add super_extension

Change-Id: I7b234759a4aed653228f02d39df16021286242ed
Signed-off-by: WuKong <rebirthmonkey@gmail.com>

1 files changed, 63 insertions, 284 deletions

diff --git a/keystone-moon/keystone/contrib/moon/exception.py b/keystone-moon/keystone/contrib/moon/exception.py
index 1339122c..fa985a2f 100644
--- a/keystone-moon/keystone/contrib/moon/exception.py
+++ b/keystone-moon/keystone/contrib/moon/exception.py
@@ -69,6 +69,20 @@ class TenantNoIntraExtension(TenantException):
     logger = "ERROR"
 
 
+class TenantNoIntraAuthzExtension(TenantNoIntraExtension):
+    message_format = _("The tenant has not intra_authz_extension.")
+    code = 400
+    title = 'Tenant No Intra_Authz_Extension'
+    logger = "ERROR"
+
+
+class TenantNoIntraAdminExtension(TenantNoIntraExtension):
+    message_format = _("The tenant has not intra_admin_extension.")
+    code = 400
+    title = 'Tenant No Intra_Admin_Extension'
+    logger = "ERROR"
+
+
 # Exceptions for IntraExtension
 
 
@@ -93,500 +107,265 @@ class IntraExtensionCreationError(IntraExtensionException):
 
 # Authz exceptions
 
-
 class AuthzException(MoonError):
+    message_format = _("There is an authorization error requesting this IntraExtension.")
+    code = 403
+    title = 'Authz Exception'
+    logger = "AUTHZ"
+
+
+# Admin exceptions
+
+class AdminException(MoonError):
     message_format = _("There is an error requesting this Authz IntraExtension.")
     code = 400
     title = 'Authz Exception'
     logger = "AUTHZ"
 
 
-class AuthzPerimeter(AuthzException):
+class AdminMetaData(AdminException):
     code = 400
-    title = 'Perimeter Exception'
+    title = 'Metadata Exception'
 
 
-class AuthzScope(AuthzException):
+class AdminPerimeter(AdminException):
     code = 400
-    title = 'Scope Exception'
+    title = 'Perimeter Exception'
 
 
-class AuthzMetadata(AuthzException):
+class AdminScope(AdminException):
     code = 400
-    title = 'Metadata Exception'
+    title = 'Scope Exception'
 
 
-class AuthzAssignment(AuthzException):
+class AdminAssignment(AdminException):
     code = 400
     title = 'Assignment Exception'
 
 
-class AuthzMetaRule(AuthzException):
+class AdminMetaRule(AdminException):
     code = 400
     title = 'Aggregation Algorithm Exception'
 
 
-class AuthzRule(AuthzException):
+class AdminRule(AdminException):
     code = 400
     title = 'Rule Exception'
 
 
-class SubjectCategoryNameExisting(AuthzMetadata):
+class SubjectCategoryNameExisting(AdminMetaData):
     message_format = _("The given subject category name is existing.")
     code = 400
     title = 'Subject Category Name Existing'
     logger = "ERROR"
 
 
-class ObjectCategoryNameExisting(AuthzMetadata):
+class ObjectCategoryNameExisting(AdminMetaData):
     message_format = _("The given object category name is existing.")
     code = 400
     title = 'Object Category Name Existing'
     logger = "ERROR"
 
 
-class ActionCategoryNameExisting(AuthzMetadata):
+class ActionCategoryNameExisting(AdminMetaData):
     message_format = _("The given action category name is existing.")
     code = 400
     title = 'Action Category Name Existing'
     logger = "ERROR"
 
 
-class SubjectCategoryUnknown(AuthzMetadata):
+class SubjectCategoryUnknown(AdminMetaData):
     message_format = _("The given subject category is unknown.")
     code = 400
     title = 'Subject Category Unknown'
     logger = "ERROR"
 
 
-class ObjectCategoryUnknown(AuthzMetadata):
+class ObjectCategoryUnknown(AdminMetaData):
     message_format = _("The given object category is unknown.")
     code = 400
     title = 'Object Category Unknown'
     logger = "ERROR"
 
 
-class ActionCategoryUnknown(AuthzMetadata):
+class ActionCategoryUnknown(AdminMetaData):
     message_format = _("The given action category is unknown.")
     code = 400
     title = 'Action Category Unknown'
     logger = "ERROR"
 
 
-class SubjectUnknown(AuthzPerimeter):
+class SubjectUnknown(AdminPerimeter):
     message_format = _("The given subject is unknown.")
     code = 400
     title = 'Subject Unknown'
     logger = "ERROR"
 
 
-class ObjectUnknown(AuthzPerimeter):
+class ObjectUnknown(AdminPerimeter):
     message_format = _("The given object is unknown.")
     code = 400
     title = 'Object Unknown'
     logger = "ERROR"
 
 
-class ActionUnknown(AuthzPerimeter):
+class ActionUnknown(AdminPerimeter):
     message_format = _("The given action is unknown.")
     code = 400
     title = 'Action Unknown'
     logger = "ERROR"
 
 
-class SubjectNameExisting(AuthzPerimeter):
+class SubjectNameExisting(AdminPerimeter):
     message_format = _("The given subject name is existing.")
     code = 400
     title = 'Subject Name Existing'
     logger = "ERROR"
 
 
-class ObjectNameExisting(AuthzPerimeter):
+class ObjectNameExisting(AdminPerimeter):
     message_format = _("The given object name is existing.")
     code = 400
     title = 'Object Name Existing'
     logger = "ERROR"
 
 
-class ActionNameExisting(AuthzPerimeter):
+class ActionNameExisting(AdminPerimeter):
     message_format = _("The given action name is existing.")
     code = 400
     title = 'Action Name Existing'
     logger = "ERROR"
 
 
-class SubjectScopeUnknown(AuthzScope):
+class SubjectScopeUnknown(AdminScope):
     message_format = _("The given subject scope is unknown.")
     code = 400
     title = 'Subject Scope Unknown'
     logger = "ERROR"
 
 
-class ObjectScopeUnknown(AuthzScope):
+class ObjectScopeUnknown(AdminScope):
     message_format = _("The given object scope is unknown.")
     code = 400
     title = 'Object Scope Unknown'
     logger = "ERROR"
 
 
-class ActionScopeUnknown(AuthzScope):
+class ActionScopeUnknown(AdminScope):
     message_format = _("The given action scope is unknown.")
     code = 400
     title = 'Action Scope Unknown'
     logger = "ERROR"
 
 
-class SubjectScopeNameExisting(AuthzScope):
+class SubjectScopeNameExisting(AdminScope):
     message_format = _("The given subject scope name is existing.")
     code = 400
     title = 'Subject Scope Name Existing'
     logger = "ERROR"
 
 
-class ObjectScopeNameExisting(AuthzScope):
+class ObjectScopeNameExisting(AdminScope):
     message_format = _("The given object scope name is existing.")
     code = 400
     title = 'Object Scope Name Existing'
     logger = "ERROR"
 
 
-class ActionScopeNameExisting(AuthzScope):
+class ActionScopeNameExisting(AdminScope):
     message_format = _("The given action scope name is existing.")
     code = 400
     title = 'Action Scope Name Existing'
     logger = "ERROR"
 
 
-class SubjectAssignmentOutOfScope(AuthzScope):
-    message_format = _("The given subject scope value is out of scope.")
-    code = 400
-    title = 'Subject Assignment Out Of Scope'
-    logger = "WARNING"
-
-
-class ActionAssignmentOutOfScope(AuthzScope):
-    message_format = _("The given action scope value is out of scope.")
-    code = 400
-    title = 'Action Assignment Out Of Scope'
-    logger = "WARNING"
-
-
-class ObjectAssignmentOutOfScope(AuthzScope):
-    message_format = _("The given object scope value is out of scope.")
-    code = 400
-    title = 'Object Assignment Out Of Scope'
-    logger = "WARNING"
-
-
-class SubjectAssignmentUnknown(AuthzAssignment):
+class SubjectAssignmentUnknown(AdminAssignment):
     message_format = _("The given subject assignment value is unknown.")
     code = 400
     title = 'Subject Assignment Unknown'
     logger = "ERROR"
 
 
-class ObjectAssignmentUnknown(AuthzAssignment):
+class ObjectAssignmentUnknown(AdminAssignment):
     message_format = _("The given object assignment value is unknown.")
     code = 400
     title = 'Object Assignment Unknown'
     logger = "ERROR"
 
 
-class ActionAssignmentUnknown(AuthzAssignment):
+class ActionAssignmentUnknown(AdminAssignment):
     message_format = _("The given action assignment value is unknown.")
     code = 400
     title = 'Action Assignment Unknown'
     logger = "ERROR"
 
 
-class SubjectAssignmentExisting(AuthzAssignment):
+class SubjectAssignmentExisting(AdminAssignment):
     message_format = _("The given subject assignment value is existing.")
     code = 400
     title = 'Subject Assignment Existing'
     logger = "ERROR"
 
 
-class ObjectAssignmentExisting(AuthzAssignment):
+class ObjectAssignmentExisting(AdminAssignment):
     message_format = _("The given object assignment value is existing.")
     code = 400
     title = 'Object Assignment Existing'
     logger = "ERROR"
 
 
-class ActionAssignmentExisting(AuthzAssignment):
+class ActionAssignmentExisting(AdminAssignment):
     message_format = _("The given action assignment value is existing.")
     code = 400
     title = 'Action Assignment Existing'
     logger = "ERROR"
 
 
-class AggregationAlgorithmNotExisting(AuthzMetadata):
+class AggregationAlgorithmNotExisting(AdminMetaRule):
     message_format = _("The given aggregation algorithm is not existing.")
     code = 400
     title = 'Aggregation Algorithm Not Existing'
     logger = "ERROR"
 
 
-class AggregationAlgorithmUnknown(AuthzMetadata):
+class AggregationAlgorithmUnknown(AdminMetaRule):
     message_format = _("The given aggregation algorithm is unknown.")
     code = 400
     title = 'Aggregation Algorithm Unknown'
     logger = "ERROR"
 
 
-class SubMetaRuleUnknown(AuthzMetadata):
+class SubMetaRuleUnknown(AdminMetaRule):
     message_format = _("The given sub meta rule is unknown.")
     code = 400
     title = 'Sub Meta Rule Unknown'
     logger = "ERROR"
 
 
-class SubMetaRuleNameExisting(AuthzMetadata):
+class SubMetaRuleNameExisting(AdminMetaRule):
     message_format = _("The sub meta rule name is existing.")
     code = 400
     title = 'Sub Meta Rule Name Existing'
     logger = "ERROR"
 
 
-class SubMetaRuleExisting(AuthzMetadata):
+class SubMetaRuleExisting(AdminMetaRule):
     message_format = _("The sub meta rule is existing.")
     code = 400
     title = 'Sub Meta Rule Existing'
     logger = "ERROR"
 
 
-class RuleOKNotExisting(AuthzRule):
-    message_format = _("The positive rule for that request doen't exist.")
-    code = 400
-    title = 'Rule OK Not Existing'
-    logger = "ERROR"
-
-
-class RuleKOExisting(AuthzRule):
-    message_format = _("The request match a negative rule.")
-    code = 400
-    title = 'Rule KO Existing'
-    logger = "ERROR"
-
-
-class RuleExisting(AuthzRule):
+class RuleExisting(AdminRule):
     message_format = _("The rule is existing.")
     code = 400
     title = 'Rule Existing'
     logger = "ERROR"
 
 
-class RuleUnknown(AuthzRule):
+class RuleUnknown(AdminRule):
     message_format = _("The rule for that request doesn't exist.")
     code = 400
     title = 'Rule Unknown'
     logger = "ERROR"
 
-
-class AddedRuleExisting(AuthzRule):
-    message_format = _("The added rule for that request is existing.")
-    code = 400
-    title = 'Added Rule Existing'
-    logger = "ERROR"
-
-
-# Admin exceptions
-
-
-class AdminException(MoonError):
-    message_format = _("There is an authorization error requesting this IntraExtension.")
-    code = 403
-    title = 'Admin Exception'
-    logger = "AUTHZ"
-
-
-class AdminPerimeter(AuthzException):
-    title = 'Perimeter Exception'
-
-
-class AdminScope(AuthzException):
-    title = 'Scope Exception'
-
-
-class AdminMetadata(AuthzException):
-    title = 'Metadata Exception'
-
-
-class AdminAssignment(AuthzException):
-    title = 'Assignment Exception'
-
-
-class AdminRule(AuthzException):
-    title = 'Rule Exception'
-
-class AdminMetaRule(AuthzException):
-    title = 'MetaRule Exception'
-
-
-class SubjectReadNotAuthorized(AdminPerimeter):
-    title = 'Subject Read Not Authorized'
-
-
-class SubjectAddNotAuthorized(AdminPerimeter):
-    title = 'Subject Add Not Authorized'
-
-
-class SubjectDelNotAuthorized(AdminPerimeter):
-    title = 'Subject Del Not Authorized'
-
-
-class ObjectReadNotAuthorized(AdminPerimeter):
-    title = 'Object Read Not Authorized'
-
-
-class ObjectAddNotAuthorized(AdminPerimeter):
-    title = 'Object Add Not Authorized'
-
-
-class ObjectDelNotAuthorized(AdminPerimeter):
-    title = 'Object Del Not Authorized'
-
-
-class ActionReadNotAuthorized(AdminPerimeter):
-    title = 'Action Read Not Authorized'
-
-
-class ActionAddNotAuthorized(AdminPerimeter):
-    title = 'Action Add Not Authorized'
-
-
-class ActionDelNotAuthorized(AdminPerimeter):
-    title = 'Action Del Not Authorized'
-
-
-class SubjectScopeReadNotAuthorized(AuthzException):
-    title = 'Subject Scope Read Not Authorized'
-
-
-class SubjectScopeAddNotAuthorized(AuthzException):
-    title = 'Subject Scope Add Not Authorized'
-
-
-class SubjectScopeDelNotAuthorized(AuthzException):
-    title = 'Subject Scope Del Not Authorized'
-
-
-class ObjectScopeReadNotAuthorized(AuthzException):
-    title = 'Object Scope Read Not Authorized'
-
-
-class ObjectScopeAddNotAuthorized(AuthzException):
-    title = 'Object Scope Add Not Authorized'
-
-
-class ObjectScopeDelNotAuthorized(AuthzException):
-    title = 'Object Scope Del Not Authorized'
-
-
-class ActionScopeReadNotAuthorized(AuthzException):
-    title = 'Action Scope Read Not Authorized'
-
-
-class ActionScopeAddNotAuthorized(AuthzException):
-    title = 'Action Scope Add Not Authorized'
-
-
-class ActionScopeDelNotAuthorized(AuthzException):
-    title = 'Action Scope Del Not Authorized'
-
-
-class SubjectCategoryReadNotAuthorized(AdminMetadata):
-    title = 'Subject Category Read Not Authorized'
-    logger = "AUTHZ"
-
-
-class SubjectCategoryAddNotAuthorized(AdminMetadata):
-    title = 'Subject Category Add Not Authorized'
-
-
-class SubjectCategoryDelNotAuthorized(AdminMetadata):
-    title = 'Subject Category Del Not Authorized'
-
-
-class ObjectCategoryReadNotAuthorized(AdminMetadata):
-    title = 'Object Category Read Not Authorized'
-
-
-class ObjectCategoryAddNotAuthorized(AdminMetadata):
-    title = 'Object Category Add Not Authorized'
-
-
-class ObjectCategoryDelNotAuthorized(AdminMetadata):
-    title = 'Object Category Del Not Authorized'
-
-
-class ActionCategoryReadNotAuthorized(AdminMetadata):
-    title = 'Action Category Read Not Authorized'
-
-
-class ActionCategoryAddNotAuthorized(AdminMetadata):
-    title = 'Action Category Add Not Authorized'
-
-
-class ActionCategoryDelNotAuthorized(AdminMetadata):
-    title = 'Action Category Del Not Authorized'
-
-
-class SubjectAssignmentReadNotAuthorized(AdminAssignment):
-    title = 'Subject Assignment Read Not Authorized'
-
-
-class SubjectAssignmentAddNotAuthorized(AdminAssignment):
-    title = 'Subject Assignment Add Not Authorized'
-
-
-class SubjectAssignmentDelNotAuthorized(AdminAssignment):
-    title = 'Subject Assignment Del Not Authorized'
-
-
-class ObjectAssignmentReadNotAuthorized(AdminAssignment):
-    title = 'Object Assignment Read Not Authorized'
-
-
-class ObjectAssignmentAddNotAuthorized(AdminAssignment):
-    title = 'Object Assignment Add Not Authorized'
-
-
-class ObjectAssignmentDelNotAuthorized(AdminAssignment):
-    title = 'Object Assignment Del Not Authorized'
-
-
-class ActionAssignmentReadNotAuthorized(AdminAssignment):
-    title = 'Action Assignment Read Not Authorized'
-
-
-class ActionAssignmentAddNotAuthorized(AdminAssignment):
-    title = 'Action Assignment Add Not Authorized'
-
-
-class ActionAssignmentDelNotAuthorized(AdminAssignment):
-    title = 'Action Assignment Del Not Authorized'
-
-
-class RuleReadNotAuthorized(AdminRule):
-    title = 'Rule Read Not Authorized'
-
-
-class RuleAddNotAuthorized(AdminRule):
-    title = 'Rule Add Not Authorized'
-
-
-class RuleDelNotAuthorized(AdminRule):
-    title = 'Rule Del Not Authorized'
-
-
-class MetaRuleReadNotAuthorized(AdminRule):
-    title = 'MetaRule Read Not Authorized'
-
-
-class MetaRuleAddNotAuthorized(AdminRule):
-    title = 'MetaRule Add Not Authorized'
-
-
-class MetaRuleDelNotAuthorized(AdminRule):
-    title = 'MetaRule Del Not Authorized'