opentelekomcloud · otc-zuul · Oct 18, 2024 · Oct 18, 2024 · Oct 18, 2024
@@ -0,0 +1,188 @@
+package v1
+
+import (
+	"testing"
+
+	golangsdk "github.com/opentelekomcloud/gophertelekomcloud"
+	"github.com/opentelekomcloud/gophertelekomcloud/acceptance/clients"
+	"github.com/opentelekomcloud/gophertelekomcloud/acceptance/tools"
+	"github.com/opentelekomcloud/gophertelekomcloud/openstack/rms/compliance"
+	th "github.com/opentelekomcloud/gophertelekomcloud/testhelper"
+)
+
+func TestAllPoliciesList(t *testing.T) {
+	t.Skip("You are not authorized with rms:resources:list impossible to run within CI")
+	client, err := clients.NewRMSClient()
+	th.AssertNoErr(t, err)
+
+	// Test ListAllPolicies
+	policies, err := compliance.ListAllPolicies(client)
+	th.AssertNoErr(t, err)
+	th.AssertEquals(t, true, len(policies) > 0)
+
+	policy, err := compliance.GetPolicy(client, policies[0].ID)
+	th.AssertNoErr(t, err)
+	th.AssertEquals(t, policy.PolicyType, "builtin")
+}
+
+func TestComplianceList(t *testing.T) {
+	t.Skip("You are not authorized with rms:resources:list impossible to run within CI")
+	client, err := clients.NewRMSClient()
+	th.AssertNoErr(t, err)
+
+	ruleName := tools.RandomString("rule-", 4)
+	rule := createRule(t, client, ruleName)
+
+	// Test ListAllCompliance
+	listOpts := compliance.ListAllComplianceOpts{
+		DomainId: client.DomainID,
+		PolicyId: rule.ID,
+	}
+
+	allCompliance, err := compliance.ListAllRuleCompliance(client, listOpts)
+	th.AssertNoErr(t, err)
+	th.AssertEquals(t, true, len(allCompliance) > 0)
+
+	// Test ListAllUserCompliance
+	userComplianceOpts := compliance.ListAllUserComplianceOpts{
+		DomainId: client.DomainID,
+	}
+
+	userCompliance, err := compliance.ListAllUserCompliance(client, userComplianceOpts)
+	th.AssertNoErr(t, err)
+	th.AssertEquals(t, true, len(userCompliance) > 0)
+
+	// Test ListResCompliance
+	resComplianceOpts := compliance.ListResComplianceOpts{
+		DomainId:   client.DomainID,
+		ResourceId: "test_resource_id",
+	}
+
+	resCompliance, err := compliance.ListResCompliance(client, resComplianceOpts)
+	th.AssertNoErr(t, err)
+	th.AssertEquals(t, true, len(resCompliance) >= 0)
+}
+
+func TestComplianceLifecycle(t *testing.T) {
+	t.Skip("You are not authorized with rms:resources:list impossible to run within CI")
+	client, err := clients.NewRMSClient()
+	th.AssertNoErr(t, err)
+
+	ruleName := tools.RandomString("rule-", 4)
+	rule := createRule(t, client, ruleName)
+
+	// Test GetRule
+	retrievedRule, err := compliance.GetRule(client, client.DomainID, rule.ID)
+	th.AssertNoErr(t, err)
+	th.AssertEquals(t, rule.ID, retrievedRule.ID)
+
+	// Test UpdateRule
+	updateOpts := compliance.UpdateRuleOpts{
+		DomainId:             client.DomainID,
+		PolicyAssignmentId:   rule.ID,
+		PolicyDefinitionID:   "5f8d549bffeecc14f1fb522a",
+		Name:                 ruleName + "-new",
+		PolicyAssignmentType: "builtin",
+		Parameters: map[string]compliance.PolicyParameter{
+			"listOfAllowedFlavors": {
+				Value: []string{"second"},
+			},
+		},
+	}
+
+	updatedRule, err := compliance.UpdateRule(client, updateOpts)
+	th.AssertNoErr(t, err)
+	th.AssertEquals(t, ruleName+"-new", updatedRule.Name)
+
+	th.AssertNoErr(t, waitForRuleAvailable(client, 20, client.DomainID, rule.ID))
+
+	// Test DisableRule
+	err = compliance.DisableRule(client, client.DomainID, rule.ID)
+	th.AssertNoErr(t, err)
+	th.AssertNoErr(t, waitForRuleAvailable(client, 20, client.DomainID, rule.ID))
+
+	// Test EnableRule
+	err = compliance.EnableRule(client, client.DomainID, rule.ID)
+	th.AssertNoErr(t, err)
+	th.AssertNoErr(t, waitForRuleAvailable(client, 20, client.DomainID, rule.ID))
+
+	// Test RunEval
+	err = compliance.RunEval(client, client.DomainID, rule.ID)
+	th.AssertNoErr(t, err)
+	th.AssertNoErr(t, waitForRuleAvailable(client, 20, client.DomainID, rule.ID))
+
+	// Test ListRules
+	listRulesOpts := compliance.ListRulesOpts{
+		DomainId: client.DomainID,
+	}
+
+	rules, err := compliance.ListRules(client, listRulesOpts)
+	th.AssertNoErr(t, err)
+	th.AssertEquals(t, true, len(rules) > 0)
+
+	// Test GetPolicy
+	// policy, err := compliance.GetPolicy(client, rule.PolicyDefinitionID)
+	// th.AssertNoErr(t, err)
+	// th.AssertEquals(t, rule.PolicyDefinitionID, policy.ID)
+	//
+	// // Test UpdateCompliance
+	// updateComplianceOpts := compliance.UpdateComplianceOpts{
+	// 	DomainId: client.DomainID,
+	// 	PolicyResource: compliance.PolicyResource{
+	// 		ResourceID:   "test_resource_id",
+	// 		ResourceName: "TestResource",
+	// 	},
+	// 	TriggerType:          "resource",
+	// 	ComplianceState:      "NonCompliant",
+	// 	PolicyAssignmentID:   rule.ID,
+	// 	PolicyAssignmentName: rule.Name,
+	// 	EvaluationTime:       1667374060248,
+	// 	EvaluationHash:       "89342b8f338165651991afb8bd471396",
+	// }
+	//
+	// updatedCompliance, err := compliance.UpdateCompliance(client, updateComplianceOpts)
+	// th.AssertNoErr(t, err)
+	// th.AssertEquals(t, "Compliant", updatedCompliance.ComplianceState)
+}
+
+func createRule(t *testing.T, client *golangsdk.ServiceClient, name string) *compliance.PolicyRule {
+	addOpts := compliance.AddRuleOpts{
+		Name:                 name,
+		DomainId:             client.DomainID,
+		PolicyAssignmentType: "builtin",
+		PolicyDefinitionID:   "5f8d549bffeecc14f1fb522a",
+		Description:          "Test compliance rule",
+		Parameters: map[string]compliance.PolicyParameter{
+			"listOfAllowedFlavors": {
+				Value: []string{"first"},
+			},
+		},
+	}
+
+	rule, err := compliance.AddRule(client, addOpts)
+	th.AssertNoErr(t, err)
+	th.AssertEquals(t, name, rule.Name)
+
+	t.Cleanup(func() {
+		th.AssertNoErr(t, compliance.DisableRule(client, client.DomainID, rule.ID))
+		th.AssertNoErr(t, compliance.Delete(client, client.DomainID, rule.ID))
+	})
+
+	return rule
+}
+
+func waitForRuleAvailable(client *golangsdk.ServiceClient, secs int, domainId, id string) error {
+	return golangsdk.WaitFor(secs, func() (bool, error) {
+		jobStatus, err := compliance.GetRuleStatus(client, domainId, id)
+		if err != nil {
+			return false, err
+		}
+		if jobStatus == nil {
+			return false, nil
+		}
+		if jobStatus.State == "Succeeded" {
+			return true, nil
+		}
+		return false, nil
+	})
+}
@@ -0,0 +1,84 @@
+package compliance
+
+import (
+	golangsdk "github.com/opentelekomcloud/gophertelekomcloud"
+	"github.com/opentelekomcloud/gophertelekomcloud/internal/build"
+	"github.com/opentelekomcloud/gophertelekomcloud/internal/extract"
+	"github.com/opentelekomcloud/gophertelekomcloud/openstack/common/tags"
+)
+
+type AddRuleOpts struct {
+	DomainId             string                     `json:"-"`
+	PolicyAssignmentType string                     `json:"policy_assignment_type,omitempty"`
+	Name                 string                     `json:"name" required:"true"`
+	Description          string                     `json:"description,omitempty"`
+	Period               string                     `json:"period,omitempty"`
+	PolicyFilter         PolicyFilterDefinition     `json:"policy_filter,omitempty"`
+	PolicyDefinitionID   string                     `json:"policy_definition_id,omitempty"`
+	CustomPolicy         *CustomPolicy              `json:"custom_policy,omitempty"`
+	Parameters           map[string]PolicyParameter `json:"parameters,omitempty"`
+	Tags                 []tags.ResourceTag         `json:"tags,omitempty"`
+}
+
+type PolicyFilterDefinition struct {
+	RegionID         string `json:"region_id,omitempty"`
+	ResourceProvider string `json:"resource_provider,omitempty"`
+	ResourceType     string `json:"resource_type,omitempty"`
+	ResourceID       string `json:"resource_id,omitempty"`
+	TagKey           string `json:"tag_key,omitempty"`
+	TagValue         string `json:"tag_value,omitempty"`
+}
+
+type CustomPolicy struct {
+	FunctionUrn string                 `json:"function_urn" required:"true"`
+	AuthType    string                 `json:"auth_type" required:"true"`
+	AuthValue   map[string]interface{} `json:"auth_value,omitempty"`
+}
+
+type PolicyParameter struct {
+	Value interface{} `json:"value,omitempty"`
+}
+
+func AddRule(client *golangsdk.ServiceClient, opts AddRuleOpts) (*PolicyRule, error) {
+	// PUT /v1/resource-manager/domains/{domain_id}/policy-assignments
+	b, err := build.RequestBody(opts, "")
+	if err != nil {
+		return nil, err
+	}
+
+	raw, err := client.Put(client.ServiceURL("resource-manager", "domains", opts.DomainId, "policy-assignments"), b, nil, &golangsdk.RequestOpts{
+		OkCodes: []int{200},
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	var res PolicyRule
+
+	err = extract.Into(raw.Body, &res)
+	return &res, err
+}
+
+type PolicyRule struct {
+	PolicyAssignmentType string                     `json:"policy_assignment_type"`
+	ID                   string                     `json:"id"`
+	Name                 string                     `json:"name"`
+	Description          string                     `json:"description"`
+	PolicyFilter         *PolicyFilterDefinition    `json:"policy_filter,omitempty"`
+	Period               string                     `json:"period"`
+	State                string                     `json:"state"`
+	Created              string                     `json:"created"`
+	Updated              string                     `json:"updated"`
+	PolicyDefinitionID   string                     `json:"policy_definition_id"`
+	CustomPolicy         *CustomPolicy              `json:"custom_policy,omitempty"`
+	Parameters           map[string]PolicyParameter `json:"parameters"`
+	Tags                 []ResourceTag              `json:"tags"`
+	CreatedBy            string                     `json:"created_by"`
+	TargetType           string                     `json:"target_type"`
+	TargetID             string                     `json:"target_id"`
+}
+
+type ResourceTag struct {
+	Key   string `json:"key"`
+	Value string `json:"value"`
+}
@@ -0,0 +1,10 @@
+package compliance
+
+import golangsdk "github.com/opentelekomcloud/gophertelekomcloud"
+
+func Delete(client *golangsdk.ServiceClient, domainId, id string) (err error) {
+	_, err = client.Delete(client.ServiceURL("resource-manager", "domains", domainId, "policy-assignments", id), &golangsdk.RequestOpts{
+		OkCodes: []int{200},
+	})
+	return
+}
@@ -0,0 +1,11 @@
+package compliance
+
+import golangsdk "github.com/opentelekomcloud/gophertelekomcloud"
+
+func DisableRule(client *golangsdk.ServiceClient, domainId, id string) (err error) {
+	// POST /v1/resource-manager/domains/{domain_id}/policy-assignments/{policy_assignment_id}/disable
+	_, err = client.Post(client.ServiceURL("resource-manager", "domains", domainId, "policy-assignments", id, "disable"), nil, nil, &golangsdk.RequestOpts{
+		OkCodes: []int{202},
+	})
+	return
+}
@@ -0,0 +1,13 @@
+package compliance
+
+import (
+	golangsdk "github.com/opentelekomcloud/gophertelekomcloud"
+)
+
+func EnableRule(client *golangsdk.ServiceClient, domainId, id string) (err error) {
+	// POST /v1/resource-manager/domains/{domain_id}/policy-assignments/{policy_assignment_id}/enable
+	_, err = client.Post(client.ServiceURL("resource-manager", "domains", domainId, "policy-assignments", id, "enable"), nil, nil, &golangsdk.RequestOpts{
+		OkCodes: []int{202},
+	})
+	return
+}
@@ -0,0 +1,19 @@
+package compliance
+
+import (
+	golangsdk "github.com/opentelekomcloud/gophertelekomcloud"
+	"github.com/opentelekomcloud/gophertelekomcloud/internal/extract"
+)
+
+func GetPolicy(client *golangsdk.ServiceClient, id string) (*PolicyDefinition, error) {
+	// GET  /v1/resource-manager/policy-definitions/{policy_definition_id}
+	raw, err := client.Get(client.ServiceURL(
+		"resource-manager", "policy-definitions", id), nil, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	var res PolicyDefinition
+	err = extract.Into(raw.Body, &res)
+	return &res, err
+}
@@ -0,0 +1,19 @@
+package compliance
+
+import (
+	golangsdk "github.com/opentelekomcloud/gophertelekomcloud"
+	"github.com/opentelekomcloud/gophertelekomcloud/internal/extract"
+)
+
+func GetRule(client *golangsdk.ServiceClient, domainId, id string) (*PolicyRule, error) {
+	// GET  /v1/resource-manager/domains/{domain_id}/policy-assignments/{policy_assignment_id}
+	raw, err := client.Get(client.ServiceURL(
+		"resource-manager", "domains", domainId, "policy-assignments", id), nil, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	var res PolicyRule
+	err = extract.Into(raw.Body, &res)
+	return &res, err
+}
@@ -0,0 +1,27 @@
+package compliance
+
+import (
+	golangsdk "github.com/opentelekomcloud/gophertelekomcloud"
+	"github.com/opentelekomcloud/gophertelekomcloud/internal/extract"
+)
+
+func GetRuleStatus(client *golangsdk.ServiceClient, domainId, id string) (*PolicyStatus, error) {
+	// GET /v1/resource-manager/domains/{domain_id}/policy-assignments/{policy_assignment_id}/policy-states/evaluation-state
+	raw, err := client.Get(client.ServiceURL(
+		"resource-manager", "domains", domainId, "policy-assignments", id, "policy-states", "evaluation-state"), nil, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	var res PolicyStatus
+	err = extract.Into(raw.Body, &res)
+	return &res, err
+}
+
+type PolicyStatus struct {
+	PolicyAssignmentId string `json:"policy_assignment_id"`
+	State              string `json:"state"`
+	StartTime          string `json:"start_time"`
+	EnTime             string `json:"end_time"`
+	ErrorMessage       string `json:"error_message"`
+}