diff --git a/.travis/policy.json b/.travis/policy.json new file mode 100644 index 0000000..e5a1de2 --- /dev/null +++ b/.travis/policy.json @@ -0,0 +1,188 @@ +{ + "policy_A": { + "groups": { + "group_A": { + "CERTIFICATE": { + "LOCATE": "ALLOW_OWNER", + "CHECK": "ALLOW_OWNER", + "GET": "ALLOW_OWNER", + "GET_ATTRIBUTES": "ALLOW_OWNER", + "GET_ATTRIBUTE_LIST": "ALLOW_OWNER", + "ADD_ATTRIBUTE": "ALLOW_OWNER", + "MODIFY_ATTRIBUTE": "ALLOW_OWNER", + "DELETE_ATTRIBUTE": "ALLOW_OWNER", + "OBTAIN_LEASE": "ALLOW_OWNER", + "ACTIVATE": "ALLOW_OWNER", + "REVOKE": "ALLOW_OWNER", + "DESTROY": "ALLOW_OWNER", + "ARCHIVE": "ALLOW_OWNER", + "RECOVER": "ALLOW_OWNER" + } + } + }, + "default": { + "CERTIFICATE": { + "LOCATE": "ALLOW_ALL", + "CHECK": "ALLOW_ALL", + "GET": "ALLOW_ALL", + "GET_ATTRIBUTES": "ALLOW_ALL", + "GET_ATTRIBUTE_LIST": "ALLOW_ALL", + "ADD_ATTRIBUTE": "ALLOW_OWNER", + "MODIFY_ATTRIBUTE": "ALLOW_OWNER", + "DELETE_ATTRIBUTE": "ALLOW_OWNER", + "OBTAIN_LEASE": "ALLOW_ALL", + "ACTIVATE": "ALLOW_OWNER", + "REVOKE": "ALLOW_OWNER", + "DESTROY": "ALLOW_OWNER", + "ARCHIVE": "ALLOW_OWNER", + "RECOVER": "ALLOW_OWNER" + }, + "SYMMETRIC_KEY": { + "REKEY": "ALLOW_OWNER", + "REKEY_KEY_PAIR": "ALLOW_OWNER", + "DERIVE_KEY": "ALLOW_OWNER", + "LOCATE": "ALLOW_OWNER", + "CHECK": "ALLOW_OWNER", + "GET": "ALLOW_OWNER", + "GET_ATTRIBUTES": "ALLOW_OWNER", + "GET_ATTRIBUTE_LIST": "ALLOW_OWNER", + "ADD_ATTRIBUTE": "ALLOW_OWNER", + "MODIFY_ATTRIBUTE": "ALLOW_OWNER", + "DELETE_ATTRIBUTE": "ALLOW_OWNER", + "OBTAIN_LEASE": "ALLOW_OWNER", + "GET_USAGE_ALLOCATION": "ALLOW_OWNER", + "ACTIVATE": "ALLOW_OWNER", + "REVOKE": "ALLOW_OWNER", + "DESTROY": "ALLOW_OWNER", + "ARCHIVE": "ALLOW_OWNER", + "RECOVER": "ALLOW_OWNER" + }, + "PUBLIC_KEY": { + "LOCATE": "ALLOW_ALL", + "CHECK": "ALLOW_ALL", + "GET": "ALLOW_ALL", + "GET_ATTRIBUTES": "ALLOW_ALL", + "GET_ATTRIBUTE_LIST": "ALLOW_ALL", + "ADD_ATTRIBUTE": "ALLOW_OWNER", + "MODIFY_ATTRIBUTE": "ALLOW_OWNER", + "DELETE_ATTRIBUTE": "ALLOW_OWNER", + "OBTAIN_LEASE": "ALLOW_ALL", + "ACTIVATE": "ALLOW_OWNER", + "REVOKE": "ALLOW_OWNER", + "DESTROY": "ALLOW_OWNER", + "ARCHIVE": "ALLOW_OWNER", + "RECOVER": "ALLOW_OWNER" + }, + "PRIVATE_KEY": { + "REKEY": "ALLOW_OWNER", + "REKEY_KEY_PAIR": "ALLOW_OWNER", + "DERIVE_KEY": "ALLOW_OWNER", + "LOCATE": "ALLOW_OWNER", + "CHECK": "ALLOW_OWNER", + "GET": "ALLOW_OWNER", + "GET_ATTRIBUTES": "ALLOW_OWNER", + "GET_ATTRIBUTE_LIST": "ALLOW_OWNER", + "ADD_ATTRIBUTE": "ALLOW_OWNER", + "MODIFY_ATTRIBUTE": "ALLOW_OWNER", + "DELETE_ATTRIBUTE": "ALLOW_OWNER", + "OBTAIN_LEASE": "ALLOW_OWNER", + "GET_USAGE_ALLOCATION": "ALLOW_OWNER", + "ACTIVATE": "ALLOW_OWNER", + "REVOKE": "ALLOW_OWNER", + "DESTROY": "ALLOW_OWNER", + "ARCHIVE": "ALLOW_OWNER", + "RECOVER": "ALLOW_OWNER" + }, + "SPLIT_KEY": { + "REKEY": "ALLOW_OWNER", + "REKEY_KEY_PAIR": "ALLOW_OWNER", + "DERIVE_KEY": "ALLOW_OWNER", + "LOCATE": "ALLOW_OWNER", + "CHECK": "ALLOW_OWNER", + "GET": "ALLOW_OWNER", + "GET_ATTRIBUTES": "ALLOW_OWNER", + "GET_ATTRIBUTE_LIST": "ALLOW_OWNER", + "ADD_ATTRIBUTE": "ALLOW_OWNER", + "MODIFY_ATTRIBUTE": "ALLOW_OWNER", + "DELETE_ATTRIBUTE": "ALLOW_OWNER", + "OBTAIN_LEASE": "ALLOW_OWNER", + "GET_USAGE_ALLOCATION": "ALLOW_OWNER", + "ACTIVATE": "ALLOW_OWNER", + "REVOKE": "ALLOW_OWNER", + "DESTROY": "ALLOW_OWNER", + "ARCHIVE": "ALLOW_OWNER", + "RECOVER": "ALLOW_OWNER" + }, + "TEMPLATE": { + "LOCATE": "ALLOW_OWNER", + "GET": "ALLOW_OWNER", + "GET_ATTRIBUTES": "ALLOW_OWNER", + "GET_ATTRIBUTE_LIST": "ALLOW_OWNER", + "ADD_ATTRIBUTE": "ALLOW_OWNER", + "MODIFY_ATTRIBUTE": "ALLOW_OWNER", + "DELETE_ATTRIBUTE": "ALLOW_OWNER", + "DESTROY": "ALLOW_OWNER" + }, + "SECRET_DATA": { + "REKEY": "ALLOW_OWNER", + "REKEY_KEY_PAIR": "ALLOW_OWNER", + "DERIVE_KEY": "ALLOW_OWNER", + "LOCATE": "ALLOW_OWNER", + "CHECK": "ALLOW_OWNER", + "GET": "ALLOW_OWNER", + "GET_ATTRIBUTES": "ALLOW_OWNER", + "GET_ATTRIBUTE_LIST": "ALLOW_OWNER", + "ADD_ATTRIBUTE": "ALLOW_OWNER", + "MODIFY_ATTRIBUTE": "ALLOW_OWNER", + "DELETE_ATTRIBUTE": "ALLOW_OWNER", + "OBTAIN_LEASE": "ALLOW_OWNER", + "GET_USAGE_ALLOCATION": "ALLOW_OWNER", + "ACTIVATE": "ALLOW_OWNER", + "REVOKE": "ALLOW_OWNER", + "DESTROY": "ALLOW_OWNER", + "ARCHIVE": "ALLOW_OWNER", + "RECOVER": "ALLOW_OWNER" + }, + "OPAQUE_DATA": { + "REKEY": "ALLOW_OWNER", + "REKEY_KEY_PAIR": "ALLOW_OWNER", + "DERIVE_KEY": "ALLOW_OWNER", + "LOCATE": "ALLOW_OWNER", + "CHECK": "ALLOW_OWNER", + "GET": "ALLOW_OWNER", + "GET_ATTRIBUTES": "ALLOW_OWNER", + "GET_ATTRIBUTE_LIST": "ALLOW_OWNER", + "ADD_ATTRIBUTE": "ALLOW_OWNER", + "MODIFY_ATTRIBUTE": "ALLOW_OWNER", + "DELETE_ATTRIBUTE": "ALLOW_OWNER", + "OBTAIN_LEASE": "ALLOW_OWNER", + "GET_USAGE_ALLOCATION": "ALLOW_OWNER", + "ACTIVATE": "ALLOW_OWNER", + "REVOKE": "ALLOW_OWNER", + "DESTROY": "ALLOW_OWNER", + "ARCHIVE": "ALLOW_OWNER", + "RECOVER": "ALLOW_OWNER" + }, + "PGP_KEY": { + "REKEY": "ALLOW_OWNER", + "REKEY_KEY_PAIR": "ALLOW_OWNER", + "DERIVE_KEY": "ALLOW_OWNER", + "LOCATE": "ALLOW_OWNER", + "CHECK": "ALLOW_OWNER", + "GET": "ALLOW_OWNER", + "GET_ATTRIBUTES": "ALLOW_OWNER", + "GET_ATTRIBUTE_LIST": "ALLOW_OWNER", + "ADD_ATTRIBUTE": "ALLOW_OWNER", + "MODIFY_ATTRIBUTE": "ALLOW_OWNER", + "DELETE_ATTRIBUTE": "ALLOW_OWNER", + "OBTAIN_LEASE": "ALLOW_OWNER", + "GET_USAGE_ALLOCATION": "ALLOW_OWNER", + "ACTIVATE": "ALLOW_OWNER", + "REVOKE": "ALLOW_OWNER", + "DESTROY": "ALLOW_OWNER", + "ARCHIVE": "ALLOW_OWNER", + "RECOVER": "ALLOW_OWNER" + } + } + } +} diff --git a/.travis/run.sh b/.travis/run.sh index 77e2b03..50277bf 100755 --- a/.travis/run.sh +++ b/.travis/run.sh @@ -5,11 +5,13 @@ set -x if [[ "${RUN_INTEGRATION_TESTS}" == "1" ]]; then sudo mkdir -p /etc/pykmip/certs + sudo mkdir -p /etc/pykmip/policies cd /etc/pykmip/certs sudo openssl req -x509 -subj "/CN=test" -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes cd - sudo cp ./.travis/pykmip.conf /etc/pykmip/pykmip.conf sudo cp ./.travis/server.conf /etc/pykmip/server.conf + sudo cp ./.travis/policy.json /etc/pykmip/policies/policy.json sudo mkdir /var/log/pykmip sudo chmod 777 /var/log/pykmip python ./bin/run_server.py & @@ -17,4 +19,3 @@ if [[ "${RUN_INTEGRATION_TESTS}" == "1" ]]; then else tox fi - diff --git a/.travis/server.conf b/.travis/server.conf index f0ddd68..61f18a3 100644 --- a/.travis/server.conf +++ b/.travis/server.conf @@ -6,3 +6,4 @@ key_path=/etc/pykmip/certs/key.pem ca_path=/etc/pykmip/certs/cert.pem auth_suite=Basic enable_tls_client_auth=False +policy_path=/etc/pykmip/policies/