#!/usr/bin/env bash
+if [ -d /data/dist ];
+then
+ pip install /data/dist/*.tar.gz --upgrade
+ pip install /data/dist/*.whl --upgrade
+fi
+
+
cd /data/tests/functional_pod
pytest .
return req
+def clean_models():
+ client = utilities.register_client()
+ req, models= get_models(client)
+ for key, value in models['models'].items():
+ print(key)
+ print(value)
+ client.delete("/models/{}".format(key))
+
def test_get_models():
client = utilities.register_client()
req, models= get_models(client)
def test_add_models():
+ clean_models()
client = utilities.register_client()
req, models = add_models(client, "testuser")
assert req.status_code == 200
1.2.7
-----
- Fix some bugs
+
+1.2.8
+-----
+- Add unique constraints on db tables
# license which can be found in the file 'LICENSE' in this package distribution
# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-__version__ = "1.2.7"
+__version__ = "1.2.8"
def add_meta_rule(self, user_id, meta_rule_id=None, value=None):
if meta_rule_id in self.driver.get_meta_rules(meta_rule_id=meta_rule_id):
raise exceptions.MetaRuleExisting
- if not meta_rule_id:
- meta_rule_id = uuid4().hex
- logger.info("add_meta_rule {}".format(value))
return self.driver.set_meta_rule(meta_rule_id=meta_rule_id, value=value)
@enforce(("read", "write"), "meta_rules")
def add_subject_category(self, user_id, category_id=None, value=None):
if category_id in self.driver.get_subject_categories(category_id=category_id):
raise exceptions.SubjectCategoryExisting
- # if not category_id:
- # category_id = uuid4().hex
return self.driver.add_subject_category(name=value["name"], description=value["description"], uuid=category_id)
@enforce(("read", "write"), "meta_data")
def add_object_category(self, user_id, category_id=None, value=None):
if category_id in self.driver.get_object_categories(category_id=category_id):
raise exceptions.ObjectCategoryExisting
- # if not category_id:
- # category_id = uuid4().hex
return self.driver.add_object_category(name=value["name"], description=value["description"], uuid=category_id)
@enforce(("read", "write"), "meta_data")
def add_action_category(self, user_id, category_id=None, value=None):
if category_id in self.driver.get_action_categories(category_id=category_id):
raise exceptions.ActionCategoryExisting
- # if not category_id:
- # category_id = uuid4().hex
return self.driver.add_action_category(name=value["name"], description=value["description"], uuid=category_id)
@enforce(("read", "write"), "meta_data")
logger.info("add_action {}".format(policy_id))
if not self.get_policies(user_id=user_id, policy_id=policy_id):
raise exceptions.PolicyUnknown
- if not perimeter_id:
- perimeter_id = uuid4().hex
return self.driver.set_action(policy_id=policy_id, perimeter_id=perimeter_id, value=value)
@enforce(("read", "write"), "perimeter")
from python_moonutilities import configuration
from python_moonutilities.exceptions import *
from python_moondb.core import PDPDriver, PolicyDriver, ModelDriver
+import sqlalchemy
logger = logging.getLogger("moon.db.driver.sql")
Base = declarative_base()
class Model(Base, DictBase):
__tablename__ = 'models'
- attributes = ['id', 'value']
+ attributes = ['id', 'name', 'value']
id = sql.Column(sql.String(64), primary_key=True)
+ name = sql.Column(sql.String(256), nullable=False)
value = sql.Column(JsonBlob(), nullable=True)
def to_dict(self):
return {
- "name": self.value.get("name"),
+ "name": self.name,
"description": self.value.get("description", ""),
"meta_rules": self.value.get("meta_rules", list()),
}
class Policy(Base, DictBase):
__tablename__ = 'policies'
- attributes = ['id', 'value']
+ attributes = ['id', 'name', 'model_id', 'value']
id = sql.Column(sql.String(64), primary_key=True)
+ name = sql.Column(sql.String(256), nullable=False)
+ model_id = sql.Column(sql.String(64), nullable=True, default="")
value = sql.Column(JsonBlob(), nullable=True)
def to_dict(self):
return {
- "name": self.value.get("name"),
"description": self.value.get("description", ""),
- "model_id": self.value.get("model_id", ""),
"genre": self.value.get("genre", ""),
+ "model_id": self.model_id,
+ "name": self.name
}
class PDP(Base, DictBase):
__tablename__ = 'pdp'
- attributes = ['id', 'value']
+ attributes = ['id', 'name', 'keystone_project_id', 'value']
id = sql.Column(sql.String(64), primary_key=True)
+ name = sql.Column(sql.String(256), nullable=False)
+ keystone_project_id = sql.Column(sql.String(64), nullable=True, default="")
value = sql.Column(JsonBlob(), nullable=True)
def to_dict(self):
return {
- "name": self.value.get("name"),
+ "name": self.name,
"description": self.value.get("description", ""),
- "keystone_project_id": self.value.get("keystone_project_id", ""),
+ "keystone_project_id": self.keystone_project_id,
"security_pipeline": self.value.get("security_pipeline", []),
}
class PerimeterBase(DictBase):
- attributes = ['id', 'value']
+ attributes = ['id', 'name', 'value']
id = sql.Column(sql.String(64), primary_key=True)
+ name = sql.Column(sql.String(256), nullable=False)
value = sql.Column(JsonBlob(), nullable=True)
__mapper_args__ = {'concrete': True}
def __repr__(self):
- return "{}: {}".format(self.id, json.dumps(self.value))
+ return "{} with name {} : {}".format(self.id, self.name, json.dumps(self.value))
def to_return(self):
return {
'id': self.id,
- 'name': self.value.get("name", ""),
+ 'name': self.name,
'description': self.value.get("description", ""),
'email': self.value.get("email", ""),
'extra': self.value.get("extra", dict()),
}
def to_dict(self):
+ dict_value = copy.deepcopy(self.value)
+ dict_value["name"] = self.name
return {
'id': self.id,
- 'value': self.value
+ 'value': dict_value
}
-
class Subject(Base, PerimeterBase):
__tablename__ = 'subjects'
class PerimeterDataBase(DictBase):
- attributes = ['id', 'value', 'category_id', 'policy_id']
+ attributes = ['id', 'name', 'value', 'category_id', 'policy_id']
id = sql.Column(sql.String(64), primary_key=True)
+ name = sql.Column(sql.String(256), nullable=False)
value = sql.Column(JsonBlob(), nullable=True)
@declared_attr
def policy_id(cls):
def to_dict(self):
return {
'id': self.id,
- 'name': self.value.get("name", ""),
+ 'name': self.name,
'description': self.value.get("description", ""),
'category_id': self.category_id,
'policy_id': self.policy_id
class MetaRule(Base, DictBase):
__tablename__ = 'meta_rules'
- attributes = ['id', 'value']
+ attributes = ['id', 'name', 'subject_categories', 'object_categories', 'action_categories', 'value']
id = sql.Column(sql.String(64), primary_key=True)
+ name = sql.Column(sql.String(256), nullable=False)
+ subject_categories = sql.Column(JsonBlob(), nullable=True)
+ object_categories = sql.Column(JsonBlob(), nullable=True)
+ action_categories = sql.Column(JsonBlob(), nullable=True)
value = sql.Column(JsonBlob(), nullable=True)
def to_dict(self):
return {
- "name": self.value["name"],
+ "name": self.name,
"description": self.value.get("description", ""),
- "subject_categories": self.value.get("subject_categories", list()),
- "object_categories": self.value.get("object_categories", list()),
- "action_categories": self.value.get("action_categories", list()),
+ "subject_categories": self.subject_categories,
+ "object_categories": self.object_categories,
+ "action_categories": self.action_categories,
}
class PDPConnector(BaseConnector, PDPDriver):
def update_pdp(self, pdp_id, value):
- with self.get_session_for_write() as session:
- query = session.query(PDP)
- query = query.filter_by(id=pdp_id)
- ref = query.first()
- if ref:
- d = dict(ref.value)
- d.update(value)
- setattr(ref, "value", d)
- return {ref.id: ref.to_dict()}
+ try:
+ with self.get_session_for_write() as session:
+ query = session.query(PDP)
+ query = query.filter_by(id=pdp_id)
+ ref = query.first()
+ if ref:
+ value_wo_name = copy.deepcopy(value)
+ value_wo_name.pop("name", None)
+ value_wo_name.pop("keystone_project_id", None)
+ ref.name = value["name"]
+ ref.keystone_project_id = value["keystone_project_id"]
+ d = dict(ref.value)
+ d.update(value_wo_name)
+ setattr(ref, "value", d)
+ return {ref.id: ref.to_dict()}
+ except sqlalchemy.exc.IntegrityError:
+ raise PdpExisting
def delete_pdp(self, pdp_id):
with self.get_session_for_write() as session:
session.delete(ref)
def add_pdp(self, pdp_id=None, value=None):
- with self.get_session_for_write() as session:
- new = PDP.from_dict({
- "id": pdp_id if pdp_id else uuid4().hex,
- "value": value
- })
- session.add(new)
- return {new.id: new.to_dict()}
+ try:
+ with self.get_session_for_write() as session:
+ value_wo_name = copy.deepcopy(value)
+ value_wo_name.pop("name", None)
+ value_wo_name.pop("keystone_project_id", None)
+ new = PDP.from_dict({
+ "id": pdp_id if pdp_id else uuid4().hex,
+ "name": value["name"],
+ "keystone_project_id": value["keystone_project_id"],
+ "value": value_wo_name
+ })
+ session.add(new)
+ return {new.id: new.to_dict()}
+ except sqlalchemy.exc.IntegrityError:
+ raise PdpExisting
def get_pdp(self, pdp_id=None):
with self.get_session_for_read() as session:
query = query.filter_by(id=policy_id)
ref = query.first()
if ref:
+ value_wo_other_info = copy.deepcopy(value)
+ value_wo_other_info.pop("name", None)
+ value_wo_other_info.pop("model_id", None)
+ ref.name = value["name"]
+ ref.model_id= value["model_id"]
d = dict(ref.value)
- d.update(value)
+ d.update(value_wo_other_info)
setattr(ref, "value", d)
return {ref.id: ref.to_dict()}
def add_policy(self, policy_id=None, value=None):
with self.get_session_for_write() as session:
+ value_wo_other_info = copy.deepcopy(value)
+ value_wo_other_info.pop("name", None)
+ value_wo_other_info.pop("model_id", None)
new = Policy.from_dict({
"id": policy_id if policy_id else uuid4().hex,
- "value": value
+ "name": value["name"],
+ "model_id": value["model_id"],
+ "value": value_wo_other_info
})
session.add(new)
return {new.id: new.to_dict()}
return {_ref.id: _ref.to_return() for _ref in results}
return {_ref.id: _ref.to_return() for _ref in ref_list}
- def __set_perimeter(self, ClassType, policy_id, perimeter_id=None, value=None):
+ def __set_perimeter(self, ClassType, ClassTypeException, policy_id, perimeter_id=None, value=None):
_perimeter = None
with self.get_session_for_write() as session:
if perimeter_id:
query = session.query(ClassType)
query = query.filter_by(id=perimeter_id)
_perimeter = query.first()
+ logger.info("+++++++++++++ {}".format(_perimeter))
if not _perimeter:
if "policy_list" not in value or type(value["policy_list"]) is not list:
value["policy_list"] = []
if policy_id and policy_id not in value["policy_list"]:
value["policy_list"] = [policy_id, ]
+
+ value_wo_name = copy.deepcopy(value)
+ value_wo_name.pop("name",None)
new = ClassType.from_dict({
- "id": perimeter_id if perimeter_id else uuid4().hex,
- "value": value
+ "id": uuid4().hex,
+ "name": value["name"],
+ "value": value_wo_name
})
session.add(new)
return {new.id: new.to_return()}
_value["value"]["policy_list"] = []
if policy_id and policy_id not in _value["value"]["policy_list"]:
_value["value"]["policy_list"].append(policy_id)
- new_perimeter = ClassType.from_dict(_value)
- # setattr(_subject, "value", _value["value"])
- setattr(_perimeter, "value", getattr(new_perimeter, "value"))
+ logger.info("-------------_value- {}".format(_value))
+
+ name = _value["value"]["name"]
+ _value["value"].pop("name")
+ new_perimeter = ClassType.from_dict({
+ "id": _value["id"],
+ "name": name,
+ "value": _value["value"]
+ })
+ logger.info("-------------- new {}".format(new_perimeter))
+ logger.info("-------------- old {}".format(_perimeter))
+ _perimeter.value = new_perimeter.value
+ _perimeter.name = new_perimeter.name
return {_perimeter.id: _perimeter.to_return()}
def __delete_perimeter(self,ClassType, ClassUnknownException, policy_id, perimeter_id):
return self.__get_perimeters(Subject, policy_id, perimeter_id)
def set_subject(self, policy_id, perimeter_id=None, value=None):
- return self.__set_perimeter(Subject, policy_id, perimeter_id=perimeter_id, value=value)
+ try:
+ return self.__set_perimeter(Subject, SubjectExisting, policy_id, perimeter_id=perimeter_id, value=value)
+ except sqlalchemy.exc.IntegrityError:
+ raise SubjectExisting
def delete_subject(self, policy_id, perimeter_id):
self.__delete_perimeter(Subject, SubjectUnknown, policy_id, perimeter_id)
return self.__get_perimeters(Object, policy_id, perimeter_id)
def set_object(self, policy_id, perimeter_id=None, value=None):
- return self.__set_perimeter(Object, policy_id, perimeter_id=perimeter_id, value=value)
+ try:
+ return self.__set_perimeter(Object, ObjectExisting, policy_id, perimeter_id=perimeter_id, value=value)
+ except sqlalchemy.exc.IntegrityError:
+ raise ObjectExisting
def delete_object(self, policy_id, perimeter_id):
self.__delete_perimeter(Object, ObjectUnknown, policy_id, perimeter_id)
return self.__get_perimeters(Action, policy_id, perimeter_id)
def set_action(self, policy_id, perimeter_id=None, value=None):
- return self.__set_perimeter(Action, policy_id, perimeter_id=perimeter_id, value=value)
+ try:
+ return self.__set_perimeter(Action, ActionExisting, policy_id, perimeter_id=perimeter_id, value=value)
+ except sqlalchemy.exc.IntegrityError:
+ raise ActionExisting
def delete_action(self, policy_id, perimeter_id):
self.__delete_perimeter(Action, ActionUnknown, policy_id, perimeter_id)
query = query.filter_by(policy_id=policy_id, id=data_id, category_id=category_id)
ref = query.first()
if not ref:
+ value_wo_name = copy.deepcopy(value)
+ value_wo_name.pop("name", None)
new_ref = ClassTypeData.from_dict(
{
"id": data_id if data_id else uuid4().hex,
- 'value': value,
+ 'name': value["name"],
+ 'value': value_wo_name,
'category_id': category_id,
'policy_id': policy_id,
}
return self.__get_perimeter_data(SubjectData, policy_id, data_id=data_id, category_id=category_id)
def set_subject_data(self, policy_id, data_id=None, category_id=None, value=None):
- return self.__set_perimeter_data(Subject, SubjectData, policy_id, data_id=data_id, category_id=category_id, value=value)
+ try:
+ return self.__set_perimeter_data(Subject, SubjectData, policy_id, data_id=data_id, category_id=category_id, value=value)
+ except sqlalchemy.exc.IntegrityError:
+ raise SubjectScopeExisting
def delete_subject_data(self, policy_id, data_id):
return self.__delete_perimeter_data(SubjectData, policy_id, data_id)
return self.__get_perimeter_data(ObjectData, policy_id, data_id=data_id, category_id=category_id)
def set_object_data(self, policy_id, data_id=None, category_id=None, value=None):
- return self.__set_perimeter_data(Object, ObjectData, policy_id, data_id=data_id, category_id=category_id, value=value)
+ try:
+ return self.__set_perimeter_data(Object, ObjectData, policy_id, data_id=data_id, category_id=category_id, value=value)
+ except sqlalchemy.exc.IntegrityError:
+ raise ObjectScopeExisting
def delete_object_data(self, policy_id, data_id):
return self.__delete_perimeter_data(ObjectData, policy_id, data_id)
return self.__get_perimeter_data(ActionData, policy_id, data_id=data_id, category_id=category_id)
def set_action_data(self, policy_id, data_id=None, category_id=None, value=None):
- return self.__set_perimeter_data(Action, ActionData, policy_id, data_id=data_id, category_id=category_id, value=value)
+ try:
+ return self.__set_perimeter_data(Action, ActionData, policy_id, data_id=data_id, category_id=category_id, value=value)
+ except sqlalchemy.exc.IntegrityError:
+ raise ActionScopeExisting
def delete_action_data(self, policy_id, data_id):
return self.__delete_perimeter_data(ActionData, policy_id, data_id)
if data_id not in assignments:
assignments.append(data_id)
setattr(ref, "assignments", assignments)
+ else:
+ raise SubjectAssignmentExisting
else:
ref = SubjectAssignment.from_dict(
{
if data_id not in assignments:
assignments.append(data_id)
setattr(ref, "assignments", assignments)
+ else:
+ raise ObjectAssignmentExisting
else:
ref = ObjectAssignment.from_dict(
{
if data_id not in assignments:
assignments.append(data_id)
setattr(ref, "assignments", assignments)
+ else:
+ raise ActionAssignmentExisting
else:
ref = ActionAssignment.from_dict(
{
}
def add_rule(self, policy_id, meta_rule_id, value):
- with self.get_session_for_write() as session:
- query = session.query(Rule)
- query = query.filter_by(policy_id=policy_id, meta_rule_id=meta_rule_id)
- ref_list = query.all()
- rules = list(map(lambda x: x.rule, ref_list))
- if not rules or value not in rules:
- logger.info("add_rule IN IF")
+ try:
+ with self.get_session_for_write() as session:
ref = Rule.from_dict(
{
"id": uuid4().hex,
)
session.add(ref)
return {ref.id: ref.to_dict()}
- return {}
+ except sqlalchemy.exc.IntegrityError:
+ raise RuleExisting
def delete_rule(self, policy_id, rule_id):
with self.get_session_for_write() as session:
query = query.filter_by(id=model_id)
ref = query.first()
if ref:
+ value_wo_name = copy.deepcopy(value)
+ value_wo_name.pop("name", None)
+ setattr(ref, "name", value["name"])
d = dict(ref.value)
- d.update(value)
+ d.update(value_wo_name)
setattr(ref, "value", d)
return {ref.id: ref.to_dict()}
session.delete(ref)
def add_model(self, model_id=None, value=None):
- with self.get_session_for_write() as session:
- new = Model.from_dict({
- "id": model_id if model_id else uuid4().hex,
- "value": value
- })
- session.add(new)
- return {new.id: new.to_dict()}
+ try:
+ with self.get_session_for_write() as session:
+ value_wo_name = copy.deepcopy(value)
+ value_wo_name.pop("name", None)
+ new = Model.from_dict({
+ "id": model_id if model_id else uuid4().hex,
+ "name": value["name"],
+ "value": value_wo_name
+ })
+ session.add(new)
+ return {new.id: new.to_dict()}
+ except sqlalchemy.exc.IntegrityError as e:
+ raise ModelExisting
def get_models(self, model_id=None):
with self.get_session_for_read() as session:
ref_list = query.filter(Model.id == model_id)
else:
ref_list = query.all()
- return {_ref.id: _ref.to_dict() for _ref in ref_list}
+
+ r = {_ref.id: _ref.to_dict() for _ref in ref_list}
+ return r
def set_meta_rule(self, meta_rule_id, value):
with self.get_session_for_write() as session:
- query = session.query(MetaRule)
- query = query.filter_by(id=meta_rule_id)
- ref = query.first()
- if not ref:
- ref = MetaRule.from_dict(
- {
- "id": meta_rule_id if meta_rule_id else uuid4().hex,
- "value": value
- }
- )
- session.add(ref)
+ value_wo_other_data = copy.deepcopy(value)
+ value_wo_other_data.pop("name", None)
+ value_wo_other_data.pop("subject_categories", None)
+ value_wo_other_data.pop("object_categories", None)
+ value_wo_other_data.pop("action_categories", None)
+ if meta_rule_id is None:
+ try:
+ ref = MetaRule.from_dict(
+ {
+ "id": uuid4().hex,
+ "name": value["name"],
+ "subject_categories": value["subject_categories"],
+ "object_categories": value["object_categories"],
+ "action_categories": value["action_categories"],
+ "value": value_wo_other_data
+ }
+ )
+ session.add(ref)
+ except sqlalchemy.exc.IntegrityError as e:
+ raise MetaRuleExisting
else:
- setattr(ref, "value", value)
+ query = session.query(MetaRule)
+ query = query.filter_by(id=meta_rule_id)
+ ref = query.first()
+ setattr(ref, "name", value["name"])
+ setattr(ref, "subject_categories", value["subject_categories"])
+ setattr(ref, "object_categories", value["object_categories"])
+ setattr(ref, "action_categories", value["action_categories"])
+ setattr(ref, "value", value_wo_other_data)
return {ref.id: ref.to_dict()}
def get_meta_rules(self, meta_rule_id=None):
def __add_perimeter_category(self, ClassType, name, description, uuid=None):
with self.get_session_for_write() as session:
- query = session.query(ClassType)
- query = query.filter_by(name=name)
- ref = query.first()
- if not ref:
- ref = ClassType.from_dict(
- {
- "id": uuid if uuid else uuid4().hex,
- "name": name,
- "description": description
- }
- )
- session.add(ref)
+ ref = ClassType.from_dict(
+ {
+ "id": uuid if uuid else uuid4().hex,
+ "name": name,
+ "description": description
+ }
+ )
+ session.add(ref)
return {ref.id: ref.to_dict()}
def __delete_perimeter_category(self, ClassType, category_id):
return self.__get_perimeter_categories(SubjectCategory, category_id=category_id)
def add_subject_category(self, name, description, uuid=None):
- return self.__add_perimeter_category(SubjectCategory, name, description, uuid=uuid)
+ try:
+ return self.__add_perimeter_category(SubjectCategory, name, description, uuid=uuid)
+ except sql.exc.IntegrityError as e:
+ raise SubjectCategoryExisting()
def delete_subject_category(self, category_id):
self.__delete_perimeter_category(SubjectCategory, category_id)
return self.__get_perimeter_categories(ObjectCategory, category_id=category_id)
def add_object_category(self, name, description, uuid=None):
- return self.__add_perimeter_category(ObjectCategory, name, description, uuid=uuid)
+ try:
+ return self.__add_perimeter_category(ObjectCategory, name, description, uuid=uuid)
+ except sql.exc.IntegrityError as e:
+ raise ObjectCategoryExisting()
def delete_object_category(self, category_id):
self.__delete_perimeter_category(ObjectCategory, category_id)
def get_action_categories(self, category_id=None):
+
return self.__get_perimeter_categories(ActionCategory, category_id=category_id)
def add_action_category(self, name, description, uuid=None):
- return self.__add_perimeter_category(ActionCategory, name, description, uuid=uuid)
+ try:
+ return self.__add_perimeter_category(ActionCategory, name, description, uuid=uuid)
+ except sql.exc.IntegrityError as e:
+ raise ActionCategoryExisting()
def delete_action_category(self, category_id):
self.__delete_perimeter_category(ActionCategory, category_id)
'pdp',
meta,
sql.Column('id', sql.String(64), primary_key=True),
+ sql.Column('name', sql.String(256), nullable=False),
+ sql.Column('keystone_project_id', sql.String(64), nullable=True, default=""),
sql.Column('value', sql.Text(), nullable=True),
+ sql.UniqueConstraint('name', 'keystone_project_id', name='unique_constraint_models'),
mysql_engine='InnoDB',
mysql_charset='utf8')
table.create(migrate_engine, checkfirst=True)
'policies',
meta,
sql.Column('id', sql.String(64), primary_key=True),
+ sql.Column('name', sql.String(256), nullable=False),
+ sql.Column('model_id', sql.String(64), nullable=True, default=""),
sql.Column('value', sql.Text(), nullable=True),
+ sql.UniqueConstraint('name', 'model_id', name='unique_constraint_models'),
mysql_engine='InnoDB',
mysql_charset='utf8')
table.create(migrate_engine, checkfirst=True)
'models',
meta,
sql.Column('id', sql.String(64), primary_key=True),
+ sql.Column('name', sql.String(256), nullable=False),
sql.Column('value', sql.Text(), nullable=True),
+ sql.UniqueConstraint('name', name='unique_constraint_models'),
mysql_engine='InnoDB',
mysql_charset='utf8')
table.create(migrate_engine, checkfirst=True)
sql.Column('id', sql.String(64), primary_key=True),
sql.Column('name', sql.String(256), nullable=False),
sql.Column('description', sql.String(256), nullable=True),
+
+ sql.UniqueConstraint('name', name='unique_constraint_subject_categories'),
mysql_engine='InnoDB',
mysql_charset='utf8')
subject_categories_table.create(migrate_engine, checkfirst=True)
sql.Column('id', sql.String(64), primary_key=True),
sql.Column('name', sql.String(256), nullable=False),
sql.Column('description', sql.String(256), nullable=True),
+
+ sql.UniqueConstraint('name', name='unique_constraint_object_categories'),
mysql_engine='InnoDB',
mysql_charset='utf8')
object_categories_table.create(migrate_engine, checkfirst=True)
sql.Column('id', sql.String(64), primary_key=True),
sql.Column('name', sql.String(256), nullable=False),
sql.Column('description', sql.String(256), nullable=True),
+
+ sql.UniqueConstraint('name', name='unique_constraint_action_categories'),
mysql_engine='InnoDB',
mysql_charset='utf8')
action_categories_table.create(migrate_engine, checkfirst=True)
'subjects',
meta,
sql.Column('id', sql.String(64), primary_key=True),
+ sql.Column('name', sql.String(256), nullable=False),
sql.Column('value', sql.Text(), nullable=True),
+ sql.UniqueConstraint('name', name='unique_constraint_subjects'),
mysql_engine='InnoDB',
mysql_charset='utf8')
subjects_table.create(migrate_engine, checkfirst=True)
'objects',
meta,
sql.Column('id', sql.String(64), primary_key=True),
+ sql.Column('name', sql.String(256), nullable=False),
sql.Column('value', sql.Text(), nullable=True),
+ sql.UniqueConstraint('name', name='unique_constraint_objects'),
mysql_engine='InnoDB',
mysql_charset='utf8')
objects_table.create(migrate_engine, checkfirst=True)
'actions',
meta,
sql.Column('id', sql.String(64), primary_key=True),
+ sql.Column('name', sql.String(256), nullable=False),
sql.Column('value', sql.Text(), nullable=True),
+ sql.UniqueConstraint('name', name='unique_constraint_actions'),
mysql_engine='InnoDB',
mysql_charset='utf8')
actions_table.create(migrate_engine, checkfirst=True)
'subject_data',
meta,
sql.Column('id', sql.String(64), primary_key=True),
+ sql.Column('name', sql.String(256), nullable=False),
sql.Column('value', sql.Text(), nullable=True),
sql.Column('category_id', sql.ForeignKey("subject_categories.id"), nullable=False),
sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False),
+ sql.UniqueConstraint('name', 'category_id', 'policy_id', name='unique_constraint_subject_data'),
mysql_engine='InnoDB',
mysql_charset='utf8')
subject_data_table.create(migrate_engine, checkfirst=True)
'object_data',
meta,
sql.Column('id', sql.String(64), primary_key=True),
+ sql.Column('name', sql.String(256), nullable=False),
sql.Column('value', sql.Text(), nullable=True),
sql.Column('category_id', sql.ForeignKey("object_categories.id"), nullable=False),
sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False),
+ sql.UniqueConstraint('name', 'category_id', 'policy_id', name='unique_constraint_object_data'),
mysql_engine='InnoDB',
mysql_charset='utf8')
object_data_table.create(migrate_engine, checkfirst=True)
'action_data',
meta,
sql.Column('id', sql.String(64), primary_key=True),
+ sql.Column('name', sql.String(256), nullable=False),
sql.Column('value', sql.Text(), nullable=True),
sql.Column('category_id', sql.ForeignKey("action_categories.id"), nullable=False),
sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False),
+ sql.UniqueConstraint('name', 'category_id', 'policy_id', name='unique_constraint_action_data'),
mysql_engine='InnoDB',
mysql_charset='utf8')
action_data_table.create(migrate_engine, checkfirst=True)
sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False),
sql.Column('subject_id', sql.ForeignKey("subjects.id"), nullable=False),
sql.Column('category_id', sql.ForeignKey("subject_categories.id"), nullable=False),
+ sql.UniqueConstraint('policy_id', 'subject_id', 'category_id', name='unique_constraint_subject_assignment'),
mysql_engine='InnoDB',
mysql_charset='utf8')
subject_assignments_table.create(migrate_engine, checkfirst=True)
sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False),
sql.Column('object_id', sql.ForeignKey("objects.id"), nullable=False),
sql.Column('category_id', sql.ForeignKey("object_categories.id"), nullable=False),
+ sql.UniqueConstraint('policy_id', 'object_id', 'category_id', name='unique_constraint_object_assignment'),
mysql_engine='InnoDB',
mysql_charset='utf8')
object_assignments_table.create(migrate_engine, checkfirst=True)
sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False),
sql.Column('action_id', sql.ForeignKey("actions.id"), nullable=False),
sql.Column('category_id', sql.ForeignKey("action_categories.id"), nullable=False),
+ sql.UniqueConstraint('policy_id', 'action_id', 'category_id', name='unique_constraint_action_assignment'),
mysql_engine='InnoDB',
mysql_charset='utf8')
action_assignments_table.create(migrate_engine, checkfirst=True)
'meta_rules',
meta,
sql.Column('id', sql.String(64), primary_key=True),
+ sql.Column('name', sql.String(256), nullable=False),
+ sql.Column('subject_categories', sql.Text(), nullable=False),
+ sql.Column('object_categories', sql.Text(), nullable=False),
+ sql.Column('action_categories', sql.Text(), nullable=False),
sql.Column('value', sql.Text(), nullable=True),
+ sql.UniqueConstraint('name', name='unique_constraint_meta_rule_name'),
+ sql.UniqueConstraint('subject_categories', 'object_categories', 'action_categories', name='unique_constraint_meta_rule_def'),
mysql_engine='InnoDB',
mysql_charset='utf8')
meta_rules_table.create(migrate_engine, checkfirst=True)
sql.Column('rule', sql.Text(), nullable=True),
sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False),
sql.Column('meta_rule_id', sql.ForeignKey("meta_rules.id"), nullable=False),
+ sql.UniqueConstraint('rule', 'policy_id', 'meta_rule_id', name='unique_constraint_rule'),
mysql_engine='InnoDB',
mysql_charset='utf8')
rules_table.create(migrate_engine, checkfirst=True)
--- /dev/null
+import pytest
+import logging
+from python_moonutilities.exceptions import *
+
+logger = logging.getLogger("moon.db.tests.models.test_categories")
+
+
+def add_subject_category(cat_id=None, value=None):
+ from python_moondb.core import ModelManager
+ category = ModelManager.add_subject_category(user_id=None, category_id=cat_id, value=value)
+ return category
+
+
+def test_add_subject_category_twice():
+ category = add_subject_category(value={"name":"category name", "description":"description 1"})
+ assert category is not None
+ with pytest.raises(SubjectCategoryExisting):
+ add_subject_category(value={"name":"category name", "description":"description 2"})
+
+
+def add_object_category(cat_id=None, value=None):
+ from python_moondb.core import ModelManager
+ category = ModelManager.add_object_category(user_id=None, category_id=cat_id, value=value)
+ return category
+
+
+def test_add_object_category_twice():
+ category = add_object_category(value={"name":"category name", "description":"description 1"})
+ assert category is not None
+ with pytest.raises(ObjectCategoryExisting):
+ add_object_category(value={"name":"category name", "description":"description 2"})
+
+
+def add_action_category(cat_id=None, value=None):
+ from python_moondb.core import ModelManager
+ category = ModelManager.add_action_category(user_id=None, category_id=cat_id, value=value)
+ return category
+
+
+def test_add_action_category_twice():
+ category = add_action_category(value={"name":"category name", "description":"description 1"})
+ assert category is not None
+ with pytest.raises(ActionCategoryExisting):
+ add_action_category(value={"name":"category name", "description":"description 2"})
def test_get_specific_meta_rule_success(db):
# arrange
- add_meta_rule()
added_meta_rules = add_meta_rule()
added_meta_rule_id = list(added_meta_rules.keys())[0]
# action
import pytest
-
+from python_moonutilities.exceptions import *
+import logging
+logger = logging.getLogger("moon.db.tests.test_model")
def get_models(model_id=None):
from python_moondb.core import ModelManager
def add_model(model_id=None, value=None):
from python_moondb.core import ModelManager
if not value:
+ name = "MLS" if model_id is None else "MLS " + model_id
value = {
- "name": "MLS",
+ "name": name,
"description": "test",
"meta_rules": "meta_rule_mls_1"
}
ModelManager.delete_model(user_id=None, model_id=uuid)
+def delete_all_models():
+ from python_moondb.core import ModelManager
+ models_values = get_models()
+ print(models_values)
+ for model_id, model_value in models_values.items():
+ ModelManager.delete_model(user_id=None, model_id=model_id)
+
+
def update_model(model_id=None, value=None):
from python_moondb.core import ModelManager
return ModelManager.update_model(user_id=None, model_id=model_id, value=value)
assert isinstance(models, dict)
assert models # assert model is not empty
assert len(models) is 1
-
+ delete_all_models()
def test_get_specific_model(db):
# prepare
assert isinstance(models, dict)
assert models # assert model is not empty
assert len(models) is 1
-
+ delete_all_models()
def test_add_model(db):
# act
assert isinstance(model, dict)
assert model # assert model is not empty
assert len(model) is 1
+ delete_all_models()
def test_add_same_model_twice(db):
# prepare
add_model(model_id="model_1") # add model twice
# act
- with pytest.raises(Exception) as exception_info:
+ with pytest.raises(ModelExisting) as exception_info:
add_model(model_id="model_1")
- assert str(exception_info.value) == '409: Model Error'
+ delete_all_models()
+ #assert str(exception_info.value) == '409: Model Error'
def test_add_model_generate_new_uuid(db):
model2 = add_model(value=model_value2)
assert list(model1)[0] != list(model2)[0]
+ delete_all_models()
def test_add_models(db):
for key in ("name", "meta_rules", "description"):
assert key in models[model_id]
assert models[model_id][key] == model_value1[key]
+ delete_all_models()
def test_delete_models(db):
# assert
models = get_models()
assert id not in models
+ delete_all_models()
def test_update_model(db):
model = add_model(value=model_value)
model_id = list(model)[0]
new_model_value = {
- "name": "MLS",
+ "name": "MLS2",
"description": "test",
"meta_rules": "meta_rule_mls_2"
}
for key in ("name", "meta_rules", "description"):
assert key in model[model_id]
- assert model[model_id][key] == new_model_value[key]
\ No newline at end of file
+ assert model[model_id][key] == new_model_value[key]
+ delete_all_models()
\ No newline at end of file
-def create_meta_rule():
+def create_meta_rule(meta_rule_name="meta_rule1", category_prefix=""):
meta_rule_value = {
- "name": "meta_rule1",
+ "name": meta_rule_name,
"algorithm": "name of the meta rule algorithm",
- "subject_categories": ["subject_category_id1",
- "subject_category_id2"],
- "object_categories": ["object_category_id1"],
- "action_categories": ["action_category_id1"]
+ "subject_categories": [category_prefix + "subject_category_id1",
+ category_prefix + "subject_category_id2"],
+ "object_categories": [category_prefix +"object_category_id1"],
+ "action_categories": [category_prefix +"action_category_id1"]
}
return meta_rule_value
-def create_model(meta_rule_id):
+def create_model(meta_rule_id, model_name="test_model"):
value = {
- "name": "test_model",
+ "name": model_name,
"description": "test",
"meta_rules": [meta_rule_id]
return value
-def create_policy(model_id):
+def create_policy(model_id, policy_name="policy_1"):
value = {
- "name": "policy_1",
+ "name": policy_name,
"model_id": model_id,
"genre": "authz",
"description": "test",
return value
-def get_policy_id():
+def get_policy_id(model_name="test_model", policy_name="policy_1", meta_rule_name="meta_rule1", category_prefix=""):
import policies.test_policies as test_policies
import models.test_models as test_models
import models.test_meta_rules as test_meta_rules
- meta_rule = test_meta_rules.add_meta_rule(value=create_meta_rule())
+ meta_rule = test_meta_rules.add_meta_rule(value=create_meta_rule(meta_rule_name, category_prefix))
meta_rule_id = list(meta_rule.keys())[0]
- model = test_models.add_model(value=create_model(meta_rule_id))
+ model = test_models.add_model(value=create_model(meta_rule_id, model_name))
model_id = list(model.keys())[0]
- value = create_policy(model_id)
+ value = create_policy(model_id, policy_name)
policy = test_policies.add_policies(value=value)
assert policy
policy_id = list(policy.keys())[0]
import policies.mock_data as mock_data
-
+from python_moonutilities.exceptions import *
+import pytest
def get_action_assignments(policy_id, action_id=None, category_id=None):
from python_moondb.core import PolicyManager
assert len(action_assignments[action_id_1].get("assignments")) == 1
assert data_id in action_assignments[action_id_1].get("assignments")
+ with pytest.raises(ActionAssignmentExisting) as exception_info:
+ add_action_assignment(policy_id, action_id, category_id, data_id)
def test_delete_action_assignment(db):
policy_id = mock_data.get_policy_id()
add_action_assignment(policy_id, "", "", "")
- policy_id = mock_data.get_policy_id()
+ policy_id = mock_data.get_policy_id(model_name="test_model2", policy_name="policy_2", meta_rule_name="meta_rule2", category_prefix="_")
action_id = "action_id_2"
category_id = "category_id_2"
data_id = "data_id_2"
assert len(object_assignments[object_id_1].get("assignments")) == 1
assert data_id in object_assignments[object_id_1].get("assignments")
+ with pytest.raises(ObjectAssignmentExisting):
+ add_object_assignment(policy_id, object_id, category_id, data_id)
+
def test_delete_object_assignment(db):
policy_id = mock_data.get_policy_id()
assert len(subject_assignments[subject_id_1].get("assignments")) == 1
assert data_id in subject_assignments[subject_id_1].get("assignments")
+ with pytest.raises(SubjectAssignmentExisting):
+ add_subject_assignment(policy_id, subject_id, category_id, data_id)
+
def test_delete_subject_assignment(db):
policy_id = mock_data.get_policy_id()
import policies.mock_data as mock_data
import pytest
+import logging
+from python_moonutilities.exceptions import *
+
+logger = logging.getLogger("python_moondb.tests.api.test_data")
def get_action_data(policy_id, data_id=None, category_id=None):
action_data_id = list(action_data.keys())[0]
assert action_data[action_data_id].get('policy_id') == policy_id
+ with pytest.raises(ActionScopeExisting) as exception_info:
+ add_action_data(policy_id, category_id=category_id, value=value).get('data')
+
def test_add_action_data_with_invalid_category_id(db):
policy_id = mock_data.get_policy_id()
object_data_id = list(object_data.keys())[0]
assert object_data[object_data_id].get('policy_id') == policy_id
+ with pytest.raises(ObjectScopeExisting) as exception_info:
+ add_object_data(policy_id, category_id=category_id, value=value).get('data')
+
def test_add_object_data_with_invalid_category_id(db):
policy_id = mock_data.get_policy_id()
assert subject_data
subject_data_id = list(subject_data.keys())[0]
assert subject_data[subject_data_id].get('policy_id') == policy_id
+ with pytest.raises(SubjectScopeExisting):
+ add_subject_data(policy_id, category_id=category_id, value=value).get('data')
def test_add_subject_data_with_no_category_id(db):
action_id = list(action.keys())[0]
assert len(action[action_id].get('policy_list')) == 1
+ with pytest.raises(ActionExisting):
+ add_action(policy_id=policy_id, value=value)
+
def test_add_action_multiple_times(db):
policy_id = mock_data.get_policy_id()
"description": "test",
}
action = add_action(policy_id=policy_id, value=value)
+ logger.info("action : {}".format(action))
action_id = list(action.keys())[0]
perimeter_id = action[action_id].get('id')
assert action
"description": "test",
"policy_list": ['policy_id_3', 'policy_id_4']
}
- action = add_action(mock_data.get_policy_id(), perimeter_id, value)
+ action = add_action(mock_data.get_policy_id(model_name="test_model2", policy_name="policy_2", meta_rule_name="meta_rule2", category_prefix="_"), perimeter_id, value)
+ logger.info("action : {}".format(action))
assert action
action_id = list(action.keys())[0]
assert len(action[action_id].get('policy_list')) == 2
object_id = list(added_object.keys())[0]
assert len(added_object[object_id].get('policy_list')) == 1
+ with pytest.raises(ObjectExisting):
+ add_object(policy_id=policy_id, value=value)
+
def test_add_objects_multiple_times(db):
policy_id = mock_data.get_policy_id()
"description": "test",
"policy_list": ['policy_id_3', 'policy_id_4']
}
- added_object = add_object(mock_data.get_policy_id(), perimeter_id, value)
+ added_object = add_object(mock_data.get_policy_id(model_name="test_model2", policy_name="policy_2", meta_rule_name="meta_rule2", category_prefix="_"), perimeter_id, value)
assert added_object
object_id = list(added_object.keys())[0]
assert len(added_object[object_id].get('policy_list')) == 2
subject_id = list(subject.keys())[0]
assert len(subject[subject_id].get('policy_list')) == 1
+ with pytest.raises(SubjectExisting):
+ add_subject(policy_id=policy_id, value=value)
+
def test_add_subjects_multiple_times(db):
policy_id = mock_data.get_policy_id()
"description": "test",
"policy_list": ['policy_id_3', 'policy_id_4']
}
- subject = add_subject(mock_data.get_policy_id(), perimeter_id, value)
+ subject = add_subject(mock_data.get_policy_id(model_name="test_model2", policy_name="policy_2", meta_rule_name="meta_rule2", category_prefix="_"), perimeter_id, value)
assert subject
subject_id = list(subject.keys())[0]
assert len(subject[subject_id].get('policy_list')) == 2
import pytest
import policies.mock_data as mock_data
-
+from python_moonutilities.exceptions import *
def get_policies():
from python_moondb.core import PolicyManager
"description": "test",
}
add_policies(policy_id, value)
- with pytest.raises(Exception) as exception_info:
+ with pytest.raises(PolicyExisting) as exception_info:
add_policies(policy_id, value)
- assert str(exception_info.value) == '409: Policy Error'
+ #assert str(exception_info.value) == '409: Policy Error'
def test_delete_policies(db):
def test_delete_policies_with_invalid_id(db):
policy_id = 'policy_id_1'
- with pytest.raises(Exception) as exception_info:
+ with pytest.raises(PolicyUnknown) as exception_info:
delete_policies(policy_id)
- assert str(exception_info.value) == '400: Policy Unknown'
+ #assert str(exception_info.value) == '400: Policy Unknown'
def test_update_policy(db):
"genre": "authz",
"description": "test-3",
}
- with pytest.raises(Exception) as exception_info:
+ with pytest.raises(PolicyUnknown) as exception_info:
update_policy(policy_id, value)
- assert str(exception_info.value) == '400: Policy Unknown'
+ #assert str(exception_info.value) == '400: Policy Unknown'
def test_get_policy_from_meta_rules(db):
assert key in rules[rule_id]
assert rules[rule_id][key] == value[key]
+ with pytest.raises(RuleExisting):
+ add_rule(policy_id, meta_rule_id, value)
+
def test_delete_rule(db):
value = {
1.4.7
-----
-- Delete the auth.py file to remove some code duplication
\ No newline at end of file
+- Delete the auth.py file to remove some code duplication
+
+1.4.8
+-----
+- Add SubjectScopeExisting, ObjectScopeExisting, ActionScopeExisting exceptions
\ No newline at end of file
# license which can be found in the file 'LICENSE' in this package distribution
# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-__version__ = "1.4.7"
+__version__ = "1.4.8"
logger = "ERROR"
+class SubjectExisting(AdminPerimeter):
+ description = _("The given subject is existing.")
+ code = 409
+ title = 'Subject Existing'
+ logger = "ERROR"
+
+
+class ObjectExisting(AdminPerimeter):
+ description = _("The given object is existing.")
+ code = 409
+ title = 'Object Existing'
+ logger = "ERROR"
+
+
+class ActionExisting(AdminPerimeter):
+ description = _("The given action is existing.")
+ code = 409
+ title = 'Action Existing'
+ logger = "ERROR"
+
class SubjectNameExisting(AdminPerimeter):
description = _("The given subject name is existing.")
code = 400
logger = "ERROR"
+class SubjectScopeExisting(AdminScope):
+ description = _("The given subject scope is existing.")
+ code = 409
+ title = 'Subject Scope Existing'
+ logger = "ERROR"
+
+
+class ObjectScopeExisting(AdminScope):
+ description = _("The given object scope is existing.")
+ code = 409
+ title = 'Object Scope Existing'
+ logger = "ERROR"
+
+
+class ActionScopeExisting(AdminScope):
+ description = _("The given action scope is existing.")
+ code = 409
+ title = 'Action Scope Existing'
+ logger = "ERROR"
+
+
class SubjectScopeNameExisting(AdminScope):
description = _("The given subject scope name is existing.")
code = 400
Code Review / moon.git / commitdiff