from cliff.show import ShowOne
-class RulesList(ShowOne):
+class RulesList(Lister):
"""List all aggregation algorithms."""
log = logging.getLogger(__name__)
def get_parser(self, prog_name):
parser = super(RulesList, self).get_parser(prog_name)
+ parser.add_argument(
+ 'submetarule_id',
+ metavar='<submetarule-uuid>',
+ help='Sub Meta Rule UUID',
+ )
parser.add_argument(
'--intraextension',
metavar='<intraextension-uuid>',
)
return parser
+ def __get_subject_category_name(self, intraextension, category_id):
+ data = self.app.get_url("/v3/OS-MOON/intra_extensions/{}/subject_categories".format(intraextension),
+ authtoken=True)
+ if category_id in data:
+ return data[category_id]["name"]
+
+ def __get_object_category_name(self, intraextension, category_id):
+ data = self.app.get_url("/v3/OS-MOON/intra_extensions/{}/object_categories".format(intraextension),
+ authtoken=True)
+ if category_id in data:
+ return data[category_id]["name"]
+
+ def __get_action_category_name(self, intraextension, category_id):
+ data = self.app.get_url("/v3/OS-MOON/intra_extensions/{}/action_categories".format(intraextension),
+ authtoken=True)
+ if category_id in data:
+ return data[category_id]["name"]
+
+ def __get_subject_scope_name(self, intraextension, category_id, scope_id):
+ data = self.app.get_url("/v3/OS-MOON/intra_extensions/{}/subject_scopes/{}".format(intraextension, category_id),
+ authtoken=True)
+ if scope_id in data:
+ return data[scope_id]["name"]
+ return scope_id
+
+ def __get_object_scope_name(self, intraextension, category_id, scope_id):
+ data = self.app.get_url("/v3/OS-MOON/intra_extensions/{}/object_scopes/{}".format(intraextension, category_id),
+ authtoken=True)
+ if scope_id in data:
+ return data[scope_id]["name"]
+ return scope_id
+
+ def __get_action_scope_name(self, intraextension, category_id, scope_id):
+ data = self.app.get_url("/v3/OS-MOON/intra_extensions/{}/action_scopes/{}".format(intraextension, category_id),
+ authtoken=True)
+ if scope_id in data:
+ return data[scope_id]["name"]
+ return scope_id
+
+ def __get_headers(self, intraextension, submetarule_id):
+ headers = list()
+ headers.append("")
+ headers.append("id")
+ self.sub_meta_rules = self.app.get_url("/v3/OS-MOON/intra_extensions/{}/sub_meta_rules".format(intraextension),
+ authtoken=True)
+ for cat in self.sub_meta_rules[submetarule_id]["subject_categories"]:
+ headers.append("s:" + self.__get_subject_category_name(intraextension, cat))
+ for cat in self.sub_meta_rules[submetarule_id]["action_categories"]:
+ headers.append("a:" + self.__get_action_category_name(intraextension, cat))
+ for cat in self.sub_meta_rules[submetarule_id]["object_categories"]:
+ headers.append("o:" + self.__get_object_category_name(intraextension, cat))
+ headers.append("enabled")
+ return headers
+
+ def __get_data(self, intraextension, submetarule_id, data_dict):
+ rules = list()
+ cpt = 0
+ for key in data_dict:
+ sub_rule = list()
+ sub_rule.append(cpt)
+ cpt += 1
+ sub_rule.append(key)
+ rule_item = list(data_dict[key])
+ for cat in self.sub_meta_rules[submetarule_id]["subject_categories"]:
+ sub_rule.append(self.__get_subject_scope_name(intraextension, cat, rule_item.pop(0)))
+ for cat in self.sub_meta_rules[submetarule_id]["action_categories"]:
+ sub_rule.append(self.__get_action_scope_name(intraextension, cat, rule_item.pop(0)))
+ for cat in self.sub_meta_rules[submetarule_id]["object_categories"]:
+ sub_rule.append(self.__get_object_scope_name(intraextension, cat, rule_item.pop(0)))
+ sub_rule.append(rule_item.pop(0))
+ rules.append(sub_rule)
+ return rules
+
def take_action(self, parsed_args):
if not parsed_args.intraextension:
parsed_args.intraextension = self.app.intraextension
- data = self.app.get_url("/v3/OS-MOON/intra_extensions/{}/sub_rules".format(
- parsed_args.intraextension),
+ data = self.app.get_url("/v3/OS-MOON/intra_extensions/{}/rule/{}".format(
+ parsed_args.intraextension,
+ parsed_args.submetarule_id,
+ ),
authtoken=True)
- if "sub_rules" not in data:
- raise Exception("Error in command {}: {}".format("RulesList", data))
- # TODO (dthom): a better view with a Lister
+ self.log.debug(data)
+ headers = self.__get_headers(parsed_args.intraextension, parsed_args.submetarule_id)
+ data_list = self.__get_data(parsed_args.intraextension, parsed_args.submetarule_id, data)
return (
- ("sub_rules",),
- (data["sub_rules"],)
+ headers,
+ data_list
)
-class RuleAdd(ShowOne):
+class RuleAdd(Command):
"""List the current aggregation algorithm."""
log = logging.getLogger(__name__)
def get_parser(self, prog_name):
parser = super(RuleAdd, self).get_parser(prog_name)
parser.add_argument(
- 'relation',
- metavar='<relation-uuid>',
- help='Relation UUID',
+ 'submetarule_id',
+ metavar='<submetarule-uuid>',
+ help='Sub Meta Rule UUID',
)
+ # parser.add_argument(
+ # 'relation',
+ # metavar='<relation-uuid>',
+ # help='Relation UUID',
+ # )
parser.add_argument(
'rule',
metavar='<argument-list>',
- help='Rule list (example: admin,vm_admin,servers)',
+ help='Rule list (example: admin,start,servers) with that ordering: subject, action, object',
)
parser.add_argument(
'--intraextension',
)
return parser
+ # def __get_subject_category_name(self, intraextension, category_id):
+ # data = self.app.get_url("/v3/OS-MOON/intra_extensions/{}/subject_categories".format(intraextension),
+ # authtoken=True)
+ # if category_id in data:
+ # return data[category_id]["name"]
+ #
+ # def __get_object_category_name(self, intraextension, category_id):
+ # data = self.app.get_url("/v3/OS-MOON/intra_extensions/{}/object_categories".format(intraextension),
+ # authtoken=True)
+ # if category_id in data:
+ # return data[category_id]["name"]
+ #
+ # def __get_action_category_name(self, intraextension, category_id):
+ # data = self.app.get_url("/v3/OS-MOON/intra_extensions/{}/action_categories".format(intraextension),
+ # authtoken=True)
+ # if category_id in data:
+ # return data[category_id]["name"]
+
+ def __get_subject_scope_id(self, intraextension, category_id, scope_name):
+ data = self.app.get_url("/v3/OS-MOON/intra_extensions/{}/subject_scopes/{}".format(intraextension, category_id),
+ authtoken=True)
+ self.log.debug("__get_subject_scope_id {}".format(data))
+ for scope_id in data:
+ if data[scope_id]["name"] == scope_name:
+ return scope_id
+ return scope_name
+
+ def __get_object_scope_id(self, intraextension, category_id, scope_name):
+ data = self.app.get_url("/v3/OS-MOON/intra_extensions/{}/object_scopes/{}".format(intraextension, category_id),
+ authtoken=True)
+ self.log.debug("__get_action_scope_id {}".format(data))
+ for scope_id in data:
+ if data[scope_id]["name"] == scope_name:
+ return scope_id
+ return scope_name
+
+ def __get_action_scope_id(self, intraextension, category_id, scope_name):
+ data = self.app.get_url("/v3/OS-MOON/intra_extensions/{}/action_scopes/{}".format(intraextension, category_id),
+ authtoken=True)
+ self.log.debug("__get_object_scope_id {}".format(data))
+ for scope_id in data:
+ if data[scope_id]["name"] == scope_name:
+ return scope_id
+ return scope_name
+
def take_action(self, parsed_args):
if not parsed_args.intraextension:
parsed_args.intraextension = self.app.intraextension
- rule = parsed_args.rule.split(",")
+ self.sub_meta_rules = self.app.get_url("/v3/OS-MOON/intra_extensions/{}/sub_meta_rules".format(
+ parsed_args.intraextension),
+ authtoken=True)
+ new_rule = map(lambda x: x.strip(), parsed_args.rule.split(","))
post = {
- "rule": rule,
- "relation": parsed_args.relation
+ "subject_categories": [],
+ "object_categories": [],
+ "action_categories": [],
+ "enabled": True
}
- data = self.app.get_url("/v3/OS-MOON/intra_extensions/{intraextension}/sub_rules".format(
- intraextension=parsed_args.intraextension),
+ for cat in self.sub_meta_rules[parsed_args.submetarule_id]["subject_categories"]:
+ self.log.debug("annalysing s {}".format(cat))
+ post["subject_categories"].append(self.__get_subject_scope_id(
+ parsed_args.intraextension, cat, new_rule.pop(0))
+ )
+ for cat in self.sub_meta_rules[parsed_args.submetarule_id]["action_categories"]:
+ self.log.debug("annalysing a {}".format(cat))
+ post["action_categories"].append(self.__get_action_scope_id(
+ parsed_args.intraextension, cat, new_rule.pop(0))
+ )
+ for cat in self.sub_meta_rules[parsed_args.submetarule_id]["object_categories"]:
+ self.log.debug("annalysing o {}".format(cat))
+ post["object_categories"].append(self.__get_object_scope_id(
+ parsed_args.intraextension, cat, new_rule.pop(0))
+ )
+ data = self.app.get_url("/v3/OS-MOON/intra_extensions/{}/rule/{}".format(
+ parsed_args.intraextension, parsed_args.submetarule_id),
post_data=post,
authtoken=True)
- if "sub_rules" not in data:
- raise Exception("Error in command {}: {}".format("RuleAdd", data))
- return (
- ("sub_rules",),
- (data["sub_rules"],)
- )
-class RuleDelete(ShowOne):
+class RuleDelete(Command):
"""Set the current aggregation algorithm."""
log = logging.getLogger(__name__)
def get_parser(self, prog_name):
parser = super(RuleDelete, self).get_parser(prog_name)
parser.add_argument(
- 'relation',
- metavar='<relation-uuid>',
- help='Relation UUID',
+ 'submetarule_id',
+ metavar='<submetarule-uuid>',
+ help='Sub Meta Rule UUID',
)
parser.add_argument(
- 'rule',
- metavar='<argument-list>',
- help='Rule list (example: admin,vm_admin,servers)',
+ 'rule_id',
+ metavar='<rule-uuid>',
+ help='Rule UUID',
)
parser.add_argument(
'--intraextension',
def take_action(self, parsed_args):
if not parsed_args.intraextension:
parsed_args.intraextension = self.app.intraextension
- rule = "+".join(parsed_args.rule.split(","))
- data = self.app.get_url(
- "/v3/OS-MOON/intra_extensions/{intra_extensions_id}/sub_rules/{relation_name}/{rule}".format(
+ self.app.get_url(
+ "/v3/OS-MOON/intra_extensions/{intra_extensions_id}/rule/{submetarule_id}/{rule_id}".format(
intra_extensions_id=parsed_args.intraextension,
- relation_name=parsed_args.relation,
- rule=rule,
+ submetarule_id=parsed_args.submetarule_id,
+ rule_id=parsed_args.rule_id
),
method="DELETE",
authtoken=True)
- if "sub_rules" not in data:
- raise Exception("Error in command {}: {}".format("RuleDelete", data))
- return (
- ("sub_rules",),
- (data["sub_rules"],)
- )
--- /dev/null
+{
+ "command_options": "-f value",
+ "tests_group": {
+ "authz": [
+ {
+ "name": "list tenant",
+ "command": "tenant list",
+ "result": "(?!alt_demo)",
+ "description": "Check if tenant alt_demo is used."
+ },
+ {
+ "name": "add tenant alt_demo",
+ "command": "tenant add alt_demo",
+ "result": "^$",
+ "description": "Add a new tenant",
+ "command_options": ""
+ },
+ {
+ "name": "check tenant alt_demo",
+ "command": "tenant list",
+ "result": "(?P<uuid>\\w+)\\s+alt_demo",
+ "description": "Check that tenant alt_demo has been correctly added"
+ },
+ {
+ "name": "create_intraextension_authz",
+ "command": "intraextension create --policy_model policy_authz authz_test",
+ "result": "IntraExtension created: (?P<uuid_authz>\\w+)",
+ "description": "Create an authz intra extension",
+ "command_options": ""
+ },
+ {
+ "name": "list_intraextension_authz",
+ "command": "intraextension list",
+ "result": "$uuid_authz",
+ "description": "Check the existence of that authz intra extension"
+ },
+ {
+ "name": "set_tenant_authz",
+ "command": "tenant set --authz $uuid_authz $uuid",
+ "result": "",
+ "description": "Connect the authz intra extension to the tenant alt_demo",
+ "command_options": ""
+ },
+ {
+ "name": "select_authz_ie",
+ "command": "intraextension select $uuid_authz",
+ "result": "Select $uuid_authz IntraExtension.",
+ "description": "Select the authz IntraExtension",
+ "command_options": ""
+ },
+ {
+ "name": "check_select_authz_ie",
+ "command": "intraextension show selected",
+ "result": "$uuid_authz",
+ "description": "Check the selected authz IntraExtension",
+ "command_options": "-c id -f value"
+ },
+
+ {
+ "name": "check_submetarules",
+ "command": "submetarule show",
+ "result": "(?P<submetarule_uuid>\\w+)\\s+subject_security_level",
+ "description": "Get one submetarule ID",
+ "command_options": "-c id -c \"subject categories\" -f value"
+ },
+ {
+ "name": "list_subject_categories",
+ "command": "subject category list",
+ "result": "(?P<category_slevel_uuid>\\w+)\\s+subject_security_level",
+ "description": "Get one subject category.",
+ "command_options": "-c id -c name -f value"
+ },
+ {
+ "name": "list_action_categories",
+ "command": "action category list",
+ "result": "(?P<category_action_uuid>\\w+)\\s+resource_action",
+ "description": "Get one action category.",
+ "command_options": "-c id -c name -f value"
+ },
+ {
+ "name": "list_object_categories",
+ "command": "object category list",
+ "result": "(?P<category_object_uuid>\\w+)\\s+object_security_level",
+ "description": "Get one object category.",
+ "command_options": "-c id -c name -f value"
+ },
+ {
+ "name": "add_subject_scope",
+ "command": "subject scope add $category_slevel_uuid very_high",
+ "result": "^$",
+ "description": "Add one new scope.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_subject_scope",
+ "command": "subject scope list $category_slevel_uuid",
+ "result": "(?P<scope_subject>\\s+very_high)",
+ "description": "Get the ID of the new scope.",
+ "command_options": "-c id -c name -f value"
+ },
+ {
+ "name": "get_one_action_scope",
+ "command": "action scope list $category_action_uuid",
+ "result": "(?P<scope_action>\\s+storage_admin)",
+ "description": "Get the ID of one action scope.",
+ "command_options": "-c id -c name -f value"
+ },
+ {
+ "name": "get_one_object_scope",
+ "command": "object scope list $category_object_uuid",
+ "result": "(?P<scope_object>\\s+high)",
+ "description": "Get the ID of one object scope.",
+ "command_options": "-c id -c name -f value"
+ },
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid \"very_high,storage_admin,high\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid",
+ "result": "(?P<rule_id>\\w+)\\s+very_high\\s+storage_admin\\s+high",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value"
+ },
+ {
+ "name": "delete_added_rule",
+ "command": "rule delete $submetarule_uuid $rule_id",
+ "result": "^$",
+ "description": "Delete the added rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_deleted_rule",
+ "command": "rule list $submetarule_uuid",
+ "result": "(?!very_high)",
+ "description": "Check that the rule was correctly deleted.",
+ "command_options": "-c s:subject_security_level -f value"
+ },
+
+ {
+ "name": "delete_authz_intra_extension",
+ "command": "intraextension delete $uuid_authz",
+ "result": "",
+ "description": "Delete the authz intra extension",
+ "command_options": ""
+ },
+ {
+ "name": "list_intraextension_authz",
+ "command": "intraextension list",
+ "result": "(?!$uuid_authz)",
+ "description": "Check the existence of that authz intra extension"
+ },
+ {
+ "name": "delete_tenant",
+ "command": "tenant delete $uuid",
+ "result": "",
+ "description": "Delete the tenant alt_demo",
+ "command_options": ""
+ },
+ {
+ "name": "list tenant",
+ "command": "tenant list",
+ "result": "(?!alt_demo)",
+ "description": "Check if tenant alt_demo is used."
+ }
+ ],
+ "authz_and_admin": [
+ {
+ "name": "list tenant",
+ "command": "tenant list",
+ "result": "(?!alt_demo)",
+ "description": "Check if tenant alt_demo is used."
+ },
+ {
+ "name": "add tenant alt_demo",
+ "command": "tenant add alt_demo",
+ "result": "^$",
+ "description": "Add a new tenant",
+ "command_options": ""
+ },
+ {
+ "name": "check tenant alt_demo",
+ "command": "tenant list",
+ "result": "(?P<uuid>\\w+)\\s+alt_demo",
+ "description": "Check that tenant alt_demo has been correctly added"
+ },
+ {
+ "name": "create_intraextension_authz",
+ "command": "intraextension create --policy_model policy_authz authz_test",
+ "result": "IntraExtension created: (?P<uuid_authz>\\w+)",
+ "description": "Create an authz intra extension",
+ "command_options": ""
+ },
+ {
+ "name": "list_intraextension_authz",
+ "command": "intraextension list",
+ "result": "$uuid_authz",
+ "description": "Check the existence of that authz intra extension"
+ },
+ {
+ "name": "create_intraextension_admin",
+ "command": "intraextension create --policy_model policy_admin admin_test",
+ "result": "IntraExtension created: (?P<uuid_admin>\\w+)",
+ "description": "Create an admin intra extension",
+ "command_options": ""
+ },
+ {
+ "name": "list_intraextension_admin",
+ "command": "intraextension list",
+ "result": "$uuid_admin",
+ "description": "Check the existence of that admin intra extension"
+ },
+ {
+ "name": "set_tenant_authz",
+ "command": "tenant set --authz $uuid_authz $uuid",
+ "result": "",
+ "description": "Connect the authz intra extension to the tenant demo",
+ "command_options": ""
+ },
+ {
+ "name": "set_tenant_admin",
+ "command": "tenant set --admin $uuid_admin $uuid",
+ "result": "",
+ "description": "Connect the authz intra extension to the tenant alt_demo",
+ "command_options": ""
+ },
+ {
+ "name": "check tenant alt_demo and authz ie",
+ "command": "tenant list",
+ "result": "alt_demo $uuid_authz",
+ "description": "Check that authz intra extension has been correctly added to the tenant.",
+ "command_options": "-c name -c intra_authz_extension_id -f value"
+ },
+ {
+ "name": "check tenant alt_demo and admin ie",
+ "command": "tenant list",
+ "result": "$uuid_admin",
+ "description": "Check that admin intra extension has been correctly added to the tenant.",
+ "command_options": "-c intra_admin_extension_id -f value"
+ },
+ {
+ "name": "select_authz_ie",
+ "command": "intraextension select $uuid_authz",
+ "result": "Select $uuid_authz IntraExtension.",
+ "description": "Select the authz IntraExtension",
+ "command_options": ""
+ },
+ {
+ "name": "check_select_authz_ie",
+ "command": "intraextension show selected",
+ "result": "$uuid_authz",
+ "description": "Check the selected authz IntraExtension",
+ "command_options": "-c id -f value"
+ },
+
+ {
+ "name": "check_submetarules",
+ "command": "submetarule show",
+ "result": "(?P<submetarule_uuid>\\w+)\\s+subject_security_level",
+ "description": "Get one submetarule ID",
+ "command_options": "-c id -c \"subject categories\" -f value"
+ },
+ {
+ "name": "list_subject_categories",
+ "command": "subject category list",
+ "result": "(?P<category_slevel_uuid>\\w+)\\s+subject_security_level",
+ "description": "Get one subject category.",
+ "command_options": "-c id -c name -f value"
+ },
+ {
+ "name": "list_action_categories",
+ "command": "action category list",
+ "result": "(?P<category_action_uuid>\\w+)\\s+resource_action",
+ "description": "Get one action category.",
+ "command_options": "-c id -c name -f value"
+ },
+ {
+ "name": "list_object_categories",
+ "command": "object category list",
+ "result": "(?P<category_object_uuid>\\w+)\\s+object_security_level",
+ "description": "Get one object category.",
+ "command_options": "-c id -c name -f value"
+ },
+ {
+ "name": "add_subject_scope",
+ "command": "subject scope add $category_slevel_uuid very_high",
+ "result": "^$",
+ "description": "Add one new scope.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_subject_scope",
+ "command": "subject scope list $category_slevel_uuid",
+ "result": "(?P<scope_subject>\\s+very_high)",
+ "description": "Get the ID of the new scope.",
+ "command_options": "-c id -c name -f value"
+ },
+ {
+ "name": "get_one_action_scope",
+ "command": "action scope list $category_action_uuid",
+ "result": "(?P<scope_action>\\s+storage_admin)",
+ "description": "Get the ID of one action scope.",
+ "command_options": "-c id -c name -f value"
+ },
+ {
+ "name": "get_one_object_scope",
+ "command": "object scope list $category_object_uuid",
+ "result": "(?P<scope_object>\\s+high)",
+ "description": "Get the ID of one object scope.",
+ "command_options": "-c id -c name -f value"
+ },
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid \"very_high,storage_admin,high\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid",
+ "result": "(?P<rule_id>\\w+)\\s+very_high\\s+storage_admin\\s+high",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value"
+ },
+ {
+ "name": "delete_added_rule",
+ "command": "rule delete $submetarule_uuid $rule_id",
+ "result": "^$",
+ "description": "Delete the added rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_deleted_rule",
+ "command": "rule list $submetarule_uuid",
+ "result": "(?!very_high)",
+ "description": "Check that the rule was correctly deleted.",
+ "command_options": "-c s:subject_security_level -f value"
+ },
+
+ {
+ "name": "delete_authz_intra_extension",
+ "command": "intraextension delete $uuid_authz",
+ "result": "",
+ "description": "Delete the authz intra extension",
+ "command_options": ""
+ },
+ {
+ "name": "list_intraextension_authz",
+ "command": "intraextension list",
+ "result": "(?!$uuid_authz)",
+ "description": "Check the existence of that authz intra extension"
+ },
+ {
+ "name": "delete_tenant",
+ "command": "tenant delete $uuid",
+ "result": "",
+ "description": "Delete the tenant alt_demo",
+ "command_options": ""
+ },
+ {
+ "name": "list tenant",
+ "command": "tenant list",
+ "result": "(?!alt_demo)",
+ "description": "Check if tenant alt_demo is used."
+ }
+ ]
+ }
+}
\ No newline at end of file
Code Review / moon.git / commitdiff