_category(db): - category_id = "category_id1" - value = { - "name": "object_category", - "description": "description object_category" - } - category_helper.add_object_category(category_id, value) - object_category = category_helper.get_object_category(category_id) - assert object_category - assert len(object_category) == 1 - - -def test_delete_object_category(db): - category_id = "category_id1" - value = { - "name": "object_category", - "description": "description object_category" - } - category_helper.add_object_category(category_id, value) - object_category = category_helper.delete_object_category(category_id) - assert not object_category - - -def test_delete_object_category_with_data(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() - mock_data.create_subject_data(policy_id, subject_category_id) - - mock_data.create_object_data(policy_id, object_category_id) - - with pytest.raises(DeleteObjectCategoryWithMetaRule) as exception_info: - category_helper.delete_object_category(object_category_id) - assert str(exception_info.value) == '400: Object Category With Meta Rule Error' - - -def test_delete_object_category_with_assignment(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() - - object_id = mock_data.create_object(policy_id) - data_id = mock_data.create_object_data(policy_id, object_category_id) - assignment_helper.add_object_assignment(policy_id, object_id, object_category_id, data_id) - - with pytest.raises(DeleteObjectCategoryWithMetaRule) as exception_info: - category_helper.delete_object_category(object_category_id) - assert str(exception_info.value) == '400: Object Category With Meta Rule Error' - - -def test_delete_object_category_with_rule(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() - policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id) - - with pytest.raises(DeleteObjectCategoryWithMetaRule) as exception_info: - category_helper.delete_object_category(object_category_id) - assert str(exception_info.value) == '400: Object Category With Meta Rule Error' - - -def test_delete_object_category_with_unkown_category_id(db): - category_id = "invalid_category_id" - - with pytest.raises(ObjectCategoryUnknown) as exception_info: - category_helper.delete_object_category(category_id) - assert str(exception_info.value) == '400: Object Category Unknown' - - -def test_add_action_category(db): - category_id = "category_id1" - value = { - "name": "action_category", - "description": "description action_category" - } - action_category = category_helper.add_action_category(category_id, value) - assert action_category - assert len(action_category) == 1 - - -def test_add_action_categories_with_existed_name(db): - name = uuid4().hex - value = { - "name": name, - "description": "description action_category" - } - action_category = category_helper.add_action_category(value=value) - assert action_category - assert len(action_category) == 1 - with pytest.raises(ActionCategoryExisting) as exception_info: - category_helper.add_action_category(value=value) - assert str(exception_info.value) == '409: Action Category Existing' - - -def test_add_action_category_with_same_category_id(db): - category_id = "category_id1" - value = { - "name": "action_category", - "description": "description action_category" - } - category_helper.add_action_category(category_id, value) - with pytest.raises(ActionCategoryExisting) as exception_info: - category_helper.add_action_category(category_id, value) - assert str(exception_info.value) == '409: Action Category Existing' - - -def test_add_action_category_with_empty_name(db): - category_id = "category_id1" - value = { - "name": "", - "description": "description action_category" - } - with pytest.raises(CategoryNameInvalid) as exception_info: - category_helper.add_action_category(category_id, value) - assert str(exception_info.value) == '400: Category Name Invalid' - - -def test_get_action_category(db): - category_id = "category_id1" - value = { - "name": "action_category", - "description": "description action_category" - } - category_helper.add_action_category(category_id, value) - action_category = category_helper.get_action_category(category_id) - assert action_category - assert len(action_category) == 1 - - -def test_delete_action_category(db): - category_id = "category_id1" - value = { - "name": "action_category", - "description": "description action_category" - } - category_helper.add_action_category(category_id, value) - action_category = category_helper.delete_action_category(category_id) - assert not action_category - - -def test_delete_action_category_with_data(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() - mock_data.create_subject_data(policy_id, subject_category_id) - - mock_data.create_action_data(policy_id, action_category_id) - - with pytest.raises(DeleteActionCategoryWithMetaRule) as exception_info: - category_helper.delete_action_category(action_category_id) - assert str(exception_info.value) == '400: Action Category With Meta Rule Error' - - -def test_delete_action_category_with_assignment(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() - - action_id = mock_data.create_action(policy_id) - data_id = mock_data.create_action_data(policy_id, action_category_id) - assignment_helper.add_action_assignment(policy_id, action_id, action_category_id, data_id) - - with pytest.raises(DeleteActionCategoryWithMetaRule) as exception_info: - category_helper.delete_action_category(action_category_id) - assert str(exception_info.value) == '400: Action Category With Meta Rule Error' - - -def test_delete_action_category_with_rule(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() - policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id) - - with pytest.raises(DeleteActionCategoryWithMetaRule) as exception_info: - category_helper.delete_action_category(action_category_id) - assert str(exception_info.value) == '400: Action Category With Meta Rule Error' - - -def test_delete_action_category_with_unkown_category_id(db): - category_id = "invalid_category_id" - - with pytest.raises(ActionCategoryUnknown) as exception_info: - category_helper.delete_action_category(category_id) - assert str(exception_info.value) == '400: Action Category Unknown' - - -def test_delete_data_categories_connected_to_meta_rule(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() - with pytest.raises(DeleteSubjectCategoryWithMetaRule) as exception_info: - category_helper.delete_subject_category(subject_category_id) - assert str(exception_info.value) == '400: Subject Category With Meta Rule Error' - - with pytest.raises(DeleteObjectCategoryWithMetaRule) as exception_info: - category_helper.delete_object_category(object_category_id) - assert str(exception_info.value) == '400: Object Category With Meta Rule Error' - - with pytest.raises(DeleteActionCategoryWithMetaRule) as exception_info: - category_helper.delete_action_category(action_category_id) - assert str(exception_info.value) == '400: Action Category With Meta Rule Error' diff --git a/python_moondb/tests/unit_python/policies/__init__.py b/python_moondb/tests/unit_python/policies/__init__.py deleted file mode 100644 index e69de29b..00000000 diff --git a/python_moondb/tests/unit_python/policies/mock_data.py b/python_moondb/tests/unit_python/policies/mock_data.py deleted file mode 100644 index 47fc9f9e..00000000 --- a/python_moondb/tests/unit_python/policies/mock_data.py +++ /dev/null @@ -1,74 +0,0 @@ -import helpers.model_helper as model_helper -import helpers.meta_rule_helper as meta_rule_helper -import helpers.policy_helper as policy_helper -import helpers.category_helper as category_helper - - -def create_meta_rule(meta_rule_name="meta_rule1", category_prefix=""): - meta_rule_value = { - "name": meta_rule_name, - "algorithm": "name of the meta rule algorithm", - "subject_categories": [category_prefix + "subject_category_id1", - category_prefix + "subject_category_id2"], - "object_categories": [category_prefix + "object_category_id1"], - "action_categories": [category_prefix + "action_category_id1"] - } - return meta_rule_value - - -def create_model(meta_rule_id, model_name="test_model"): - value = { - "name": model_name, - "description": "test", - "meta_rules": [meta_rule_id] - - } - return value - - -def create_policy(model_id, policy_name="policy_1"): - value = { - "name": policy_name, - "model_id": model_id, - "genre": "authz", - "description": "test", - } - return value - - -def create_pdp(pdp_ids): - value = { - "name": "test_pdp", - "security_pipeline": pdp_ids, - "keystone_project_id": "keystone_project_id1", - "description": "...", - } - return value - - -def get_policy_id(model_name="test_model", policy_name="policy_1", meta_rule_name="meta_rule1", category_prefix=""): - category_helper.add_subject_category( - category_prefix + "subject_category_id1", - value={"name": category_prefix + "subject_category_id1", - "description": "description 1"}) - category_helper.add_subject_category( - category_prefix + "subject_category_id2", - value={"name": category_prefix + "subject_category_id2", - "description": "description 1"}) - category_helper.add_object_category( - category_prefix + "object_category_id1", - value={"name": category_prefix + "object_category_id1", - "description": "description 1"}) - category_helper.add_action_category( - category_prefix + "action_category_id1", - value={"name": category_prefix + "action_category_id1", - "description": "description 1"}) - meta_rule = meta_rule_helper.add_meta_rule(value=create_meta_rule(meta_rule_name, category_prefix)) - meta_rule_id = list(meta_rule.keys())[0] - model = model_helper.add_model(value=create_model(meta_rule_id, model_name)) - model_id = list(model.keys())[0] - value = create_policy(model_id, policy_name) - policy = policy_helper.add_policies(value=value) - assert policy - policy_id = list(policy.keys())[0] - return policy_id diff --git a/python_moondb/tests/unit_python/policies/test_assignments.py b/python_moondb/tests/unit_python/policies/test_assignments.py deleted file mode 100755 index 24a3a7b0..00000000 --- a/python_moondb/tests/unit_python/policies/test_assignments.py +++ /dev/null @@ -1,235 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import helpers.mock_data as mock_data -import helpers.assignment_helper as assignment_helper -from python_moonutilities.exceptions import * -import pytest - - -def test_get_action_assignments(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1") - action_id = mock_data.create_action(policy_id) - data_id = mock_data.create_action_data(policy_id=policy_id, category_id=action_category_id) - - assignment_helper.add_action_assignment(policy_id, action_id, action_category_id, data_id) - act_assignments = assignment_helper.get_action_assignments(policy_id, action_id, - action_category_id) - action_id_1 = list(act_assignments.keys())[0] - assert act_assignments[action_id_1]["policy_id"] == policy_id - assert act_assignments[action_id_1]["action_id"] == action_id - assert act_assignments[action_id_1]["category_id"] == action_category_id - assert len(act_assignments[action_id_1].get("assignments")) == 1 - assert data_id in act_assignments[action_id_1].get("assignments") - - -def test_add_action_assignments(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1") - action_id = mock_data.create_action(policy_id) - data_id = mock_data.create_action_data(policy_id=policy_id, category_id=action_category_id) - action_assignments = assignment_helper.add_action_assignment(policy_id, action_id, - action_category_id, data_id) - assert action_assignments - action_id_1 = list(action_assignments.keys())[0] - assert action_assignments[action_id_1]["policy_id"] == policy_id - assert action_assignments[action_id_1]["action_id"] == action_id - assert action_assignments[action_id_1]["category_id"] == action_category_id - assert len(action_assignments[action_id_1].get("assignments")) == 1 - assert data_id in action_assignments[action_id_1].get("assignments") - - with pytest.raises(ActionAssignmentExisting) as exception_info: - assignment_helper.add_action_assignment(policy_id, action_id, action_category_id, data_id) - assert str(exception_info.value) == '409: Action Assignment Existing' - assert str(exception_info.value.description) == 'The given action assignment value is existing.' - - -def test_delete_action_assignment(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1") - action_id = mock_data.create_action(policy_id) - data_id = mock_data.create_action_data(policy_id=policy_id, category_id=action_category_id) - assignment_helper.add_action_assignment(policy_id, action_id, action_category_id, data_id) - assignment_helper.delete_action_assignment(policy_id, "", "", "") - assignments = assignment_helper.get_action_assignments(policy_id, ) - assert len(assignments) == 1 - - -def test_delete_action_assignment_with_invalid_policy_id(db): - policy_id = "invalid_id" - assignment_helper.delete_action_assignment(policy_id, "", "", "") - assignments = assignment_helper.get_action_assignments(policy_id, ) - assert len(assignments) == 0 - - -def test_get_object_assignments(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1") - object_id = mock_data.create_object(policy_id) - data_id = mock_data.create_object_data(policy_id=policy_id, category_id=object_category_id) - assignment_helper.add_object_assignment(policy_id, object_id, object_category_id, data_id) - obj_assignments = assignment_helper.get_object_assignments(policy_id, object_id, - object_category_id) - object_id_1 = list(obj_assignments.keys())[0] - assert obj_assignments[object_id_1]["policy_id"] == policy_id - assert obj_assignments[object_id_1]["object_id"] == object_id - assert obj_assignments[object_id_1]["category_id"] == object_category_id - assert len(obj_assignments[object_id_1].get("assignments")) == 1 - assert data_id in obj_assignments[object_id_1].get("assignments") - - -def test_get_object_assignments_by_policy_id(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1") - object_id = mock_data.create_object(policy_id) - data_id = mock_data.create_object_data(policy_id=policy_id, category_id=object_category_id) - assignment_helper.add_object_assignment(policy_id, object_id, object_category_id, data_id) - obj_assignments = assignment_helper.get_object_assignments(policy_id) - assert len(obj_assignments) == 1 - - -def test_add_object_assignments(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1") - object_id = mock_data.create_object(policy_id) - data_id = mock_data.create_object_data(policy_id=policy_id, category_id=object_category_id) - object_assignments = assignment_helper.add_object_assignment(policy_id, object_id, - object_category_id, data_id) - assert object_assignments - object_id_1 = list(object_assignments.keys())[0] - assert object_assignments[object_id_1]["policy_id"] == policy_id - assert object_assignments[object_id_1]["object_id"] == object_id - assert object_assignments[object_id_1]["category_id"] == object_category_id - assert len(object_assignments[object_id_1].get("assignments")) == 1 - assert data_id in object_assignments[object_id_1].get("assignments") - - with pytest.raises(ObjectAssignmentExisting) as exception_info: - assignment_helper.add_object_assignment(policy_id, object_id, object_category_id, data_id) - assert str(exception_info.value) == '409: Object Assignment Existing' - assert str(exception_info.value.description) == 'The given object assignment value is existing.' - - -def test_delete_object_assignment(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1") - object_id = mock_data.create_object(policy_id) - data_id = mock_data.create_object_data(policy_id=policy_id, category_id=object_category_id) - assignment_helper.add_object_assignment(policy_id, object_id, object_category_id, data_id) - - assignment_helper.delete_object_assignment(policy_id, object_id, object_category_id, - data_id=data_id) - assignments = assignment_helper.get_object_assignments(policy_id) - assert len(assignments) == 0 - - -def test_delete_object_assignment_with_invalid_policy_id(db): - policy_id = "invalid_id" - assignment_helper.delete_object_assignment(policy_id, "", "", "") - assignments = assignment_helper.get_object_assignments(policy_id, ) - assert len(assignments) == 0 - - -def test_get_subject_assignments(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1") - subject_id = mock_data.create_subject(policy_id) - data_id = mock_data.create_subject_data(policy_id=policy_id, category_id=subject_category_id) - - assignment_helper.add_subject_assignment(policy_id, subject_id, subject_category_id, data_id) - subj_assignments = assignment_helper.get_subject_assignments(policy_id, subject_id, - subject_category_id) - subject_id_1 = list(subj_assignments.keys())[0] - assert subj_assignments[subject_id_1]["policy_id"] == policy_id - assert subj_assignments[subject_id_1]["subject_id"] == subject_id - assert subj_assignments[subject_id_1]["category_id"] == subject_category_id - assert len(subj_assignments[subject_id_1].get("assignments")) == 1 - assert data_id in subj_assignments[subject_id_1].get("assignments") - - -def test_get_subject_assignments_by_policy_id(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1") - subject_id = mock_data.create_subject(policy_id) - data_id = mock_data.create_subject_data(policy_id=policy_id, category_id=subject_category_id) - - assignment_helper.add_subject_assignment(policy_id, subject_id, subject_category_id, data_id) - subj_assignments = assignment_helper.get_subject_assignments(policy_id) - assert len(subj_assignments) == 1 - - -def test_add_subject_assignments(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1") - subject_id = mock_data.create_subject(policy_id) - data_id = mock_data.create_subject_data(policy_id=policy_id, category_id=subject_category_id) - - subject_assignments = assignment_helper.add_subject_assignment(policy_id, subject_id, - subject_category_id, data_id) - assert subject_assignments - subject_id_1 = list(subject_assignments.keys())[0] - assert subject_assignments[subject_id_1]["policy_id"] == policy_id - assert subject_assignments[subject_id_1]["subject_id"] == subject_id - assert subject_assignments[subject_id_1]["category_id"] == subject_category_id - assert len(subject_assignments[subject_id_1].get("assignments")) == 1 - assert data_id in subject_assignments[subject_id_1].get("assignments") - - with pytest.raises(SubjectAssignmentExisting) as exception_info: - assignment_helper.add_subject_assignment(policy_id, subject_id, subject_category_id, - data_id) - assert str(exception_info.value) == '409: Subject Assignment Existing' - assert str( - exception_info.value.description) == 'The given subject assignment value is existing.' - - -def test_delete_subject_assignment(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1") - subject_id = mock_data.create_subject(policy_id) - data_id = mock_data.create_subject_data(policy_id=policy_id, category_id=subject_category_id) - assignment_helper.add_subject_assignment(policy_id, subject_id, subject_category_id, data_id) - assignment_helper.delete_subject_assignment(policy_id, subject_id, subject_category_id, data_id) - assignments = assignment_helper.get_subject_assignments(policy_id) - assert len(assignments) == 0 - - -def test_delete_subject_assignment_with_invalid_policy_id(db): - policy_id = "invalid_id" - assignment_helper.delete_subject_assignment(policy_id, "", "", "") - assignments = assignment_helper.get_subject_assignments(policy_id, ) - assert len(assignments) == 0 diff --git a/python_moondb/tests/unit_python/policies/test_data.py b/python_moondb/tests/unit_python/policies/test_data.py deleted file mode 100755 index 8ce1ac00..00000000 --- a/python_moondb/tests/unit_python/policies/test_data.py +++ /dev/null @@ -1,707 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import helpers.mock_data as mock_data -import policies.mock_data -import helpers.data_helper as data_helper -import helpers.assignment_helper as assignment_helper -import pytest -from uuid import uuid4 -import logging -from python_moonutilities.exceptions import * - -logger = logging.getLogger("python_moondb.tests.api.test_data") - - -def test_get_action_data(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1") - value = { - "name": "action-type", - "description": {"vm-action": "", "storage-action": "", }, - } - action_data = data_helper.add_action_data(policy_id=policy_id, category_id=action_category_id, value=value) - data_id = list(action_data["data"])[0] - found_action_data = data_helper.get_action_data(policy_id=policy_id, data_id=data_id, - category_id=action_category_id) - assert found_action_data - assert len(found_action_data[0]["data"]) == 1 - - -def test_get_action_data_with_invalid_category_id(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1") - action_data = data_helper.get_action_data(policy_id=policy_id, category_id="invalid") - assert len(action_data) == 0 - - -def test_add_action_data(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1") - value = { - "name": "action-type", - "description": {"vm-action": "", "storage-action": "", }, - } - action_data = data_helper.add_action_data(policy_id=policy_id, category_id=action_category_id, value=value) - assert action_data - assert len(action_data['data']) == 1 - - -def test_add_action_data_duplicate(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1") - value = { - "name": "action-type", - "description": {"vm-action": "", "storage-action": "", }, - } - action_data = data_helper.add_action_data(policy_id=policy_id, category_id=action_category_id, value=value) - with pytest.raises(ActionScopeExisting) as exception_info: - action_data = data_helper.add_action_data(policy_id=policy_id, category_id=action_category_id, value=value) - assert str(exception_info.value) == '409: Action Scope Existing' - -def test_add_action_data_with_invalid_category_id(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1") - value = { - "name": "action-type", - "description": {"vm-action": "", "storage-action": "", }, - } - with pytest.raises(ActionCategoryUnknown) as exception_info: - data_helper.add_action_data(policy_id=policy_id, value=value).get('data') - assert str(exception_info.value) == '400: Action Category Unknown' - - -def test_delete_action_data(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1") - data_helper.get_available_metadata(policy_id) - value = { - "name": "action-type", - "description": {"vm-action": "", "storage-action": "", }, - } - action_data = data_helper.add_action_data(policy_id=policy_id, category_id=action_category_id, value=value) - data_id = list(action_data["data"])[0] - data_helper.delete_action_data(policy_id=policy_id, data_id=data_id) - new_action_data = data_helper.get_action_data(policy_id) - assert len(new_action_data[0]['data']) == 0 - - -def test_get_object_data(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1") - value = { - "name": "object-security-level", - "description": {"low": "", "medium": "", "high": ""}, - } - object_data = data_helper.add_object_data(policy_id=policy_id, category_id=object_category_id, value=value) - data_id = list(object_data["data"])[0] - found_object_data = data_helper.get_object_data(policy_id=policy_id, data_id=data_id, - category_id=object_category_id) - assert found_object_data - assert len(found_object_data[0]['data']) == 1 - - -def test_get_object_data_with_invalid_category_id(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1") - object_data = data_helper.get_object_data(policy_id=policy_id, category_id="invalid") - assert len(object_data) == 0 - - -def test_add_object_data(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1") - value = { - "name": "object-security-level", - "description": {"low": "", "medium": "", "high": ""}, - } - object_data = data_helper.add_object_data(policy_id=policy_id, category_id=object_category_id, value=value).get( - 'data') - assert object_data - object_data_id = list(object_data.keys())[0] - assert object_data[object_data_id].get('policy_id') == policy_id - - -def test_add_object_data_with_invalid_category_id(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1") - value = { - "name": "object-security-level", - "description": {"low": "", "medium": "", "high": ""}, - } - with pytest.raises(ObjectCategoryUnknown) as exception_info: - data_helper.add_object_data(policy_id=policy_id, category_id="invalid", value=value).get('data') - assert str(exception_info.value) == '400: Object Category Unknown' - - -def test_add_object_data_duplicate(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1") - value = { - "name": "object-security-level", - "description": {"low": "", "medium": "", "high": ""}, - } - object_data = data_helper.add_object_data(policy_id=policy_id, category_id=object_category_id, value=value).get( - 'data') - with pytest.raises(ObjectScopeExisting) as exception_info: - data_helper.add_object_data(policy_id=policy_id, category_id=object_category_id, value=value).get( - 'data') - assert str(exception_info.value) == '409: Object Scope Existing' - - -def test_delete_object_data(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1") - value = { - "name": "object-security-level", - "description": {"low": "", "medium": "", "high": ""}, - } - object_data = data_helper.add_object_data(policy_id=policy_id, category_id=object_category_id, value=value).get( - 'data') - object_data_id = list(object_data.keys())[0] - data_helper.delete_object_data(policy_id=object_data[object_data_id].get('policy_id'), data_id=object_data_id) - new_object_data = data_helper.get_object_data(policy_id) - assert len(new_object_data[0]['data']) == 0 - - -def test_get_subject_data(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1") - value = { - "name": "subject-security-level", - "description": {"low": "", "medium": "", "high": ""}, - } - subject_data = data_helper.add_subject_data(policy_id=policy_id, category_id=subject_category_id, value=value).get( - 'data') - subject_data_id = list(subject_data.keys())[0] - subject_data = data_helper.get_subject_data(policy_id, subject_data_id, subject_category_id) - assert subject_data - assert len(subject_data[0]['data']) == 1 - - -def test_get_subject_data_with_invalid_category_id(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1") - value = { - "name": "subject-security-level", - "description": {"low": "", "medium": "", "high": ""}, - } - subject_data = data_helper.add_subject_data(policy_id=policy_id, category_id=subject_category_id, value=value).get( - 'data') - subject_data_id = list(subject_data.keys())[0] - found_subject_data = data_helper.get_subject_data(policy_id, subject_data_id, "invalid") - assert len(found_subject_data) == 0 - - -def test_add_subject_data(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1") - value = { - "name": "subject-security-level", - "description": {"low": "", "medium": "", "high": ""}, - } - subject_data = data_helper.add_subject_data(policy_id=policy_id, category_id=subject_category_id, value=value).get( - 'data') - assert subject_data - subject_data_id = list(subject_data.keys())[0] - assert subject_data[subject_data_id].get('policy_id') == policy_id - - -def test_add_subject_data_with_no_category_id(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1") - value = { - "name": "subject-security-level", - "description": {"low": "", "medium": "", "high": ""}, - } - with pytest.raises(SubjectCategoryUnknown) as exception_info: - data_helper.add_subject_data(policy_id=policy_id, data_id=subject_category_id, value=value).get('data') - assert str(exception_info.value) == '400: Subject Category Unknown' - - -def test_add_subject_data_duplicate(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1") - value = { - "name": "subject-security-level", - "description": {"low": "", "medium": "", "high": ""}, - } - subject_data = data_helper.add_subject_data(policy_id=policy_id, category_id=subject_category_id, value=value).get( - 'data') - - with pytest.raises(SubjectScopeExisting) as exception_info: - subject_data = data_helper.add_subject_data(policy_id=policy_id, category_id=subject_category_id, - value=value).get('data') - assert str(exception_info.value) == '409: Subject Scope Existing' - - -def test_delete_subject_data(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1") - value = { - "name": "subject-security-level", - "description": {"low": "", "medium": "", "high": ""}, - } - subject_data = data_helper.add_subject_data(policy_id=policy_id, category_id=subject_category_id, value=value).get( - 'data') - subject_data_id = list(subject_data.keys())[0] - data_helper.delete_subject_data(policy_id=subject_data[subject_data_id].get('policy_id'), data_id=subject_data_id) - new_subject_data = data_helper.get_subject_data(policy_id) - assert len(new_subject_data[0]['data']) == 0 - - -def test_get_actions(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1") - value = { - "name": "test_action", - "description": "test", - } - data_helper.add_action(policy_id=policy_id, value=value) - actions = data_helper.get_actions(policy_id, ) - assert actions - assert len(actions) == 1 - action_id = list(actions.keys())[0] - assert actions[action_id].get('policy_list')[0] == policy_id - - -def test_add_action(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1") - value = { - "name": "test_action", - "description": "test", - } - action = data_helper.add_action(policy_id=policy_id, value=value) - assert action - action_id = list(action.keys())[0] - assert len(action[action_id].get('policy_list')) == 1 - - -def test_add_action_twice(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1") - value = { - "name": "test_action", - "description": "test", - } - data_helper.add_action(policy_id=policy_id, value=value) - with pytest.raises(PolicyExisting) as exception_info: - data_helper.add_action(policy_id=policy_id, value=value) - assert str(exception_info.value) == '409: Policy Already Exists' - - -def test_add_action_blank_name(db): - policy_id = policies.mock_data.get_policy_id() - value = { - "name": "", - "description": "test", - } - with pytest.raises(PerimeterContentError) as exception_info: - data_helper.add_action(policy_id=policy_id, value=value) - assert str(exception_info.value) == '400: Perimeter content is invalid.' - - -def test_add_action_with_name_space(db): - policy_id = policies.mock_data.get_policy_id() - value = { - "name": " ", - "description": "test", - } - with pytest.raises(PerimeterContentError) as exception_info: - data_helper.add_action(policy_id=policy_id, value=value) - assert str(exception_info.value) == '400: Perimeter content is invalid.' - - -def test_add_action_multiple_times(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id1 = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1", - model_name="model1") - value = { - "name": "test_action", - "description": "test", - } - action = data_helper.add_action(policy_id=policy_id1, value=value) - logger.info("action : {}".format(action)) - action_id = list(action.keys())[0] - perimeter_id = action[action_id].get('id') - assert action - value = { - "name": "test_action", - "description": "test", - "policy_list": ['policy_id_3', 'policy_id_4'] - } - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id2 = mock_data.create_new_policy( - subject_category_name="subject_category2", - object_category_name="object_category2", - action_category_name="action_category2", - meta_rule_name="meta_rule_2", - model_name="model2") - action = data_helper.add_action(policy_id=policy_id2, perimeter_id=perimeter_id, value=value) - logger.info("action : {}".format(action)) - assert action - action_id = list(action.keys())[0] - assert len(action[action_id].get('policy_list')) == 2 - - -def test_delete_action(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1") - value = { - "name": "test_action", - "description": "test", - } - action = data_helper.add_action(policy_id=policy_id, value=value) - action_id = list(action.keys())[0] - data_helper.delete_action(policy_id, action_id) - actions = data_helper.get_actions(policy_id, ) - assert not actions - - -def test_delete_action_with_invalid_perimeter_id(db): - policy_id = "invalid" - perimeter_id = "invalid" - with pytest.raises(PolicyUnknown) as exception_info: - data_helper.delete_action(policy_id, perimeter_id) - assert str(exception_info.value) == '400: Policy Unknown' - - -def test_get_objects(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1") - value = { - "name": "test_object", - "description": "test", - } - data_helper.add_object(policy_id=policy_id, value=value) - objects = data_helper.get_objects(policy_id, ) - assert objects - assert len(objects) == 1 - object_id = list(objects.keys())[0] - assert objects[object_id].get('policy_list')[0] == policy_id - - -def test_add_object_with_same_policy_twice(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1") - value = { - "name": "test_object", - "description": "test", - } - added_object = data_helper.add_object(policy_id=policy_id, value=value) - assert added_object - object_id = list(added_object.keys())[0] - assert len(added_object[object_id].get('policy_list')) == 1 - - with pytest.raises(PolicyExisting) as exception_info: - data_helper.add_object(policy_id=policy_id, value=value) - assert str(exception_info.value) == '409: Policy Already Exists' - - -def test_add_objects_multiple_times(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1", - model_name="model1") - value = { - "name": "test_object", - "description": "test", - } - added_object = data_helper.add_object(policy_id=policy_id, value=value) - object_id = list(added_object.keys())[0] - perimeter_id = added_object[object_id].get('id') - assert added_object - value = { - "name": "test_object", - "description": "test", - } - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category2", - object_category_name="object_category2", - action_category_name="action_category2", - meta_rule_name="meta_rule_2", - model_name="model2") - added_object = data_helper.add_object(policy_id=policy_id, perimeter_id=perimeter_id, value=value) - assert added_object - object_id = list(added_object.keys())[0] - assert len(added_object[object_id].get('policy_list')) == 2 - - -def test_delete_object(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1") - value = { - "name": "test_object", - "description": "test", - } - added_object = data_helper.add_object(policy_id=policy_id, value=value) - object_id = list(added_object.keys())[0] - data_helper.delete_object(policy_id, object_id) - objects = data_helper.get_objects(policy_id, ) - assert not objects - - -def test_delete_object_with_invalid_perimeter_id(db): - policy_id = "invalid" - perimeter_id = "invalid" - with pytest.raises(PolicyUnknown) as exception_info: - data_helper.delete_object(policy_id, perimeter_id) - assert str(exception_info.value) == '400: Policy Unknown' - - -def test_get_subjects(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1") - value = { - "name": "testuser", - "description": "test", - } - data_helper.add_subject(policy_id=policy_id, value=value) - subjects = data_helper.get_subjects(policy_id=policy_id) - assert subjects - assert len(subjects) == 1 - subject_id = list(subjects.keys())[0] - assert subjects[subject_id].get('policy_list')[0] == policy_id - - -def test_get_subjects_with_invalid_policy_id(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1") - value = { - "name": "testuser", - "description": "test", - } - data_helper.add_subject(policy_id=policy_id, value=value) - with pytest.raises(PolicyUnknown) as exception_info: - data_helper.get_subjects(policy_id="invalid") - assert str(exception_info.value) == '400: Policy Unknown' - - -def test_add_subject_with_same_policy_twice(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1") - value = { - "name": "testuser", - "description": "test", - } - subject = data_helper.add_subject(policy_id=policy_id, value=value) - assert subject - subject_id = list(subject.keys())[0] - assert len(subject[subject_id].get('policy_list')) == 1 - with pytest.raises(PolicyExisting) as exception_info: - data_helper.add_subject(policy_id=policy_id, value=value) - assert str(exception_info.value) == '409: Policy Already Exists' - - -def test_add_subjects_multiple_times(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1", - model_name="model1") - value = { - "name": "testuser", - "description": "test", - } - subject = data_helper.add_subject(policy_id=policy_id, value=value) - subject_id = list(subject.keys())[0] - perimeter_id = subject[subject_id].get('id') - assert subject - value = { - "name": "testuser", - "description": "test", - } - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category2", - object_category_name="object_category2", - action_category_name="action_category2", - meta_rule_name="meta_rule_2", - model_name="model2") - subject = data_helper.add_subject(policy_id=policy_id, perimeter_id=perimeter_id, value=value) - assert subject - subject_id = list(subject.keys())[0] - assert len(subject[subject_id].get('policy_list')) == 2 - - -def test_delete_subject(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1") - value = { - "name": "testuser", - "description": "test", - } - subject = data_helper.add_subject(policy_id=policy_id, value=value) - subject_id = list(subject.keys())[0] - data_helper.delete_subject(policy_id, subject_id) - subjects = data_helper.get_subjects(policy_id, ) - assert not subjects - - -def test_delete_subject_with_invalid_perimeter_id(db): - policy_id = "invalid" - perimeter_id = "invalid" - with pytest.raises(PolicyUnknown) as exception_info: - data_helper.delete_subject(policy_id, perimeter_id) - assert str(exception_info.value) == '400: Policy Unknown' - - -def test_delete_subject_with_assignment(db): - - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category"+uuid4().hex, - object_category_name="object_category"+uuid4().hex, - action_category_name="action_category"+uuid4().hex, - meta_rule_name="meta_rule_"+uuid4().hex) - - subject_id = mock_data.create_subject(policy_id) - data_id = mock_data.create_subject_data(policy_id=policy_id, category_id=subject_category_id) - assignment_helper.add_subject_assignment(policy_id, subject_id, subject_category_id, data_id) - - with pytest.raises(DeletePerimeterWithAssignment) as exception_info: - data_helper.delete_subject(policy_id, subject_id) - assert '400: Perimeter With Assignment Error' == str(exception_info.value) - - -def test_delete_object_with_assignment(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category" + uuid4().hex, - object_category_name="object_category" + uuid4().hex, - action_category_name="action_category" + uuid4().hex, - meta_rule_name="meta_rule_" + uuid4().hex) - - object_id = mock_data.create_object(policy_id) - data_id = mock_data.create_object_data(policy_id=policy_id, category_id=object_category_id) - assignment_helper.add_object_assignment(policy_id, object_id, object_category_id, data_id) - - with pytest.raises(DeletePerimeterWithAssignment) as exception_info: - data_helper.delete_object(policy_id, object_id) - assert '400: Perimeter With Assignment Error' == str(exception_info.value) - -def test_delete_action_with_assignment(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category" + uuid4().hex, - object_category_name="object_category" + uuid4().hex, - action_category_name="action_category" + uuid4().hex, - meta_rule_name="meta_rule_" + uuid4().hex) - - action_id = mock_data.create_action(policy_id) - data_id = mock_data.create_action_data(policy_id=policy_id, category_id=action_category_id) - assignment_helper.add_action_assignment(policy_id, action_id, action_category_id, data_id) - - with pytest.raises(DeletePerimeterWithAssignment) as exception_info: - data_helper.delete_action(policy_id, action_id) - assert '400: Perimeter With Assignment Error' == str(exception_info.value) - - -def test_get_available_metadata(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1") - metadata = data_helper.get_available_metadata(policy_id=policy_id) - assert metadata - assert metadata['object'][0] == object_category_id - assert metadata['subject'][0] == subject_category_id - assert metadata['action'][0] == action_category_id - - -def test_get_available_metadata_with_invalid_policy_id(db): - with pytest.raises(PolicyUnknown) as exception_info: - data_helper.get_available_metadata(policy_id='invalid') - assert '400: Policy Unknown' == str(exception_info.value) diff --git a/python_moondb/tests/unit_python/policies/test_policies.py b/python_moondb/tests/unit_python/policies/test_policies.py deleted file mode 100755 index b2394203..00000000 --- a/python_moondb/tests/unit_python/policies/test_policies.py +++ /dev/null @@ -1,643 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import pytest -import helpers.mock_data as mock_data -import helpers.policy_helper as policy_helper -import helpers.model_helper as model_helper -import helpers.model_helper as model_helper -from python_moonutilities.exceptions import * -import helpers.pdp_helper as pdp_helper -import helpers.data_helper as data_helper -import helpers.assignment_helper as assignment_helper -from uuid import uuid4 - - -def test_get_policies(db): - policies = policy_helper.get_policies() - assert isinstance(policies, dict) - assert not policies - - -def test_add_policies(db): - model = model_helper.add_model(model_id=uuid4().hex) - model_id = next(iter(model)) - value = { - "name": "test_policy", - "model_id": model_id, - "genre": "authz", - "description": "test", - } - policies = policy_helper.add_policies(value=value) - assert isinstance(policies, dict) - assert policies - assert len(policies.keys()) == 1 - policy_id = list(policies.keys())[0] - for key in ("genre", "name", "model_id", "description"): - assert key in policies[policy_id] - assert policies[policy_id][key] == value[key] - - -def test_add_policies_twice_with_same_id(db): - policy_id = 'policy_id_1' - model = model_helper.add_model(model_id=uuid4().hex) - model_id = next(iter(model)) - value = { - "name": "test_policy", - "model_id": model_id, - "genre": "authz", - "description": "test", - } - policy_helper.add_policies(policy_id, value) - with pytest.raises(PolicyExisting) as exception_info: - policy_helper.add_policies(policy_id, value) - assert str(exception_info.value) == '409: Policy Already Exists' - - -def test_add_policies_twice_with_same_name(db): - model = model_helper.add_model(model_id=uuid4().hex) - model_id = next(iter(model)) - policy_name=uuid4().hex - value = { - "name": policy_name, - "model_id": model_id, - "genre": "authz", - "description": "test", - } - policy_helper.add_policies(value=value) - with pytest.raises(Exception) as exception_info: - policy_helper.add_policies(value=value) - assert str(exception_info.value) == '409: Policy Already Exists' - assert str(exception_info.value.description)== 'Policy name Existed' - - -def test_delete_policies(db): - model = model_helper.add_model(model_id=uuid4().hex) - model_id = next(iter(model)) - policy_name1 = uuid4().hex - value = { - "name": policy_name1, - "model_id": model_id, - "genre": "authz", - "description": "test", - } - policies = policy_helper.add_policies(value=value) - policy_id1 = list(policies.keys())[0] - policy_name2 = uuid4().hex - value = { - "name": policy_name2, - "model_id": model_id, - "genre": "authz", - "description": "test", - } - policies = policy_helper.add_policies(value=value) - policy_id2 = list(policies.keys())[0] - assert policy_id1 != policy_id2 - policy_helper.delete_policies(policy_id1) - policies = policy_helper.get_policies() - assert policy_id1 not in policies - - -def test_delete_policies_with_invalid_id(db): - policy_id = 'policy_id_1' - with pytest.raises(PolicyUnknown) as exception_info: - policy_helper.delete_policies(policy_id) - # assert str(exception_info.value) == '400: Policy Unknown' - - -def test_update_policy(db): - policies = policy_helper.add_policies() - policy_id = list(policies.keys())[0] - value = { - "name": "test_policy4", - "model_id": policies[policy_id]['model_id'], - "genre": "authz", - "description": "test-3", - } - updated_policy = policy_helper.update_policy(policy_id, value) - assert updated_policy - for key in ("genre", "name", "model_id", "description"): - assert key in updated_policy[policy_id] - assert updated_policy[policy_id][key] == value[key] - - -def test_update_policy_name_with_existed_one(db): - policies = policy_helper.add_policies() - policy_id1 = list(policies.keys())[0] - policy_name = uuid4().hex - value = { - "name": policy_name, - "model_id": policies[policy_id1]['model_id'], - "genre": "authz", - "description": "test-3", - } - policy_helper.add_policies(value=value) - with pytest.raises(PolicyExisting) as exception_info: - policy_helper.update_policy(policy_id=policy_id1,value=value) - - assert str(exception_info.value) == '409: Policy Already Exists' - assert str(exception_info.value.description)== 'Policy name Existed' - - -def test_update_policy_with_invalid_id(db): - policy_id = 'invalid-id' - value = { - "name": "test_policy4", - "model_id": "", - "genre": "authz", - "description": "test-3", - } - with pytest.raises(PolicyUnknown) as exception_info: - policy_helper.update_policy(policy_id, value) - assert str(exception_info.value) == '400: Policy Unknown' - - -def test_get_policy_from_meta_rules(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1", - model_name="model1") - security_pipeline = [policy_id] - pdp_obj = mock_data.create_pdp(security_pipeline) - pdp_helper.add_pdp(value=pdp_obj) - matched_policy_id = policy_helper.get_policy_from_meta_rules(meta_rule_id) - assert matched_policy_id - assert policy_id == matched_policy_id - - -def test_get_policy_from_meta_rules_with_no_policy_ids(db): - meta_rule_id = 'meta_rule_id' - value = { - "name": "test_pdp", - "security_pipeline": [], - "keystone_project_id": "keystone_project_id1", - "description": "...", - } - pdp_helper.add_pdp(value=value) - matched_policy_id = policy_helper.get_policy_from_meta_rules(meta_rule_id) - assert not matched_policy_id - - -def test_get_rules(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category12", - object_category_name="object_category12", - action_category_name="action_category12", - meta_rule_name="meta_rule_12", - model_name="model12") - - policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id) - - policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id) - rules = policy_helper.get_rules(policy_id=policy_id, meta_rule_id=meta_rule_id) - assert isinstance(rules, dict) - assert rules - obj = rules.get('rules') - assert len(obj) == 2 - - -def test_get_rules_with_invalid_policy_id_failure(db): - rules = policy_helper.get_rules("invalid_policy_id", "meta_rule_id") - assert not rules.get('meta_rule-id') - assert len(rules.get('rules')) == 0 - - -def test_add_rule_existing(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1", - model_name="model1") - subject_data_id = mock_data.create_subject_data(policy_id=policy_id, - category_id=subject_category_id) - object_data_id = mock_data.create_object_data(policy_id=policy_id, - category_id=object_category_id) - action_data_id = mock_data.create_action_data(policy_id=policy_id, - category_id=action_category_id) - - value = { - "rule": (subject_data_id, object_data_id, action_data_id), - "instructions": ({"decision": "grant"}), - "enabled": "", - } - - rules = policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) - assert rules - assert len(rules) == 1 - assert isinstance(rules, dict) - rule_id = list(rules.keys())[0] - for key in ("rule", "instructions", "enabled"): - assert key in rules[rule_id] - assert rules[rule_id][key] == value[key] - - with pytest.raises(RuleExisting) as exception_info: - policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) - assert str(exception_info.value) == '409: Rule Existing' - - -def test_check_existing_rule_valid_request(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1", - model_name="model1") - subject_data_id = mock_data.create_subject_data(policy_id=policy_id, - category_id=subject_category_id) - object_data_id = mock_data.create_object_data(policy_id=policy_id, - category_id=object_category_id) - action_data_id = mock_data.create_action_data(policy_id=policy_id, - category_id=action_category_id) - value = { - "rule": (subject_data_id, object_data_id, action_data_id), - "instructions": ({"decision": "grant"}), - "enabled": "", - } - - rules = policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) - assert rules - assert len(rules) == 1 - assert isinstance(rules, dict) - rule_id = list(rules.keys())[0] - for key in ("rule", "instructions", "enabled"): - assert key in rules[rule_id] - assert rules[rule_id][key] == value[key] - - with pytest.raises(RuleExisting) as exception_info: - policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) - assert str(exception_info.value) == '409: Rule Existing' - - -def test_check_existing_rule_valid_multiple__data(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1", - model_name="model1") - subject_data_id1 = mock_data.create_subject_data(policy_id=policy_id, - category_id=subject_category_id) - subject_data_id2 = mock_data.create_subject_data(policy_id=policy_id, - category_id=subject_category_id) - object_data_id1 = mock_data.create_object_data(policy_id=policy_id, - category_id=object_category_id) - object_data_id2 = mock_data.create_object_data(policy_id=policy_id, - category_id=object_category_id) - action_data_id1 = mock_data.create_action_data(policy_id=policy_id, - category_id=action_category_id) - action_data_id2 = mock_data.create_action_data(policy_id=policy_id, - category_id=action_category_id) - value = { - "rule": ( - subject_data_id1, object_data_id2, action_data_id1), - "instructions": ({"decision": "grant"}), - "enabled": "", - } - - rules = policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) - assert rules - assert len(rules) == 1 - assert isinstance(rules, dict) - rule_id = list(rules.keys())[0] - for key in ("rule", "instructions", "enabled"): - assert key in rules[rule_id] - assert rules[rule_id][key] == value[key] - - with pytest.raises(RuleExisting) as exception_info: - policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) - assert str(exception_info.value) == '409: Rule Existing' - - -def test_check_existing_rule_missing_data(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1", - model_name="model1") - subject_data_id = mock_data.create_subject_data(policy_id=policy_id, - category_id=subject_category_id) - object_data_id = mock_data.create_object_data(policy_id=policy_id, - category_id=object_category_id) - action_data_id = mock_data.create_action_data(policy_id=policy_id, - category_id=action_category_id) - value = { - "rule": (object_data_id, action_data_id), - "instructions": ({"decision": "grant"}), - "enabled": "", - } - - with pytest.raises(RuleContentError) as exception_info: - policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) - assert str(exception_info.value) == '400: Rule Error' - assert exception_info.value.description== "Missing Data" - - -def test_check_existing_rule_meta_rule_missing_data(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1", - model_name="model1") - subject_data_id = mock_data.create_subject_data(policy_id=policy_id, - category_id=subject_category_id) - object_data_id = mock_data.create_object_data(policy_id=policy_id, - category_id=object_category_id) - action_data_id = mock_data.create_action_data(policy_id=policy_id, - category_id=action_category_id) - value = { - "rule": (subject_data_id, object_data_id, action_data_id, action_data_id), - "instructions": ({"decision": "grant"}), - "enabled": "", - } - - with pytest.raises(MetaRuleContentError) as exception_info: - policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) - assert str(exception_info.value) == '400: Meta Rule Error' - assert exception_info.value.description == "Missing Data" - - -def test_check_existing_rule_invalid_data_id_order(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1", - model_name="model1") - subject_data_id = mock_data.create_subject_data(policy_id=policy_id, - category_id=subject_category_id) - object_data_id = mock_data.create_object_data(policy_id=policy_id, - category_id=object_category_id) - action_data_id = mock_data.create_action_data(policy_id=policy_id, - category_id=action_category_id) - value = { - "rule": (object_data_id, action_data_id, subject_data_id), - "instructions": ({"decision": "grant"}), - "enabled": "", - } - - with pytest.raises(RuleContentError) as exception_info: - policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) - assert str(exception_info.value) == '400: Rule Error' - assert "Missing Subject_category" in exception_info.value.description - - -def test_check_existing_rule_invalid_data_id_order_scenrio_2(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1", - model_name="model1") - subject_data_id = mock_data.create_subject_data(policy_id=policy_id, - category_id=subject_category_id) - object_data_id = mock_data.create_object_data(policy_id=policy_id, - category_id=object_category_id) - action_data_id = mock_data.create_action_data(policy_id=policy_id, - category_id=action_category_id) - value = { - "rule": (subject_data_id, action_data_id, object_data_id), - "instructions": ({"decision": "grant"}), - "enabled": "", - } - - with pytest.raises(RuleContentError) as exception_info: - policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) - assert str(exception_info.value) == '400: Rule Error' - assert "Missing Object_category" in exception_info.value.description - - -def test_check_existing_rule_wrong_subject_data_id(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1", - model_name="model1") - subject_data_id = mock_data.create_subject_data(policy_id=policy_id, - category_id=subject_category_id) - object_data_id = mock_data.create_object_data(policy_id=policy_id, - category_id=object_category_id) - action_data_id = mock_data.create_action_data(policy_id=policy_id, - category_id=action_category_id) - value = { - "rule": (uuid4().hex, object_data_id, action_data_id), - "instructions": ({"decision": "grant"}), - "enabled": "", - } - - with pytest.raises(RuleContentError) as exception_info: - policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) - assert str(exception_info.value) == '400: Rule Error' - assert "Missing Subject_category" in exception_info.value.description - - -def test_check_existing_rule_wrong_object_data_id(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1", - model_name="model1") - subject_data_id = mock_data.create_subject_data(policy_id=policy_id, - category_id=subject_category_id) - object_data_id = mock_data.create_object_data(policy_id=policy_id, - category_id=object_category_id) - action_data_id = mock_data.create_action_data(policy_id=policy_id, - category_id=action_category_id) - value = { - "rule": (subject_data_id, uuid4().hex, action_data_id), - "instructions": ({"decision": "grant"}), - "enabled": "", - } - - with pytest.raises(RuleContentError) as exception_info: - policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) - assert str(exception_info.value) == '400: Rule Error' - assert "Missing Object_category" in exception_info.value.description - - -def test_check_existing_rule_wrong_action_data_id(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1", - model_name="model1") - subject_data_id = mock_data.create_subject_data(policy_id=policy_id, - category_id=subject_category_id) - object_data_id = mock_data.create_object_data(policy_id=policy_id, - category_id=object_category_id) - action_data_id = mock_data.create_action_data(policy_id=policy_id, - category_id=action_category_id) - value = { - "rule": (subject_data_id, object_data_id, uuid4().hex), - "instructions": ({"decision": "grant"}), - "enabled": "", - } - - with pytest.raises(RuleContentError) as exception_info: - policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) - assert str(exception_info.value) == '400: Rule Error' - assert "Missing Action_category" in exception_info.value.description - - -def test_delete_rule(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() - - rules = policy_helper.add_rule(policy_id, meta_rule_id) - rule_id = list(rules.keys())[0] - policy_helper.delete_rule(policy_id, rule_id) - rules = policy_helper.get_rules(policy_id, meta_rule_id) - assert not rules.get('rules') - - -def test_delete_policies_with_pdp(db): - policies = policy_helper.add_policies() - policy_id1 = list(policies.keys())[0] - pdp_id = "pdp_id1" - value = { - "name": "test_pdp", - "security_pipeline": [policy_id1], - "keystone_project_id": "keystone_project_id1", - "description": "...", - } - pdp_helper.add_pdp(pdp_id=pdp_id, value=value) - with pytest.raises(DeletePolicyWithPdp) as exception_info: - policy_helper.delete_policies(policy_id1) - assert str(exception_info.value) == '400: Policy With PDP Error' - assert 'Cannot delete policy with pdp' == exception_info.value.description - - -def test_delete_policies_with_subject_perimeter(db): - policies = policy_helper.add_policies() - policy_id1 = list(policies.keys())[0] - - value = { - "name": "testuser", - "security_pipeline": [policy_id1], - "keystone_project_id": "keystone_project_id1", - "description": "...", - } - data_helper.add_subject(policy_id=policy_id1, value=value) - with pytest.raises(DeletePolicyWithPerimeter) as exception_info: - policy_helper.delete_policies(policy_id1) - assert str(exception_info.value) == '400: Policy With Perimeter Error' - assert 'Cannot delete policy with perimeter'== exception_info.value.description - - -def test_delete_policies_with_object_perimeter(db): - policies = policy_helper.add_policies() - policy_id1 = list(policies.keys())[0] - - value = { - "name": "test_obj", - "security_pipeline": [policy_id1], - "keystone_project_id": "keystone_project_id1", - "description": "...", - } - data_helper.add_object(policy_id=policy_id1, value=value) - with pytest.raises(DeletePolicyWithPerimeter) as exception_info: - policy_helper.delete_policies(policy_id1) - assert str(exception_info.value) == '400: Policy With Perimeter Error' - assert 'Cannot delete policy with perimeter'== exception_info.value.description - - -def test_delete_policies_with_action_perimeter(db): - policies = policy_helper.add_policies() - policy_id1 = list(policies.keys())[0] - - value = { - "name": "test_act", - "security_pipeline": [policy_id1], - "keystone_project_id": "keystone_project_id1", - "description": "...", - } - data_helper.add_action(policy_id=policy_id1, value=value) - with pytest.raises(DeletePolicyWithPerimeter) as exception_info: - policy_helper.delete_policies(policy_id1) - assert '400: Policy With Perimeter Error' == str(exception_info.value) - - -def test_delete_policies_with_subject_assignment(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() - - subject_id = mock_data.create_subject(policy_id) - data_id = mock_data.create_subject_data(policy_id=policy_id, category_id=subject_category_id) - assignment_helper.add_subject_assignment(policy_id, subject_id, subject_category_id, data_id) - - with pytest.raises(DeletePolicyWithPerimeter) as exception_info: - policy_helper.delete_policies(policy_id) - - assert '400: Policy With Perimeter Error' == str(exception_info.value) - - -def test_delete_policies_with_object_assignment(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() - - object_id = mock_data.create_object(policy_id) - data_id = mock_data.create_object_data(policy_id=policy_id, category_id=object_category_id) - assignment_helper.add_object_assignment(policy_id, object_id, object_category_id, data_id) - - with pytest.raises(DeletePolicyWithPerimeter) as exception_info: - policy_helper.delete_policies(policy_id) - assert '400: Policy With Perimeter Error' == str(exception_info.value) - - -def test_delete_policies_with_action_assignment(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() - - action_id = mock_data.create_action(policy_id) - data_id = mock_data.create_action_data(policy_id=policy_id, category_id=action_category_id) - assignment_helper.add_action_assignment(policy_id, action_id, action_category_id, data_id) - - with pytest.raises(DeletePolicyWithPerimeter) as exception_info: - policy_helper.delete_policies(policy_id) - assert '400: Policy With Perimeter Error' == str(exception_info.value) - - -def test_delete_policies_with_subject_data(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() - - data_id = mock_data.create_subject_data(policy_id=policy_id, category_id=subject_category_id) - - with pytest.raises(DeletePolicyWithData) as exception_info: - policy_helper.delete_policies(policy_id) - - assert '400: Policy With Data Error' == str(exception_info.value) - - -def test_delete_policies_with_object_data(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() - - data_id = mock_data.create_object_data(policy_id=policy_id, category_id=object_category_id) - - with pytest.raises(DeletePolicyWithData) as exception_info: - policy_helper.delete_policies(policy_id) - assert '400: Policy With Data Error' == str(exception_info.value) - - -def test_delete_policies_with_action_data(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() - - data_id = mock_data.create_action_data(policy_id=policy_id, category_id=action_category_id) - - with pytest.raises(DeletePolicyWithData) as exception_info: - policy_helper.delete_policies(policy_id) - assert '400: Policy With Data Error' == str(exception_info.value) - - -def test_delete_policies_with_rule(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() - - rules = policy_helper.add_rule(policy_id, meta_rule_id) - - with pytest.raises(DeletePolicyWithRules) as exception_info: - policy_helper.delete_policies(policy_id) - assert '400: Policy With Rule Error' == str(exception_info.value) diff --git a/python_moondb/tests/unit_python/requirements.txt b/python_moondb/tests/unit_python/requirements.txt deleted file mode 100644 index aea8e3d5..00000000 --- a/python_moondb/tests/unit_python/requirements.txt +++ /dev/null @@ -1,4 +0,0 @@ -sqlalchemy -pymysql -requests_mock -python_moonutilities==1.4.20 \ No newline at end of file diff --git a/python_moondb/tests/unit_python/test_keystone.py b/python_moondb/tests/unit_python/test_keystone.py deleted file mode 100644 index 134bec0d..00000000 --- a/python_moondb/tests/unit_python/test_keystone.py +++ /dev/null @@ -1,53 +0,0 @@ -import pytest - - -def create_project(tenant_dict): - from python_moondb.core import KeystoneManager - return KeystoneManager.create_project(tenant_dict) - - -def list_projects(): - from python_moondb.core import KeystoneManager - return KeystoneManager.list_projects() - - -def create_user(subject_dict): - from python_moondb.core import KeystoneManager - return KeystoneManager.create_user(subject_dict) - - -def test_create_project(): - tenant_dict = { - "description": "test_project", - "domain_id": ['domain_id_1'], - "enabled": True, - "is_domain": False, - "name": 'project_1' - } - project = create_project(tenant_dict) - assert project - assert project.get('name') == tenant_dict.get('name') - - -def test_create_project_without_name(): - tenant_dict = { - "description": "test_project", - "domain_id": ['domain_id_1'], - "enabled": True, - "is_domain": False, - } - with pytest.raises(Exception) as exception_info: - create_project(tenant_dict) - assert '400: Keystone project error' == str(exception_info.value) - - -def test_create_user(): - subject_dict = { - "password": "password", - "domain_id": ['domain_id_1'], - "enabled": True, - "project": 'test_project', - "name": 'user_id_1' - } - user = create_user(subject_dict) - assert user diff --git a/python_moondb/tests/unit_python/test_pdp.py b/python_moondb/tests/unit_python/test_pdp.py deleted file mode 100755 index 4d245e4d..00000000 --- a/python_moondb/tests/unit_python/test_pdp.py +++ /dev/null @@ -1,149 +0,0 @@ -import pytest -import helpers.mock_data as mock_data -import helpers.pdp_helper as pdp_helper - - -def test_update_pdp(db): - pdp_id = "pdp_id1" - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1", - model_name="model1") - value = { - "name": "test_pdp", - "security_pipeline": [policy_id], - "keystone_project_id": "keystone_project_id1", - "description": "...", - } - pdp_helper.add_pdp(pdp_id, value) - pdp = pdp_helper.update_pdp(pdp_id, value) - assert pdp - - -def test_update_pdp_with_invalid_id(db): - pdp_id = "pdp_id1" - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1", - model_name="model1") - value = { - "name": "test_pdp", - "security_pipeline": [policy_id], - "keystone_project_id": "keystone_project_id1", - "description": "...", - } - with pytest.raises(Exception) as exception_info: - pdp_helper.update_pdp(pdp_id, value) - assert str(exception_info.value) == '400: Pdp Unknown' - - -def test_delete_pdp(db): - pdp_id = "pdp_id1" - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1", - model_name="model1") - value = { - "name": "test_pdp", - "security_pipeline": [policy_id], - "keystone_project_id": "keystone_project_id1", - "description": "...", - } - pdp_helper.add_pdp(pdp_id, value) - pdp_helper.delete_pdp(pdp_id) - assert len(pdp_helper.get_pdp(pdp_id)) == 0 - - -def test_delete_pdp_with_invalid_id(db): - pdp_id = "pdp_id1" - with pytest.raises(Exception) as exception_info: - pdp_helper.delete_pdp(pdp_id) - assert str(exception_info.value) == '400: Pdp Unknown' - - -def test_add_pdp(db): - pdp_id = "pdp_id1" - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1", - model_name="model1") - value = { - "name": "test_pdp", - "security_pipeline": [policy_id], - "keystone_project_id": "keystone_project_id1", - "description": "...", - } - pdp = pdp_helper.add_pdp(pdp_id, value) - assert pdp - - -def test_add_pdp_twice_with_same_id(db): - pdp_id = "pdp_id1" - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1", - model_name="model1") - value = { - "name": "test_pdp", - "security_pipeline": [policy_id], - "keystone_project_id": "keystone_project_id1", - "description": "...", - } - pdp_helper.add_pdp(pdp_id, value) - with pytest.raises(Exception) as exception_info: - pdp_helper.add_pdp(pdp_id, value) - assert str(exception_info.value) == '409: Pdp Error' - - -def test_add_pdp_twice_with_same_name(db): - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1", - model_name="model1") - value = { - "name": "test_pdp", - "security_pipeline": [policy_id], - "keystone_project_id": "keystone_project_id1", - "description": "...", - } - pdp_helper.add_pdp(value=value) - with pytest.raises(Exception) as exception_info: - pdp_helper.add_pdp(value=value) - assert str(exception_info.value) == '409: Pdp Error' - - -def test_get_pdp(db): - pdp_id = "pdp_id1" - subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1", - meta_rule_name="meta_rule_1", - model_name="model1") - value = { - "name": "test_pdp", - "security_pipeline": [policy_id], - "keystone_project_id": "keystone_project_id1", - "description": "...", - } - pdp_helper.add_pdp(pdp_id, value) - pdp = pdp_helper.get_pdp(pdp_id) - assert len(pdp) == 1 - - -def test_get_pdp_with_invalid_id(db): - pdp_id = "invalid" - pdp = pdp_helper.get_pdp(pdp_id) - assert len(pdp) == 0 diff --git a/python_moondb/tests/unit_python/utilities.py b/python_moondb/tests/unit_python/utilities.py deleted file mode 100644 index 1d79d890..00000000 --- a/python_moondb/tests/unit_python/utilities.py +++ /dev/null @@ -1,136 +0,0 @@ -import base64 -import json - - -CONF = { - "openstack": { - "keystone": { - "url": "http://keystone:5000/v3", - "user": "admin", - "check_token": False, - "password": "p4ssw0rd", - "domain": "default", - "certificate": False, - "project": "admin" - } - }, - "components": { - "wrapper": { - "bind": "0.0.0.0", - "port": 8080, - "container": "wukongsun/moon_wrapper:v4.3", - "timeout": 5, - "hostname": "wrapper" - }, - "manager": { - "bind": "0.0.0.0", - "port": 8082, - "container": "wukongsun/moon_manager:v4.3", - "hostname": "manager" - }, - "port_start": 31001, - "orchestrator": { - "bind": "0.0.0.0", - "port": 8083, - "container": "wukongsun/moon_orchestrator:v4.3", - "hostname": "interface" - }, - "interface": { - "bind": "0.0.0.0", - "port": 8080, - "container": "wukongsun/moon_interface:v4.3", - "hostname": "interface" - } - }, - "plugins": { - "session": { - "port": 8082, - "container": "asteroide/session:latest" - }, - "authz": { - "port": 8081, - "container": "wukongsun/moon_authz:v4.3" - } - }, - "logging": { - "handlers": { - "file": { - "filename": "/tmp/moon.log", - "class": "logging.handlers.RotatingFileHandler", - "level": "DEBUG", - "formatter": "custom", - "backupCount": 3, - "maxBytes": 1048576 - }, - "console": { - "class": "logging.StreamHandler", - "formatter": "brief", - "level": "INFO", - "stream": "ext://sys.stdout" - } - }, - "formatters": { - "brief": { - "format": "%(levelname)s %(name)s %(message)-30s" - }, - "custom": { - "format": "%(asctime)-15s %(levelname)s %(name)s %(message)s" - } - }, - "root": { - "handlers": [ - "console" - ], - "level": "ERROR" - }, - "version": 1, - "loggers": { - "moon": { - "handlers": [ - "console", - "file" - ], - "propagate": False, - "level": "DEBUG" - } - } - }, - "slave": { - "name": None, - "master": { - "url": None, - "login": None, - "password": None - } - }, - "docker": { - "url": "tcp://172.88.88.1:2376", - "network": "moon" - }, - "database": { - "url": "sqlite:///database.db", - # "url": "mysql+pymysql://moon:p4sswOrd1@db/moon", - "driver": "sql" - }, - "messenger": { - "url": "rabbit://moon:p4sswOrd1@messenger:5672/moon" - } -} - - -def get_b64_conf(component=None): - if component == "components": - return base64.b64encode( - json.dumps(CONF["components"]).encode('utf-8')+b"\n").decode('utf-8') - elif component in CONF: - return base64.b64encode( - json.dumps( - CONF[component]).encode('utf-8')+b"\n").decode('utf-8') - elif not component: - return base64.b64encode( - json.dumps(CONF).encode('utf-8')+b"\n").decode('utf-8') - elif "/" in component: - key1, _, key2 = component.partition("/") - return base64.b64encode( - json.dumps( - CONF[key1][key2]).encode('utf-8')+b"\n").decode('utf-8') -- cgit 1.2.3-korg