Policy enforcement - add cleaning action rules

Simulation purges data populated by murano driver in congress. Test creates rules as its prerequisites. Change-Id: Ia002b60ad5ba0d831e73b69f660a38c4f5e35f20 Closes-Bug: #1439595
2015-04-13 18:17:16 +02:00 · 2015-04-13 18:17:16 +02:00 · eea9b5a631
parent 5f545f413f
commit eea9b5a631
4 changed files with 57 additions and 46 deletions
--- a/murano/policy/model_policy_enforcer.py
+++ b/murano/policy/model_policy_enforcer.py
@ -66,9 +66,14 @@ class ModelPolicyEnforcer(object):
        rules = congress_rules.CongressRulesManager().convert(
            model, class_loader, self._environment.tenant_id)

-        rules_str = " ".join(map(str, rules))
+        rules_str = map(str, rules)
+        env_id = model['?']['id']
+        # cleanup of data populated by murano driver
+        rules_str.insert(0, 'deleteEnv("{0}")'.format(env_id))
+
+        rules_line = " ".join(rules_str)
        LOG.debug('Congress rules: \n  ' +
-                  '\n  '.join(map(str, rules)))
+                  '\n  '.join(rules_str))

        validation_result = client.execute_policy_action(
            "murano_system",
@ -76,12 +81,11 @@ class ModelPolicyEnforcer(object):
            False,
            False,
            {'query': 'predeploy_errors(eid, oid, msg)',
-             'action_policy': 'action',
-             'sequence': rules_str})
+             'action_policy': 'murano_action',
+             'sequence': rules_line})

        if validation_result["result"]:

-            env_id = model['?']['id']
            messages = self._parse_messages(env_id,
                                            validation_result["result"])

--- a/murano/tests/functional/engine/rules_murano_action.txt
+++ b/murano/tests/functional/engine/rules_murano_action.txt
@ -0,0 +1,18 @@
+action("deleteEnv")
+
+murano:states-(eid,st) :- deleteEnv(eid), murano:states( eid, st)
+
+murano:parent_types-(tid, type) :- deleteEnv(eid), murano:connected(eid, tid),murano:parent_types(tid,type)
+murano:parent_types-(eid, type) :- deleteEnv(eid), murano:parent_types(eid,type)
+
+murano:properties-(oid, pn, pv) :- deleteEnv(eid), murano:connected( eid, oid),murano:properties(oid, pn, pv)
+murano:properties-(eid, pn, pv) :- deleteEnv(eid), murano:properties(eid, pn, pv)
+
+murano:objects-(oid, pid, ot) :- deleteEnv(eid), murano:connected(eid, oid), murano:objects(oid, pid, ot)
+murano:objects-(eid, tnid, ot) :- deleteEnv(eid), murano:objects(eid, tnid, ot)
+
+murano:relationships-(sid,tid, rt) :- deleteEnv(eid), murano:connected( eid, sid), murano:relationships( sid, tid, rt)
+murano:relationships-(eid,tid, rt) :- deleteEnv(eid), murano:relationships( eid, tid, rt)
+
+murano:connected-(tid, tid2) :- deleteEnv(eid), murano:connected(eid, tid), murano:connected(tid,tid2)
+murano:connected-(eid,tid) :- deleteEnv(eid), murano:connected(eid,tid)
--- a/murano/tests/functional/engine/rules_murano_system.txt
+++ b/murano/tests/functional/engine/rules_murano_system.txt
@ -0,0 +1,4 @@
+missing_key("")
+invalid_flavor_name("really.bad.flavor")
+predeploy_errors(eid, obj_id, msg) :- murano:objects(obj_id, eid, type), murano:properties(obj_id, "flavor", flavor_name), invalid_flavor_name(flavor_name), murano:properties(obj_id, "name", obj_name), concat(obj_name, ": bad flavor", msg)
+predeploy_errors(eid, obj_id, msg) :- murano:objects(obj_id, eid, type), murano:properties(obj_id, "keyname", key_name), missing_key(key_name), murano:properties(obj_id, "name", obj_name), concat(obj_name, ": missing key", msg)
--- a/murano/tests/functional/engine/test_policy_enf.py
+++ b/murano/tests/functional/engine/test_policy_enf.py
@ -23,26 +23,6 @@ import testtools
 import murano.tests.functional.common.tempest_utils as tempest_utils
 import murano.tests.functional.common.utils as common_utils

-CONGRESS_RULES = ['invalid_flavor_name("really.bad.flavor")',
-                  'murano_env_of_object(oid,eid):-'
-                  'murano:connected(eid,oid),'
-                  'murano:objects(eid,tid,"io.murano.Environment")',
-                  'predeploy_errors(eid, obj_id, msg):-'
-                  'murano:objects(obj_id, pid, type),'
-                  'murano_env_of_object(obj_id, eid),'
-                  'murano:properties(obj_id, "flavor", flavor_name),'
-                  'invalid_flavor_name(flavor_name),'
-                  'murano:properties(obj_id, "name", obj_name),'
-                  'concat(obj_name, ": bad flavor", msg)',
-                  'predeploy_errors(eid, obj_id, msg):-'
-                  'murano:objects(obj_id, pid, type),'
-                  'murano_env_of_object(obj_id, eid),'
-                  'murano:properties(obj_id, "keyname", key_name),'
-                  'missing_key(key_name),'
-                  'murano:properties(obj_id, "name", obj_name),'
-                  'concat(obj_name, ": missing key", msg)',
-                  'missing_key("")']
-

 class PolicyEnforcement(testtools.TestCase,
                        tempest_utils.TempestDeployTestMixin):
@ -57,21 +37,18 @@ class PolicyEnforcement(testtools.TestCase,
    def setUpClass(cls):
        super(PolicyEnforcement, cls).setUpClass()

-        with common_utils.ignored(Exception):
-            cls.congress_client().create_policy(
-                cls.create_policy_req('murano_system'))
-            cls.congress_client().create_policy(
-                cls.create_policy_req('murano'))
+        cls._create_policy(["murano", "murano_system"])
+        cls._create_policy(["murano_action"], kind="action")

        with common_utils.ignored(murano_exceptions.HTTPInternalServerError):
-            cls.upload_policy_enf_app()
+            cls._upload_policy_enf_app()

    @classmethod
    def tearDownClass(cls):
        cls.purge_uploaded_packages()

    @classmethod
-    def upload_policy_enf_app(cls):
+    def _upload_policy_enf_app(cls):
        app_dir = 'io.murano.apps.test.PolicyEnforcementTestApp'
        zip_file_path = cls.zip_dir(os.path.dirname(__file__), app_dir)
        cls.init_list("_package_files")
@ -81,24 +58,32 @@ class PolicyEnforcement(testtools.TestCase,
            {"categories": ["Web"], "tags": ["tag"]},
            zip_file_path)

-    def setUp(self):
-        super(PolicyEnforcement, self).setUp()
-        self.rules = []
-
-        rule_posts = [{"rule": rule} for rule in CONGRESS_RULES]
-        for rule_post in rule_posts:
-            with common_utils.ignored(keystone_exceptions.Conflict):
-                self.rules.append(self.congress_client().create_policy_rule(
-                    'murano_system',
-                    rule_post))
-
    def tearDown(self):
        super(PolicyEnforcement, self).tearDown()
        self.purge_environments()

-        for rule in self.rules:
-            self.congress_client().delete_policy_rule(
-                "murano_system", rule["id"])
+    @classmethod
+    def _create_policy(cls, policy_names, kind=None):
+        for name in policy_names:
+            policy_req = {"name": name}
+            if kind:
+                policy_req["kind"] = kind
+            with common_utils.ignored(keystone_exceptions.Conflict):
+                cls.congress_client().create_policy(policy_req)
+
+            rules = []
+            rules_file = os.path.join(
+                os.path.dirname(__file__),
+                "rules_" + name + ".txt")
+
+            if os.path.isfile(rules_file):
+                with open(rules_file) as f:
+                    rules = [rule.strip() for rule in f.readlines()
+                             if rule.strip()]
+            for rule in rules:
+                with common_utils.ignored(keystone_exceptions.Conflict):
+                    cls.congress_client().create_policy_rule(name,
+                                                             {'rule': rule})

    def _create_test_app(self, flavor, key):
        """Application create request body