aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRuan HE <ruan.he@orange.com>2018-01-10 20:38:11 +0000
committerGerrit Code Review <gerrit@opnfv.org>2018-01-10 20:38:11 +0000
commit0129d960d4c39d96e775674264c06908e121b7ed (patch)
tree9f90e4e28a1e5bbee4ee478d9c805ecf26ea2ab2
parent4efa492ad05bdcd19f80c7717dad94af896294fe (diff)
parent1e3c19b82374585ed7261bcb1abd6ddd38b5d9f8 (diff)
Merge "Refactor moon_authz"
-rw-r--r--moon_authz/moon_authz/api/authorization.py22
-rw-r--r--moon_authz/tests/unit_python/utilities.py21
-rw-r--r--python_moonutilities/python_moonutilities/exceptions.py15
3 files changed, 46 insertions, 12 deletions
diff --git a/moon_authz/moon_authz/api/authorization.py b/moon_authz/moon_authz/api/authorization.py
index e939604b..84114466 100644
--- a/moon_authz/moon_authz/api/authorization.py
+++ b/moon_authz/moon_authz/api/authorization.py
@@ -89,16 +89,28 @@ class Authz(Resource):
# Context.update_target(context)
if not self.context.pdp_set:
raise exceptions.PdpUnknown
+ if current_header_id not in self.context.pdp_set:
+ raise Exception('Invalid index')
current_pdp = self.context.pdp_set[current_header_id]
category_list = list()
- category_list.extend(current_pdp["meta_rules"]["subject_categories"])
- category_list.extend(current_pdp["meta_rules"]["object_categories"])
- category_list.extend(current_pdp["meta_rules"]["action_categories"])
+ if 'meta_rules' not in current_pdp:
+ raise exceptions.PdpContentError
+ try:
+ category_list.extend(current_pdp["meta_rules"]["subject_categories"])
+ category_list.extend(current_pdp["meta_rules"]["object_categories"])
+ category_list.extend(current_pdp["meta_rules"]["action_categories"])
+ except Exception:
+ raise exceptions.MetaRuleContentError
+ if 'target' not in current_pdp:
+ raise exceptions.PdpContentError
for category in category_list:
scope = list(current_pdp['target'][category])
scopes_list.append(scope)
# policy_id = self.cache.get_policy_from_meta_rules("admin", current_header_id)
-
+ if self.context.current_policy_id not in self.cache.rules:
+ raise exceptions.PolicyUnknown
+ if 'rules' not in self.cache.rules[self.context.current_policy_id]:
+ raise exceptions.RuleUnknown
for item in itertools.product(*scopes_list):
req = list(item)
for rule in self.cache.rules[self.context.current_policy_id]["rules"]:
@@ -365,4 +377,4 @@ class Authz(Resource):
def head(self, uuid=None, subject_name=None, object_name=None, action_name=None):
logger.info("HEAD request")
- return "", 200 \ No newline at end of file
+ return "", 200
diff --git a/moon_authz/tests/unit_python/utilities.py b/moon_authz/tests/unit_python/utilities.py
index 19b9354c..e3a111bd 100644
--- a/moon_authz/tests/unit_python/utilities.py
+++ b/moon_authz/tests/unit_python/utilities.py
@@ -37,11 +37,19 @@ CONF = {
"container": "wukongsun/moon_orchestrator:v4.3",
"hostname": "orchestrator"
},
- "interface": {
- "bind": "0.0.0.0",
- "port": 8080,
- "container": "wukongsun/moon_interface:v4.3",
- "hostname": "interface"
+ "pipeline": {
+ "interface": {
+ "bind": "0.0.0.0",
+ "port": 8080,
+ "container": "wukongsun/moon_interface:v4.3",
+ "hostname": "interface"
+ },
+ "authz": {
+ "bind": "0.0.0.0",
+ "port": 8081,
+ "container": "wukongsun/moon_authz:v4.3",
+ "hostname": "authz"
+ }
}
},
"plugins": {
@@ -144,7 +152,8 @@ COMPONENTS = (
"slave",
"components/manager",
"components/orchestrator",
- "components/interface",
+ "components/pipeline",
+
"components/wrapper",
)
diff --git a/python_moonutilities/python_moonutilities/exceptions.py b/python_moonutilities/python_moonutilities/exceptions.py
index 2d689287..6db7bf01 100644
--- a/python_moonutilities/python_moonutilities/exceptions.py
+++ b/python_moonutilities/python_moonutilities/exceptions.py
@@ -443,6 +443,13 @@ class MetaRuleExisting(AdminMetaRule):
logger = "ERROR"
+class MetaRuleContentError(AdminMetaRule):
+ description = _("Invalid content of pdp.")
+ code = 400
+ title = 'Meta Rule Error'
+ logger = "ERROR"
+
+
class RuleExisting(AdminRule):
description = _("The rule already exists.")
code = 400
@@ -542,6 +549,13 @@ class PdpExisting(MoonError):
logger = "Error"
+class PdpContentError(MoonError):
+ description = _("Invalid content of pdp.")
+ code = 409
+ title = 'Pdp Error'
+ logger = "Error"
+
+
class PdpKeystoneMappingConflict(MoonError):
description = _("A pdp is already mapped to that Keystone project.")
code = 409
@@ -561,4 +575,3 @@ class PolicyExisting(MoonError):
code = 409
title = 'Policy Error'
logger = "Error"
-