From eea9b5a63108c359f22a1f8c5c8936a06e50a1b8 Mon Sep 17 00:00:00 2001 From: Filip Blaha Date: Mon, 13 Apr 2015 18:17:16 +0200 Subject: [PATCH] Policy enforcement - add cleaning action rules Simulation purges data populated by murano driver in congress. Test creates rules as its prerequisites. Change-Id: Ia002b60ad5ba0d831e73b69f660a38c4f5e35f20 Closes-Bug: #1439595 --- murano/policy/model_policy_enforcer.py | 14 ++-- .../functional/engine/rules_murano_action.txt | 18 +++++ .../functional/engine/rules_murano_system.txt | 4 ++ .../functional/engine/test_policy_enf.py | 67 +++++++------------ 4 files changed, 57 insertions(+), 46 deletions(-) create mode 100644 murano/tests/functional/engine/rules_murano_action.txt create mode 100644 murano/tests/functional/engine/rules_murano_system.txt diff --git a/murano/policy/model_policy_enforcer.py b/murano/policy/model_policy_enforcer.py index 5eed8c093..571161848 100644 --- a/murano/policy/model_policy_enforcer.py +++ b/murano/policy/model_policy_enforcer.py @@ -66,9 +66,14 @@ class ModelPolicyEnforcer(object): rules = congress_rules.CongressRulesManager().convert( model, class_loader, self._environment.tenant_id) - rules_str = " ".join(map(str, rules)) + rules_str = map(str, rules) + env_id = model['?']['id'] + # cleanup of data populated by murano driver + rules_str.insert(0, 'deleteEnv("{0}")'.format(env_id)) + + rules_line = " ".join(rules_str) LOG.debug('Congress rules: \n ' + - '\n '.join(map(str, rules))) + '\n '.join(rules_str)) validation_result = client.execute_policy_action( "murano_system", @@ -76,12 +81,11 @@ class ModelPolicyEnforcer(object): False, False, {'query': 'predeploy_errors(eid, oid, msg)', - 'action_policy': 'action', - 'sequence': rules_str}) + 'action_policy': 'murano_action', + 'sequence': rules_line}) if validation_result["result"]: - env_id = model['?']['id'] messages = self._parse_messages(env_id, validation_result["result"]) diff --git a/murano/tests/functional/engine/rules_murano_action.txt b/murano/tests/functional/engine/rules_murano_action.txt new file mode 100644 index 000000000..442c277a7 --- /dev/null +++ b/murano/tests/functional/engine/rules_murano_action.txt @@ -0,0 +1,18 @@ +action("deleteEnv") + +murano:states-(eid,st) :- deleteEnv(eid), murano:states( eid, st) + +murano:parent_types-(tid, type) :- deleteEnv(eid), murano:connected(eid, tid),murano:parent_types(tid,type) +murano:parent_types-(eid, type) :- deleteEnv(eid), murano:parent_types(eid,type) + +murano:properties-(oid, pn, pv) :- deleteEnv(eid), murano:connected( eid, oid),murano:properties(oid, pn, pv) +murano:properties-(eid, pn, pv) :- deleteEnv(eid), murano:properties(eid, pn, pv) + +murano:objects-(oid, pid, ot) :- deleteEnv(eid), murano:connected(eid, oid), murano:objects(oid, pid, ot) +murano:objects-(eid, tnid, ot) :- deleteEnv(eid), murano:objects(eid, tnid, ot) + +murano:relationships-(sid,tid, rt) :- deleteEnv(eid), murano:connected( eid, sid), murano:relationships( sid, tid, rt) +murano:relationships-(eid,tid, rt) :- deleteEnv(eid), murano:relationships( eid, tid, rt) + +murano:connected-(tid, tid2) :- deleteEnv(eid), murano:connected(eid, tid), murano:connected(tid,tid2) +murano:connected-(eid,tid) :- deleteEnv(eid), murano:connected(eid,tid) \ No newline at end of file diff --git a/murano/tests/functional/engine/rules_murano_system.txt b/murano/tests/functional/engine/rules_murano_system.txt new file mode 100644 index 000000000..728754da1 --- /dev/null +++ b/murano/tests/functional/engine/rules_murano_system.txt @@ -0,0 +1,4 @@ +missing_key("") +invalid_flavor_name("really.bad.flavor") +predeploy_errors(eid, obj_id, msg) :- murano:objects(obj_id, eid, type), murano:properties(obj_id, "flavor", flavor_name), invalid_flavor_name(flavor_name), murano:properties(obj_id, "name", obj_name), concat(obj_name, ": bad flavor", msg) +predeploy_errors(eid, obj_id, msg) :- murano:objects(obj_id, eid, type), murano:properties(obj_id, "keyname", key_name), missing_key(key_name), murano:properties(obj_id, "name", obj_name), concat(obj_name, ": missing key", msg) \ No newline at end of file diff --git a/murano/tests/functional/engine/test_policy_enf.py b/murano/tests/functional/engine/test_policy_enf.py index 6065e01ec..f5ebf6cd6 100644 --- a/murano/tests/functional/engine/test_policy_enf.py +++ b/murano/tests/functional/engine/test_policy_enf.py @@ -23,26 +23,6 @@ import testtools import murano.tests.functional.common.tempest_utils as tempest_utils import murano.tests.functional.common.utils as common_utils -CONGRESS_RULES = ['invalid_flavor_name("really.bad.flavor")', - 'murano_env_of_object(oid,eid):-' - 'murano:connected(eid,oid),' - 'murano:objects(eid,tid,"io.murano.Environment")', - 'predeploy_errors(eid, obj_id, msg):-' - 'murano:objects(obj_id, pid, type),' - 'murano_env_of_object(obj_id, eid),' - 'murano:properties(obj_id, "flavor", flavor_name),' - 'invalid_flavor_name(flavor_name),' - 'murano:properties(obj_id, "name", obj_name),' - 'concat(obj_name, ": bad flavor", msg)', - 'predeploy_errors(eid, obj_id, msg):-' - 'murano:objects(obj_id, pid, type),' - 'murano_env_of_object(obj_id, eid),' - 'murano:properties(obj_id, "keyname", key_name),' - 'missing_key(key_name),' - 'murano:properties(obj_id, "name", obj_name),' - 'concat(obj_name, ": missing key", msg)', - 'missing_key("")'] - class PolicyEnforcement(testtools.TestCase, tempest_utils.TempestDeployTestMixin): @@ -57,21 +37,18 @@ class PolicyEnforcement(testtools.TestCase, def setUpClass(cls): super(PolicyEnforcement, cls).setUpClass() - with common_utils.ignored(Exception): - cls.congress_client().create_policy( - cls.create_policy_req('murano_system')) - cls.congress_client().create_policy( - cls.create_policy_req('murano')) + cls._create_policy(["murano", "murano_system"]) + cls._create_policy(["murano_action"], kind="action") with common_utils.ignored(murano_exceptions.HTTPInternalServerError): - cls.upload_policy_enf_app() + cls._upload_policy_enf_app() @classmethod def tearDownClass(cls): cls.purge_uploaded_packages() @classmethod - def upload_policy_enf_app(cls): + def _upload_policy_enf_app(cls): app_dir = 'io.murano.apps.test.PolicyEnforcementTestApp' zip_file_path = cls.zip_dir(os.path.dirname(__file__), app_dir) cls.init_list("_package_files") @@ -81,24 +58,32 @@ class PolicyEnforcement(testtools.TestCase, {"categories": ["Web"], "tags": ["tag"]}, zip_file_path) - def setUp(self): - super(PolicyEnforcement, self).setUp() - self.rules = [] - - rule_posts = [{"rule": rule} for rule in CONGRESS_RULES] - for rule_post in rule_posts: - with common_utils.ignored(keystone_exceptions.Conflict): - self.rules.append(self.congress_client().create_policy_rule( - 'murano_system', - rule_post)) - def tearDown(self): super(PolicyEnforcement, self).tearDown() self.purge_environments() - for rule in self.rules: - self.congress_client().delete_policy_rule( - "murano_system", rule["id"]) + @classmethod + def _create_policy(cls, policy_names, kind=None): + for name in policy_names: + policy_req = {"name": name} + if kind: + policy_req["kind"] = kind + with common_utils.ignored(keystone_exceptions.Conflict): + cls.congress_client().create_policy(policy_req) + + rules = [] + rules_file = os.path.join( + os.path.dirname(__file__), + "rules_" + name + ".txt") + + if os.path.isfile(rules_file): + with open(rules_file) as f: + rules = [rule.strip() for rule in f.readlines() + if rule.strip()] + for rule in rules: + with common_utils.ignored(keystone_exceptions.Conflict): + cls.congress_client().create_policy_rule(name, + {'rule': rule}) def _create_test_app(self, flavor, key): """Application create request body