Update fake keystone config for latest

- change role from _member_ to Member
- also bumpup webui version

db/test_data/conv_in.yaml

@@ -37,7 +37,7 @@ policies:
   - is_owner
   effect: allow
   id: member_statement
-  principal: _member_
+  principal: Member
   resource:
     path: /v2.0/network/[^/]+/?$
     properties:
@@ -49,7 +49,7 @@ policies:
   - is_owner
   effect: allow
   id: member_statement2
-  principal: _member_
+  principal: Member
   resource:
     path: /v2.0/networks/?$
     properties:

docs/source/policy.rst

@@ -57,7 +57,7 @@ Example policy
       tenant_id: 8bab8453-1bc9-45af-8c70-f83aa9b50453
     effect: allow
     id: member_statement
-    principal: _member_
+    principal: Member
     resource:
       path: /v2.0/network/[^/]+/?$
       properties:
@@ -69,7 +69,7 @@ Example policy
     - is_owner
     effect: allow
     id: member_statement2
-    principal: _member_
+    principal: Member
     resource:
       path: /v2.0/networks/?$
       properties:
@@ -81,7 +81,7 @@ Example policy
     - is_owner
     effect: allow
     id: member_statement2
-    principal: _member_
+    principal: Member
     resource:
       path: /v2.0/server/?$
 

etc/example_schema.yaml

@@ -118,21 +118,21 @@ policies:
 - action: read
   effect: allow
   id: policy1
-  principal: _member_
+  principal: Member
   resource:
     path: /gohan/v0.1/schemas*
 # Allow to read pets
 - action: read
   effect: allow
   id: policy2
-  principal: _member_
+  principal: Member
   resource:
     path: /v1.0/store/pets
 # Allow to read orders
 - action: read
   effect: allow
   id: policy3
-  principal: _member_
+  principal: Member
   condition:
   - is_owner
   resource:
@@ -141,7 +141,7 @@ policies:
 - action: create
   effect: allow
   id: policy4
-  principal: _member_
+  principal: Member
   resource:
     path: /v1.0/store/orders
   condition:

examples/policy/README.md

@@ -36,7 +36,7 @@ policies:
 - action: read # limit for only read
   effect: allow # allow access
   id: member_schema # unique id for this policy
-  principal: _member_ # member role
+  principal: Member # member role
   resource:
     path: /gohan/v0.1/schemas* # resource path
 # Allow access for member_resource
@@ -45,7 +45,7 @@ policies:
   - is_owner # access limited only if a member is owner of the resource
   effect: allow # allow access
   id: member_policy
-  principal: _member_
+  principal: Member
   resource:
     path: /v0.1/member_resources*
     properties: # limit properties here

examples/policy/example_schema.yaml

@@ -3,15 +3,15 @@ policies:
 - action: read
   effect: allow
   id: member_schema
-  principal: _member_
+  principal: Member
   resource:
     path: /gohan/v0.1/schemas*
 - action: '*'
   condition:
   - is_owner
   effect: allow
   id: member_policy
-  principal: _member_
+  principal: Member
   resource:
     path: /v0.1/member_resources*
     properties:

schema/policy_test.go

@@ -39,7 +39,7 @@ var _ = Describe("Policies", func() {
 			Expect(manager.LoadSchemaFromFile(schemaPath)).To(Succeed())
 
 			adminAuth = NewAuthorization(adminTenantID, "admin", "fake_token", []string{"admin"}, nil)
-			memberAuth = NewAuthorization(demoTenantID, "demo", "fake_token", []string{"_member_"}, nil)
+			memberAuth = NewAuthorization(demoTenantID, "demo", "fake_token", []string{"Member"}, nil)
 		})
 
 		AfterEach(func() {
@@ -56,19 +56,19 @@ var _ = Describe("Policies", func() {
 		It("creates network as member", func() {
 			memberPolicy, role := manager.PolicyValidate("create", "/v2.0/networks", memberAuth)
 			Expect(memberPolicy).NotTo(BeNil())
-			Expect(role.Match("_member_")).To(BeTrue())
+			Expect(role.Match("Member")).To(BeTrue())
 		})
 
 		It("creates network as member - long url", func() {
 			memberPolicy, role := manager.PolicyValidate("create", "/v2.0/networks/red", memberAuth)
 			Expect(memberPolicy).NotTo(BeNil())
-			Expect(role.Match("_member_")).To(BeTrue())
-			Expect(memberPolicy.RequireOwner()).To(BeTrue(), "_member_ should require ownership")
+			Expect(role.Match("Member")).To(BeTrue())
+			Expect(memberPolicy.RequireOwner()).To(BeTrue(), "Member should require ownership")
 		})
 
 		It("creates subnet as member", func() {
 			memberPolicy, role := manager.PolicyValidate("create", "/v2.0/network/test1/subnets", memberAuth)
-			Expect(memberPolicy).To(BeNil(), "_member_ should not be allowed to touch subnet %v", memberPolicy)
+			Expect(memberPolicy).To(BeNil(), "Member should not be allowed to touch subnet %v", memberPolicy)
 			Expect(role).To(BeNil())
 		})
 	})

server/middleware/fake.go

@@ -112,7 +112,7 @@ var fakeTokens = map[string]interface{}{
 				"name": "demo",
 				"roles": []role{
 					role{
-						Name: "_member_",
+						Name: "Member",
 					},
 				},
 				"roles_links": map[string]interface{}{},
@@ -129,7 +129,7 @@ var fakeTokens = map[string]interface{}{
 				"name": "power_user",
 				"roles": []role{
 					role{
-						Name: "_member_",
+						Name: "Member",
 					},
 				},
 				"roles_links": map[string]interface{}{},

server/resources/resource_management_test.go

@@ -56,7 +56,7 @@ var _ = Describe("Resource manager", func() {
 		manager = schema.GetManager()
 
 		adminAuth = schema.NewAuthorization(adminTenantID, "admin", adminTokenID, []string{"admin"}, nil)
-		memberAuth = schema.NewAuthorization(memberTenantID, "demo", memberTokenID, []string{"_member_"}, nil)
+		memberAuth = schema.NewAuthorization(memberTenantID, "demo", memberTokenID, []string{"Member"}, nil)
 		timelimit = time.Duration(1) * time.Second
 		auth = adminAuth
 

server/server_test.go

@@ -402,21 +402,21 @@ var _ = Describe("Server package test", func() {
 			Expect(result).To(HaveKeyWithValue("network", networkExpected))
 
 			result = testURL("GET", baseURL+"/_all", memberTokenID, nil, http.StatusOK)
-			Expect(result).To(HaveLen(4))
+			Expect(result).To(HaveLen(5))
 			Expect(result).To(HaveKeyWithValue("networks", []interface{}{networkExpected}))
 			Expect(result).To(HaveKey("schemas"))
 			Expect(result).To(HaveKey("tests"))
 
 			testURL("GET", baseURL+"/v2.0/network/unknownID", memberTokenID, nil, http.StatusNotFound)
 
 			testURL("POST", subnetPluralURL, memberTokenID, getSubnet("red", "red", "networkred"), http.StatusUnauthorized)
-			testURL("GET", getSubnetSingularURL("red"), memberTokenID, nil, http.StatusUnauthorized)
+			testURL("GET", getSubnetSingularURL("red"), memberTokenID, nil, http.StatusNotFound)
 			testURL("PUT", getSubnetSingularURL("red"), memberTokenID, getSubnet("red", "red", "networkred"), http.StatusUnauthorized)
 
 			testURL("PUT", getNetworkSingularURL("red"), memberTokenID, invalidNetwork, http.StatusUnauthorized)
 			testURL("PUT", getNetworkSingularURL("red"), memberTokenID, network, http.StatusBadRequest)
 
-			testURL("DELETE", getSubnetSingularURL("red"), memberTokenID, nil, http.StatusUnauthorized)
+			testURL("DELETE", getSubnetSingularURL("red"), memberTokenID, nil, http.StatusNotFound)
 			testURL("DELETE", getNetworkSingularURL("red"), memberTokenID, nil, http.StatusNoContent)
 			testURL("DELETE", getNetworkSingularURL("red"), memberTokenID, nil, http.StatusNotFound)
 		})

tests/test_schema.json

@@ -17,7 +17,7 @@
             ],
             "effect": "allow",
             "id": "member_statement",
-            "principal": "_member_",
+            "principal": "Member",
             "resource": {
                 "path": "/v2.0/network/[^/]+/?$",
                 "properties": [
@@ -34,7 +34,7 @@
             ],
             "effect": "allow",
             "id": "member_statement2",
-            "principal": "_member_",
+            "principal": "Member",
             "resource": {
                 "path": "/v2.0/networks/?$",
                 "properties": [

tests/test_schema.yaml

@@ -39,13 +39,13 @@ policies:
 - action: hello
   effect: allow
   id: member_hello
-  principal: _member_
+  principal: Member
   resource:
     path: /v2.0/responder.*
 - action: dobranoc
   effect: allow
   id: member_dobranoc
-  principal: _member_
+  principal: Member
   resource:
     path: /v2.0/responder.*
 - action: '*'
@@ -56,14 +56,14 @@ policies:
     type: belongs_to
   effect: allow
   id: power_user_statement
-  principal: _member_
+  principal: Member
   resource:
     path: /v2.0/network.*
   tenant_id: acf5662bbff44060b93a.*
 - action: '*'
   effect: allow
   id: member_user_schemas
-  principal: _member_
+  principal: Member
   resource:
     path: /v0.1/schema.*
 - action: '*'
@@ -77,7 +77,7 @@ policies:
     type: belongs_to
   effect: allow
   id: member_statement
-  principal: _member_
+  principal: Member
   resource:
     path: /v2.0/networks/[^/]+/?$
     properties:
@@ -93,7 +93,7 @@ policies:
     type: belongs_to
   effect: allow
   id: member_statement2
-  principal: _member_
+  principal: Member
   resource:
     path: /v2.0/networks/?$
     properties:
@@ -106,15 +106,15 @@ policies:
   - is_owner
   effect: allow
   id: member_statement_test
-  principal: _member_
+  principal: Member
   resource:
     path: /v2.0/test.*
 - action: '*'
   condition:
   - is_owner
   effect: allow
   id: member_statement_test
-  principal: _member_
+  principal: Member
   condition:
   - type: property
     action: read
@@ -150,7 +150,7 @@ policies:
   - is_owner
   effect: allow
   id: member_statement3
-  principal: _member_
+  principal: Member
   resource:
     path: /_all.*
 schemas: