diff options
author | ReemMahmoud <rfawzy.ext@orange.com> | 2018-01-10 16:04:00 +0200 |
---|---|---|
committer | ReemMahmoud <rfawzy.ext@orange.com> | 2018-01-10 16:04:00 +0200 |
commit | 1e3c19b82374585ed7261bcb1abd6ddd38b5d9f8 (patch) | |
tree | 9aaf08af5c963d4a362e25defcffd54637246194 | |
parent | dc368bed1ff75f19553046570e1fad2990177783 (diff) |
Refactor moon_authz
Change-Id: I27dd56f22fa457727568d3fe76ed5fa862ba97ae
Signed-off-by: ReemMahmoud <rfawzy.ext@orange.com>
-rw-r--r-- | moon_authz/moon_authz/api/authorization.py | 22 | ||||
-rw-r--r-- | moon_authz/tests/unit_python/utilities.py | 21 | ||||
-rw-r--r-- | python_moonutilities/python_moonutilities/exceptions.py | 15 |
3 files changed, 46 insertions, 12 deletions
diff --git a/moon_authz/moon_authz/api/authorization.py b/moon_authz/moon_authz/api/authorization.py index e939604b..84114466 100644 --- a/moon_authz/moon_authz/api/authorization.py +++ b/moon_authz/moon_authz/api/authorization.py @@ -89,16 +89,28 @@ class Authz(Resource): # Context.update_target(context) if not self.context.pdp_set: raise exceptions.PdpUnknown + if current_header_id not in self.context.pdp_set: + raise Exception('Invalid index') current_pdp = self.context.pdp_set[current_header_id] category_list = list() - category_list.extend(current_pdp["meta_rules"]["subject_categories"]) - category_list.extend(current_pdp["meta_rules"]["object_categories"]) - category_list.extend(current_pdp["meta_rules"]["action_categories"]) + if 'meta_rules' not in current_pdp: + raise exceptions.PdpContentError + try: + category_list.extend(current_pdp["meta_rules"]["subject_categories"]) + category_list.extend(current_pdp["meta_rules"]["object_categories"]) + category_list.extend(current_pdp["meta_rules"]["action_categories"]) + except Exception: + raise exceptions.MetaRuleContentError + if 'target' not in current_pdp: + raise exceptions.PdpContentError for category in category_list: scope = list(current_pdp['target'][category]) scopes_list.append(scope) # policy_id = self.cache.get_policy_from_meta_rules("admin", current_header_id) - + if self.context.current_policy_id not in self.cache.rules: + raise exceptions.PolicyUnknown + if 'rules' not in self.cache.rules[self.context.current_policy_id]: + raise exceptions.RuleUnknown for item in itertools.product(*scopes_list): req = list(item) for rule in self.cache.rules[self.context.current_policy_id]["rules"]: @@ -365,4 +377,4 @@ class Authz(Resource): def head(self, uuid=None, subject_name=None, object_name=None, action_name=None): logger.info("HEAD request") - return "", 200
\ No newline at end of file + return "", 200 diff --git a/moon_authz/tests/unit_python/utilities.py b/moon_authz/tests/unit_python/utilities.py index 19b9354c..e3a111bd 100644 --- a/moon_authz/tests/unit_python/utilities.py +++ b/moon_authz/tests/unit_python/utilities.py @@ -37,11 +37,19 @@ CONF = { "container": "wukongsun/moon_orchestrator:v4.3", "hostname": "orchestrator" }, - "interface": { - "bind": "0.0.0.0", - "port": 8080, - "container": "wukongsun/moon_interface:v4.3", - "hostname": "interface" + "pipeline": { + "interface": { + "bind": "0.0.0.0", + "port": 8080, + "container": "wukongsun/moon_interface:v4.3", + "hostname": "interface" + }, + "authz": { + "bind": "0.0.0.0", + "port": 8081, + "container": "wukongsun/moon_authz:v4.3", + "hostname": "authz" + } } }, "plugins": { @@ -144,7 +152,8 @@ COMPONENTS = ( "slave", "components/manager", "components/orchestrator", - "components/interface", + "components/pipeline", + "components/wrapper", ) diff --git a/python_moonutilities/python_moonutilities/exceptions.py b/python_moonutilities/python_moonutilities/exceptions.py index 2d689287..6db7bf01 100644 --- a/python_moonutilities/python_moonutilities/exceptions.py +++ b/python_moonutilities/python_moonutilities/exceptions.py @@ -443,6 +443,13 @@ class MetaRuleExisting(AdminMetaRule): logger = "ERROR" +class MetaRuleContentError(AdminMetaRule): + description = _("Invalid content of pdp.") + code = 400 + title = 'Meta Rule Error' + logger = "ERROR" + + class RuleExisting(AdminRule): description = _("The rule already exists.") code = 400 @@ -542,6 +549,13 @@ class PdpExisting(MoonError): logger = "Error" +class PdpContentError(MoonError): + description = _("Invalid content of pdp.") + code = 409 + title = 'Pdp Error' + logger = "Error" + + class PdpKeystoneMappingConflict(MoonError): description = _("A pdp is already mapped to that Keystone project.") code = 409 @@ -561,4 +575,3 @@ class PolicyExisting(MoonError): code = 409 title = 'Policy Error' logger = "Error" - |