diff options
| author |   WuKong <rebirthmonkey@gmail.com> | 2015-07-14 17:58:16 +0200 |
|---|---|---|
| committer | WuKong <rebirthmonkey@gmail.com> | 2015-07-14 17:58:16 +0200 |
| commit | 9312de3af73762d2dea25523b1fd2b7fbde37ff2 (patch) | |
| tree | 2eedaa81e6ddb2f07e5a7362d08e156b3b3ca24c /keystone-moon/keystone | |
| parent | 7278636073202990ad1775819ae144dfb766367a (diff) | |
review controllers.py and core.py
Change-Id: Ia71986f174f6cbf92868f7535504523292472e25
Signed-off-by: WuKong <rebirthmonkey@gmail.com>
Diffstat (limited to 'keystone-moon/keystone')
7 files changed, 644 insertions, 458 deletions
diff --git a/keystone-moon/keystone/contrib/moon/algorithms.py b/keystone-moon/keystone/contrib/moon/algorithms.py index bfdfc5ca..e43e9222 100644 --- a/keystone-moon/keystone/contrib/moon/algorithms.py +++ b/keystone-moon/keystone/contrib/moon/algorithms.py @@ -34,7 +34,7 @@ rule_dict = [ ] """ -def algo_inclusion(authz_buffer, sub_meta_rule_dict, rule_dict): +def inclusion(authz_buffer, sub_meta_rule_dict, rule_dict): _cat = [] for subject_cat in sub_meta_rule_dict['subject_categories']: if subject_cat in authz_buffer['subject_attributes']: @@ -53,11 +53,11 @@ def algo_inclusion(authz_buffer, sub_meta_rule_dict, rule_dict): return False -def algo_comparison(_authz_buffer, _sub_meta_rule_dict, _rule_dict): +def comparison(_authz_buffer, _sub_meta_rule_dict, _rule_dict): return -def aggr_all_true(decision_buffer): +def all_true(decision_buffer): for _rule in decision_buffer: if decision_buffer[_rule] is False: return False diff --git a/keystone-moon/keystone/contrib/moon/backends/memory.py b/keystone-moon/keystone/contrib/moon/backends/memory.py new file mode 100644 index 00000000..d186a1ad --- /dev/null +++ b/keystone-moon/keystone/contrib/moon/backends/memory.py @@ -0,0 +1,64 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +from uuid import uuid4 +from keystone import config +from keystone.contrib.moon.core import ConfigurationDriver +from keystone.contrib.moon.core import TenantDriver +# from keystone.contrib.moon.core import SuperExtensionDriver + + + +CONF = config.CONF + + +class ConfigurationConnector(ConfigurationDriver): + + def __init__(self): + super(ConfigurationConnector, self).__init__() + + def get_policy_templete_dict(self): + # TODO (dthom) + pass + + def get_aggregation_algorithm_dict(self): + aggregation_algorithm_dict = dict() + aggregation_algorithm_dict[uuid4()] = "all_true" + return aggregation_algorithm_dict + + def get_sub_meta_rule_algorithm_dict(self): + sub_meta_rule_algorithm_dict = dict() + sub_meta_rule_algorithm_dict[uuid4()] = "inclusion" + sub_meta_rule_algorithm_dict[uuid4()] = "comparison" + return sub_meta_rule_algorithm_dict + + +class TenantConnector(TenantDriver): + + def get_tenant_dict(self): + # TODO (dthom) + pass + + def set_tenant(self, tenant_id, tenant_name, intra_authz_ext_id, intra_admin_ext_id): + # TODO (dthom) + pass + + +# class SuperExtensionConnector(SuperExtensionDriver): +# +# def __init__(self): +# super(SuperExtensionConnector, self).__init__() +# # Super_Extension is loaded every time the server is started +# self.__uuid = uuid4().hex +# # self.__super_extension = Extension() +# _policy_abs_dir = os.path.join(CONF.moon.super_extension_directory, 'policy') +# # self.__super_extension.load_from_json(_policy_abs_dir) +# +# def get_super_extensions(self): +# return None +# +# def admin(self, sub, obj, act): +# # return self.__super_extension.authz(sub, obj, act) +# return True diff --git a/keystone-moon/keystone/contrib/moon/controllers.py b/keystone-moon/keystone/contrib/moon/controllers.py index d13ba2a5..a514fcd4 100644 --- a/keystone-moon/keystone/contrib/moon/controllers.py +++ b/keystone-moon/keystone/contrib/moon/controllers.py @@ -16,27 +16,7 @@ CONF = config.CONF LOG = log.getLogger(__name__) -@dependency.requires('authz_api') -class Authz_v3(controller.V3Controller): - - def __init__(self): - super(Authz_v3, self).__init__() - - @controller.protected() - def get_authz(self, context, tenant_name, subject_name, object_name, action_name): - try: - _authz = self.authz_api.authz(tenant_name, subject_name, object_name, action_name) - except TenantNotFound: - _authz = True - except: - _authz = False - return {"authz": _authz, - "tenant_name": tenant_name, - "subject_name": subject_name, - "object_name": object_name, - "action_name": action_name} - - +@dependency.requires('configuration_api') class Configuration(controller.V3Controller): collection_name = 'configurations' member_name = 'configuration' @@ -45,9 +25,10 @@ class Configuration(controller.V3Controller): super(Configuration, self).__init__() @controller.protected() - def get_templetes(self, context, **kw): + def get_policy_templetes(self, context, **kw): user_id = self._get_user_uuid_from_token(context["token_id"]) - # TODO: belowing code should be move to core.py in the admin_api + # TODO: belowing code should be move to core.py + # TODO: return self.configuration_api_get_policy_templete_dict(user_id) nodes = glob.glob(os.path.join(CONF.moon.policy_directory, "*")) return { "authz_templetes": @@ -62,7 +43,7 @@ class Configuration(controller.V3Controller): :return: {aggregation_algorithm_id: description} """ user_id = self._get_user_uuid_from_token(context["token_id"]) - return self.admin_api.get_aggregation_algorithm_dict(user_id) + return self.configuration_api.get_aggregation_algorithm_dict(user_id) @controller.protected() def get_sub_meta_rule_algorithms(self, context, **kw): @@ -72,7 +53,75 @@ class Configuration(controller.V3Controller): :return: {sub_meta_rule_algorithm_id: description} """ user_id = self._get_user_uuid_from_token(context["token_id"]) - return self.admin_api.get_sub_meta_rule_algorithms(user_id) + return self.configuration_api.get_sub_meta_rule_algorithm_dict(user_id) + + +@dependency.requires('tenant_api', 'resource_api') +class Tenants(controller.V3Controller): + + def __init__(self): + super(Tenants, self).__init__() + + def _get_user_id_from_token(self, token_id): + response = self.token_provider_api.validate_token(token_id) + token_ref = token_model.KeystoneToken(token_id=token_id, token_data=response) + return token_ref['user'] + + @controller.protected() + def get_tenants(self, context, **kw): + user_id = self._get_user_id_from_token(context["token_id"]) + return self.tenant_api.get_tenant_dict(user_id) + + @controller.protected() + def add_tenant(self, context, **kw): + user_id = self._get_user_id_from_token(context["token_id"]) + # TODO: get tenant name from keystone + tenant_name = kw.get("tenant_name") + intra_authz_ext_id = kw.get("intra_authz_ext_id") + intra_admin_ext_id = kw.get("intra_admin_ext_id") + return self.tenant_api.add_tenant(user_id, tenant_name, intra_authz_ext_id, intra_admin_ext_id) + + @controller.protected() + def get_tenant(self, context, **kw): + user_id = self._get_user_id_from_token(context["token_id"]) + tenant_id = kw.get("tenant_id") + return self.tenant_api.get_tenant(user_id, tenant_id) + + @controller.protected() + def del_tenant(self, context, **kw): + user_id = self._get_user_id_from_token(context["token_id"]) + tenant_id = kw.get("tenant_id") + return self.tenant_api.del_tenant(user_id, tenant_id) + + """def load_tenant(self, context, **kw): + user_id = self._get_user_id_from_token(context["token_id"]) + tenant_id = kw["tenant_id"] + tenant_name = self.resource_api.get_project(tenant_id)["name"] + intra_authz_ext_id = kw.get("intra_authz_ext_id") + intra_admin_ext_id = kw.get("intra_admin_ext_id") + self.tenant_api.add_tenant_dict( + user_id, + tenant_id, + tenant_name, + intra_authz_ext_id, + intra_admin_ext_id) + """ + + +@dependency.requires('authz_api') +class Authz_v3(controller.V3Controller): + + def __init__(self): + super(Authz_v3, self).__init__() + + @controller.protected() + def get_authz(self, context, tenant_name, subject_name, object_name, action_name): + try: + return self.authz_api.authz(tenant_name, subject_name, object_name, action_name) + except TenantIDNotFound: + return True + except: + return False @dependency.requires('admin_api', 'authz_api') @@ -651,58 +700,6 @@ class IntraExtensions(controller.V3Controller): return self.admin_api.del_rule(user_id, ie_id, sub_meta_rule_id, rule_id) -@dependency.requires('tenant_api', 'resource_api') -class Tenants(controller.V3Controller): - - def __init__(self): - super(Tenants, self).__init__() - - def _get_user_id_from_token(self, token_id): - response = self.token_provider_api.validate_token(token_id) - token_ref = token_model.KeystoneToken(token_id=token_id, token_data=response) - return token_ref['user'] - - @controller.protected() - def get_tenants(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) - return self.tenant_api.get_tenant_dict(user_id) - - @controller.protected() - def add_tenant(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) - tenant_dict = dict() - # TODO: get tenant name from keystone - tenant_dict["tenant_name"] = kw.get("tenant_name") - tenant_dict["intra_authz_ext_id"] = kw.get("intra_authz_ext_id") - tenant_dict["intra_admin_ext_id"] = kw.get("intra_admin_ext_id") - return self.tenant_api.add_tenant_dict(user_id, tenant_dict) - - @controller.protected() - def get_tenant(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) - tenant_id = kw.get("tenant_id") - return self.tenant_api.get_tenant_dict(user_id)[tenant_id] - - @controller.protected() - def del_tenant(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) - tenant_id = kw.get("tenant_id") - return self.tenant_api.del_tenant(user_id, tenant_id) - - """def load_tenant(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) - tenant_id = kw["tenant_id"] - tenant_name = self.resource_api.get_project(tenant_id)["name"] - intra_authz_ext_id = kw.get("intra_authz_ext_id") - intra_admin_ext_id = kw.get("intra_admin_ext_id") - self.tenant_api.add_tenant_dict( - user_id, - tenant_id, - tenant_name, - intra_authz_ext_id, - intra_admin_ext_id) - """ - @dependency.requires('authz_api') class InterExtensions(controller.V3Controller): diff --git a/keystone-moon/keystone/contrib/moon/core.py b/keystone-moon/keystone/contrib/moon/core.py index ad6bf93d..d5d2e100 100644 --- a/keystone-moon/keystone/contrib/moon/core.py +++ b/keystone-moon/keystone/contrib/moon/core.py @@ -26,24 +26,27 @@ CONF = config.CONF LOG = log.getLogger(__name__) _OPTS = [ + cfg.StrOpt('configuration_driver', + default='keystone.contrib.moon.backends.sql.ConfigurationConnector', + help='Configuration backend driver.'), + cfg.StrOpt('tenant_driver', + default='keystone.contrib.moon.backends.sql.TenantConnector', + help='Tenant backend driver.'), cfg.StrOpt('authz_driver', default='keystone.contrib.moon.backends.flat.SuperExtensionConnector', help='Authorisation backend driver.'), - cfg.StrOpt('log_driver', - default='keystone.contrib.moon.backends.flat.LogConnector', - help='Logs backend driver.'), - cfg.StrOpt('superextension_driver', - default='keystone.contrib.moon.backends.flat.SuperExtensionConnector', - help='SuperExtension backend driver.'), cfg.StrOpt('intraextension_driver', default='keystone.contrib.moon.backends.sql.IntraExtensionConnector', help='IntraExtension backend driver.'), - cfg.StrOpt('tenant_driver', - default='keystone.contrib.moon.backends.sql.TenantConnector', - help='Tenant backend driver.'), cfg.StrOpt('interextension_driver', default='keystone.contrib.moon.backends.sql.InterExtensionConnector', help='InterExtension backend driver.'), + cfg.StrOpt('superextension_driver', + default='keystone.contrib.moon.backends.flat.SuperExtensionConnector', + help='SuperExtension backend driver.'), + cfg.StrOpt('log_driver', + default='keystone.contrib.moon.backends.flat.LogConnector', + help='Logs backend driver.'), cfg.StrOpt('policy_directory', default='/etc/keystone/policies', help='Local directory where all policies are stored.'), @@ -113,133 +116,167 @@ def filter_input(data): LOG.error("Error in filtering input data: {}".format(data)) -@dependency.provider('moonlog_api') -class LogManager(manager.Manager): +@dependency.provider('configuration_api') +@dependency.requires('moonlog_api') +class ConfigurationManager(manager.Manager): def __init__(self): - driver = CONF.moon.log_driver - super(LogManager, self).__init__(driver) - - def get_logs(self, logger="authz", options="", event_number=None, time_from=None, time_to=None, filter_str=None): - - if len(options) > 0: - options = options.split(",") - event_number = None - time_from = None - time_to = None - filter_str = None - for opt in options: - if "event_number" in opt: - event_number = "".join(re.findall("\d*", opt.split("=")[-1])) - try: - event_number = int(event_number) - except ValueError: - event_number = None - elif "from" in opt: - time_from = "".join(re.findall("[\w\-:]*", opt.split("=")[-1])) - try: - time_from = time.strptime(time_from, self.TIME_FORMAT) - except ValueError: - time_from = None - elif "to" in opt: - time_to = "".join(re.findall("[\w\-:] *", opt.split("=")[-1])) - try: - time_to = time.strptime(time_to, self.TIME_FORMAT) - except ValueError: - time_to = None - elif "filter" in opt: - filter_str = "".join(re.findall("\w*", opt.split("=")[-1])) - return self.driver.get_logs(logger, event_number, time_from, time_to, filter_str) + super(ConfigurationManager, self).__init__(CONF.moon.configuration_driver) - def get_authz_logs(self, options="", event_number=None, time_from=None, time_to=None, filter_str=None): - return self.get_logs( - logger="authz", - options="", - event_number=None, - time_from=None, - time_to=None, - filter_str=None) - - def get_sys_logs(self, options="", event_number=None, time_from=None, time_to=None, filter_str=None): - return self.get_logs( - logger="sys", - options="", - event_number=None, - time_from=None, - time_to=None, - filter_str=None) + def get_policy_templete_dict(self, user_id): + """ + Return a dictionary of all policy templetes + :return: {templete_id: templete_description, ...} + """ + # TODO: check user right with user_id in SuperExtension + return self.driver.get_policy_templete_dict() - def authz(self, message): - return self.driver.authz(message) + def get_policy_templete_id_from_name(self, user_id, policy_templete_name): + # TODO: check user right with user_id in SuperExtension + policy_templete_dict = self.driver.get_policy_templete_dict() + for policy_templete_id in policy_templete_dict: + if policy_templete_dict[policy_templete_id] is policy_templete_name: + return policy_templete_id + return None - def debug(self, message): - return self.driver.debug(message) - - def info(self, message): - return self.driver.info(message) + def get_aggregation_algorithm_dict(self, user_id): + """ + Return a dictionary of all aggregation algorithm + :return: {aggre_algo_id: aggre_algo_description, ...} + """ + # TODO: check user right with user_id in SuperExtension + return self.driver.get_aggregation_algorithm_dict() - def warning(self, message): - return self.driver.warning(message) + def get_aggregation_algorithm_id_from_name(self, user_id, aggregation_algorithm_name): + # TODO: check user right with user_id in SuperExtension + aggregation_algorithm_dict = self.driver.get_aggregation_algorithm_dict() + for aggregation_algorithm_id in aggregation_algorithm_dict: + if aggregation_algorithm_dict[aggregation_algorithm_id] is aggregation_algorithm_name: + return aggregation_algorithm_id + return None - def error(self, message): - return self.driver.error(message) + def get_sub_meta_rule_algorithm_dict(self, user_id): + """ + Return a dictionary of sub_meta_rule algorithm + :return: {sub_meta_rule_id: sub_meta_rule_description, } + """ + # TODO: check user right with user_id in SuperExtension + return self.driver.get_sub_meta_rule_algorithm_dict() - def critical(self, message): - return self.driver.critical(message) + def get_sub_meta_rule_algorithm_id_from_name(self, sub_meta_rule_algorithm_name): + # TODO: check user right with user_id in SuperExtension + sub_meta_rule_algorithm_dict = self.driver.get_sub_meta_rule_algorithm_dict() + for sub_meta_rule_algorithm_id in sub_meta_rule_algorithm_dict: + if sub_meta_rule_algorithm_dict[sub_meta_rule_algorithm_id] is sub_meta_rule_algorithm_name: + return sub_meta_rule_algorithm_id + return None @dependency.provider('tenant_api') -@dependency.requires('moonlog_api') +@dependency.requires('moonlog_api') # TODO: log should be totally removed to exception.py class TenantManager(manager.Manager): def __init__(self): super(TenantManager, self).__init__(CONF.moon.tenant_driver) - def get_tenant_dict(self): + def __get_tenant_dict(self): """ - Return a dictionnary with all tenants + Return a dictionary with all tenants :return: dict """ try: return self.driver.get_tenant_dict() except TenantListEmpty: + # TODO: move log to Exception self.moonlog_api.error(_("Tenant Mapping list is empty.")) return {} - def get_tenant_name(self, tenant_uuid): - _tenant_dict = self.get_tenant_dict() - if tenant_uuid not in _tenant_dict: - raise TenantNotFound(_("Tenant UUID ({}) was not found.".format(tenant_uuid))) - return _tenant_dict[tenant_uuid]["name"] + def get_tenant_dict(self, user_id): + """ + Return a dictionary with all tenants + :return: dict + """ + # TODO: check user right with user_id in SuperExtension + return self.__get_tenant_dict() + + def add_tenant(self, user_id, tenant_name, intra_authz_ext_id, intra_admin_ext_id): + # TODO: check user right with user_id in SuperExtension + try: + return self.driver.set_tenant(uuid4().hex, tenant_name, intra_authz_ext_id, intra_admin_ext_id) + except AddedTenantNameExist: + return None + + def get_tenant(self, user_id, tenant_id): + # TODO: check user right with user_id in SuperExtension + tenant_dict = self.__get_tenant_dict() + if tenant_id not in tenant_dict: + raise TenantIDNotFound(_("Tenant UUID ({}) was not found.".format(tenant_id))) + return tenant_dict[tenant_id] + + def del_tenant(self, user_id, tenant_id): + # TODO: check user right with user_id in SuperExtension + tenant_dict = self.__get_tenant_dict() + try: + return tenant_dict.pop(tenant_id) + except KeyError: + raise TenantIDNotFound + + def set_tenant_dict(self, user_id, tenant_id, tenant_name, intra_authz_ext_id, intra_admin_ext_id): + # TODO: check user right with user_id in SuperExtension + # TODO (dthom): Tenant must be checked against Keystone database. + return self.driver.set_tenant(tenant_id, tenant_name, intra_authz_ext_id, intra_admin_ext_id) + + def get_tenant_name(self, user_id, tenant_id): + # TODO: check user right with user_id in SuperExtension + tenant_dict = self.__get_tenant_dict() + if tenant_id not in tenant_dict: + raise TenantIDNotFound(_("Tenant UUID ({}) was not found.".format(tenant_id))) + return tenant_dict[tenant_id]["name"] + + def set_tenant_name(self, user_id, tenant_id, tenant_name): + # TODO: check user right with user_id in SuperExtension + tenant_dict = self.__get_tenant_dict() + if tenant_id not in tenant_dict: + raise TenantIDNotFound(_("Tenant UUID ({}) was not found.".format(tenant_id))) + return self.driver.set_tenant( + self, + tenant_id, + tenant_name, + tenant_dict[tenant_id]['intra_authz_ext_id'], + tenant_dict[tenant_id]['intra_admin_ext_id'] + ) - def set_tenant_name(self, tenant_uuid, tenant_name): - _tenant_dict = self.get_tenant_dict() - if tenant_uuid not in _tenant_dict: - raise TenantNotFound(_("Tenant UUID ({}) was not found.".format(tenant_uuid))) - _tenant_dict[tenant_uuid]['name'] = tenant_name - return self.driver.set_tenant_dict(_tenant_dict) + def get_tenant_id_from_name(self, user_id, tenant_name): + # TODO: check user right with user_id in SuperExtension + tenant_dict = self.__get_tenant_dict() + for tenant_id in tenant_dict: + if tenant_dict[tenant_id]["name"] is tenant_name: + return tenant_id + return None - def get_extension_uuid(self, tenant_uuid, scope="authz"): + def get_tenant_intra_extension_id(self, tenant_id, genre="authz"): """ Return the UUID of the scoped extension for a particular tenant. - :param tenant_uuid: UUID of the tenant - :param scope: "admin" or "authz" + :param tenant_id: UUID of the tenant + :param genre: "admin" or "authz" :return (str): the UUID of the scoped extension """ # 1 tenant only with 1 authz extension and 1 admin extension - _tenant_dict = self.get_tenant_dict() - if tenant_uuid not in _tenant_dict: - raise TenantNotFound(_("Tenant UUID ({}) was not found.".format(tenant_uuid))) - if not _tenant_dict[tenant_uuid][scope]: - raise IntraExtensionNotFound(_("No IntraExtension found for Tenant {}.".format(tenant_uuid))) - return _tenant_dict[tenant_uuid][scope] - + tenant_dict = self.__get_tenant_dict() + if tenant_id not in tenant_dict: + raise TenantIDNotFound(_("Tenant UUID ({}) was not found.".format(tenant_id))) + if not tenant_dict[tenant_id][genre]: + raise IntraExtensionNotFound(_("No IntraExtension found for Tenant {}.".format(tenant_id))) + return tenant_dict[tenant_id][genre] + + # TODO: check if we need the func def get_tenant_uuid(self, extension_uuid): for _tenant_uuid, _tenant_value in six.iteritems(self.get_tenant_dict()): if extension_uuid == _tenant_value["authz"] or extension_uuid == _tenant_value["admin"]: return _tenant_uuid - raise TenantNotFound() + raise TenantIDNotFound() + # TODO: check if we need the func def get_admin_extension_uuid(self, authz_extension_uuid): _tenants = self.get_tenant_dict() for _tenant_uuid in _tenants: @@ -251,6 +288,7 @@ class TenantManager(manager.Manager): # to allow or not the fact that Admin IntraExtension can be None # raise AdminIntraExtensionNotFound() + # TODO: check if we need the func def delete(self, authz_extension_uuid): _tenants = self.get_tenant_dict() for _tenant_uuid in _tenants: @@ -259,42 +297,23 @@ class TenantManager(manager.Manager): raise AuthzIntraExtensionNotFound(_("No IntraExtension found mapping this Authz IntraExtension: {}.".format( authz_extension_uuid))) - def set_tenant_dict(self, tenant_uuid, name, authz_extension_uuid, admin_extension_uuid): - tenant = { - tenant_uuid: { - "name": name, - "authz": authz_extension_uuid, - "admin": admin_extension_uuid - } - } - # TODO (dthom): Tenant must be checked against Keystone database. - return self.driver.set_tenant_dict(tenant) - -class TenantDriver: - - def get_tenant_dict(self): - raise exception.NotImplemented() # pragma: no cover - - def set_tenant_dict(self, tenant): - raise exception.NotImplemented() # pragma: no cover - - -@dependency.requires('identity_api', 'moonlog_api', 'tenant_api', 'authz_api', 'admin_api') +@dependency.requires('identity_api', 'tenant_api', 'authz_api', 'admin_api', 'moonlog_api') class IntraExtensionManager(manager.Manager): __genre__ = None + __default_user = uuid4().hex() # default user_id for internal invocation def __init__(self): driver = CONF.moon.intraextension_driver super(IntraExtensionManager, self).__init__(driver) - def __get_authz_buffer(self, intra_extension_uuid, subject_uuid, object_uuid, action_uuid): + def __get_authz_buffer(self, intra_extension_id, subject_id, object_id, action_id): """ - :param intra_extension_uuid: - :param subject_uuid: - :param object_uuid: - :param action_uuid: + :param intra_extension_id: + :param subject_id: + :param object_id: + :param action_id: :return: authz_buffer = { 'subject_uuid': xxx, 'object_uuid': yyy, @@ -310,33 +329,33 @@ class IntraExtensionManager(manager.Manager): } """ - if not self.driver.get_intra_extension(intra_extension_uuid): + if not self.driver.get_intra_extension(intra_extension_id): raise IntraExtensionNotFound() _authz_buffer = dict() - _authz_buffer['subject_uuid'] = subject_uuid - _authz_buffer['object_uuid'] = object_uuid - _authz_buffer['action_uuid'] = action_uuid + _authz_buffer['subject_id'] = subject_id + _authz_buffer['object_id'] = object_id + _authz_buffer['action_id'] = action_id _meta_data_dict = {} - _meta_data_dict["subject_categories"] = self.driver.get_subject_category_dict(intra_extension_uuid)["subject_categories"] - _meta_data_dict["object_categories"] = self.driver.get_object_category_dict(intra_extension_uuid)["object_categories"] - _meta_data_dict["action_categories"] = self.driver.get_action_category_dict(intra_extension_uuid)["action_categories"] + _meta_data_dict["subject_categories"] = self.driver.get_subject_category_dict(intra_extension_id)["subject_categories"] + _meta_data_dict["object_categories"] = self.driver.get_object_category_dict(intra_extension_id)["object_categories"] + _meta_data_dict["action_categories"] = self.driver.get_action_category_dict(intra_extension_id)["action_categories"] _subject_assignment_dict = dict() for category in _meta_data_dict["subject_categories"]: _subject_assignment_dict[category] = self.driver.get_subject_category_assignment_dict( - intra_extension_uuid, category)["subject_category_assignments"] + intra_extension_id, category)["subject_category_assignments"] _object_assignment_dict = dict() for category in _meta_data_dict["object_categories"]: _object_assignment_dict[category] = self.driver.get_object_category_assignment_dict( - intra_extension_uuid, category)["object_category_assignments"] + intra_extension_id, category)["object_category_assignments"] _action_assignment_dict = dict() for category in _meta_data_dict["action_categories"]: _action_assignment_dict[category] = self.driver.get_action_category_assignment_dict( - intra_extension_uuid, category)["action_category_assignments"] + intra_extension_id, category)["action_category_assignments"] _authz_buffer['subject_attributes'] = dict() _authz_buffer['object_attributes'] = dict() @@ -351,13 +370,13 @@ class IntraExtensionManager(manager.Manager): return _authz_buffer - def authz(self, intra_extension_uuid, subject_uuid, object_uuid, action_uuid): + def authz(self, intra_extension_id, subject_id, object_id, action_id): """Check authorization for a particular action. - :param intra_extension_uuid: UUID of an IntraExtension - :param subject_uuid: subject UUID of the request - :param object_uuid: object UUID of the request - :param action_uuid: action UUID of the request + :param intra_extension_id: UUID of an IntraExtension + :param subject_id: subject UUID of the request + :param object_id: object UUID of the request + :param action_id: action UUID of the request :return: True or False or raise an exception :raises: (in that order) IntraExtensionNotFound @@ -369,11 +388,11 @@ class IntraExtensionManager(manager.Manager): ActionCategoryAssignmentUnknown """ - _authz_buffer = self.__get_authz_buffer(intra_extension_uuid, subject_uuid, object_uuid, action_uuid) + _authz_buffer = self.__get_authz_buffer(intra_extension_id, subject_id, object_id, action_id) _decision_buffer = dict() - _meta_rule_dict = self.driver.get_meta_rule_dict(intra_extension_uuid) - _rule_dict = self.driver.get_rule_dict(intra_extension_uuid) + _meta_rule_dict = self.driver.get_meta_rule_dict(intra_extension_id) + _rule_dict = self.driver.get_rule_dict(intra_extension_id) for _rule in _meta_rule_dict['sub_meta_rules']: if _meta_rule_dict['sub_meta_rules'][_rule]['algorithm'] == 'inclusion': @@ -508,15 +527,15 @@ class IntraExtensionManager(manager.Manager): for category_name, value in json_assignments['subject_assignments'].iteritems(): category = self.driver.get_uuid_from_name(ie["id"], category_name, self.driver.SUBJECT_CATEGORY) for user_name in value: - user_uuid = self.driver.get_uuid_from_name(ie["id"], user_name, self.driver.SUBJECT) - if user_uuid not in subject_assignments: - subject_assignments[user_uuid] = dict() - if category not in subject_assignments[user_uuid]: - subject_assignments[user_uuid][category] = \ + user_id = self.driver.get_uuid_from_name(ie["id"], user_name, self.driver.SUBJECT) + if user_id not in subject_assignments: + subject_assignments[user_id] = dict() + if category not in subject_assignments[user_id]: + subject_assignments[user_id][category] = \ map(lambda x: self.driver.get_uuid_from_name(ie["id"], x, self.driver.SUBJECT_SCOPE, category_name), value[user_name]) else: - subject_assignments[user_uuid][category].extend( + subject_assignments[user_id][category].extend( map(lambda x: self.driver.get_uuid_from_name(ie["id"], x, self.driver.SUBJECT_SCOPE, category_name), value[user_name]) ) @@ -684,12 +703,12 @@ class IntraExtensionManager(manager.Manager): @filter_args @enforce("read", "subjects") - def get_subject_dict(self, user_uuid, intra_extension_uuid): + def get_subject_dict(self, user_id, intra_extension_uuid): return self.driver.get_subject_dict(intra_extension_uuid) @filter_args @enforce(("read", "write"), "subjects") - def set_subject_dict(self, user_uuid, intra_extension_uuid, subject_list): + def set_subject_dict(self, user_id, intra_extension_uuid, subject_list): subject_dict = {} for _user in subject_list: # Next line will raise an error if user is not present in Keystone database @@ -701,7 +720,7 @@ class IntraExtensionManager(manager.Manager): @filter_args @enforce(("read", "write"), "subjects") - def add_subject_dict(self, user_uuid, intra_extension_uuid, subject_name): + def add_subject_dict(self, user_id, intra_extension_uuid, subject_name): # Next line will raise an error if user is not present in Keystone database user = self.identity_api.get_user_by_name(subject_name, "default") subjects = self.driver.add_subject(intra_extension_uuid, user["id"], user) @@ -710,24 +729,24 @@ class IntraExtensionManager(manager.Manager): @filter_args @enforce("read", "subjects") @enforce("write", "subjects") - def del_subject(self, user_uuid, intra_extension_uuid, subject_uuid): + def del_subject(self, user_id, intra_extension_uuid, subject_uuid): self.driver.remove_subject(intra_extension_uuid, subject_uuid) @filter_args @enforce("read", "objects") - def get_object_dict(self, user_uuid, intra_extension_uuid): + def get_object_dict(self, user_id, intra_extension_uuid): return self.driver.get_object_dict(intra_extension_uuid) @filter_args @enforce(("read", "write"), "objects") - def set_object_dict(self, user_uuid, intra_extension_uuid, object_list): + def set_object_dict(self, user_id, intra_extension_uuid, object_list): # TODO (asteroide): we must check input here. object_dict = {uuid4().hex: item for item in object_list} return self.driver.set_object_dict(intra_extension_uuid, object_dict) @filter_args @enforce(("read", "write"), "objects") - def add_object_dict(self, user_uuid, intra_extension_uuid, object_dict): + def add_object_dict(self, user_id, intra_extension_uuid, object_dict): # TODO (asteroide): we must check input here. object_uuid = uuid4().hex return self.driver.add_object(intra_extension_uuid, object_uuid, object_dict) @@ -735,24 +754,24 @@ class IntraExtensionManager(manager.Manager): @filter_args @enforce("read", "objects") @enforce("write", "objects") - def del_object(self, user_uuid, intra_extension_uuid, object_uuid): + def del_object(self, user_id, intra_extension_uuid, object_uuid): self.driver.remove_object(intra_extension_uuid, object_uuid) @filter_args @enforce("read", "actions") - def get_action_dict(self, user_uuid, intra_extension_uuid): + def get_action_dict(self, user_id, intra_extension_uuid): return self.driver.get_action_dict(intra_extension_uuid) @filter_args @enforce(("read", "write"), "actions") - def set_action_dict(self, user_uuid, intra_extension_uuid, action_list): + def set_action_dict(self, user_id, intra_extension_uuid, action_list): # TODO (asteroide): we must check input here. action_dict = {uuid4().hex: item for item in action_list} return self.driver.set_action_dict(intra_extension_uuid, action_dict) @filter_args @enforce(("read", "write"), "actions") - def add_action_dict(self, user_uuid, intra_extension_uuid, action_dict): + def add_action_dict(self, user_id, intra_extension_uuid, action_dict): # TODO (asteroide): we must check input here. action_uuid = uuid4().hex return self.driver.add_action(intra_extension_uuid, action_uuid, action_dict) @@ -760,21 +779,21 @@ class IntraExtensionManager(manager.Manager): @filter_args @enforce("read", "actions") @enforce("write", "actions") - def del_action(self, user_uuid, intra_extension_uuid, action_uuid): + def del_action(self, user_id, intra_extension_uuid, action_uuid): self.driver.remove_action(intra_extension_uuid, action_uuid) # Metadata functions @filter_args @enforce("read", "subject_categories") - def get_subject_category_dict(self, user_uuid, intra_extension_uuid): + def get_subject_category_dict(self, user_id, intra_extension_uuid): return self.driver.get_subject_category_dict(intra_extension_uuid) @filter_args @enforce("read", "subject_categories") @enforce("read", "subject_category_scope") @enforce("write", "subject_category_scope") - def set_subject_category_dict(self, user_uuid, intra_extension_uuid, subject_category_list): + def set_subject_category_dict(self, user_id, intra_extension_uuid, subject_category_list): subject_category = {uuid4().hex: item for item in subject_category_list} subject_category_dict = self.driver.set_subject_category_dict(intra_extension_uuid, subject_category) # if we add a new category, we must add it to the subject_category_scope @@ -788,7 +807,7 @@ class IntraExtensionManager(manager.Manager): @filter_args @enforce("read", "subject_categories") @enforce("write", "subject_categories") - def add_subject_category_dict(self, user_uuid, intra_extension_uuid, subject_category_dict): + def add_subject_category_dict(self, user_id, intra_extension_uuid, subject_category_dict): # TODO (asteroide): we must check input here. subject_category_uuid = uuid4().hex subject_categories = self.driver.add_subject_category_dict( @@ -797,19 +816,19 @@ class IntraExtensionManager(manager.Manager): @filter_args @enforce("write", "subject_categories") - def del_subject_category(self, user_uuid, intra_extension_uuid, subject_uuid): + def del_subject_category(self, user_id, intra_extension_uuid, subject_uuid): return self.driver.remove_subject_category(intra_extension_uuid, subject_uuid) @filter_args @enforce("read", "object_categories") - def get_object_category_dict(self, user_uuid, intra_extension_uuid): + def get_object_category_dict(self, user_id, intra_extension_uuid): return self.driver.get_object_category_dict(intra_extension_uuid) @filter_args @enforce("read", "object_categories") @enforce("read", "object_category_scope") @enforce("write", "object_category_scope") - def set_object_category_dict(self, user_uuid, intra_extension_uuid, object_category_list): + def set_object_category_dict(self, user_id, intra_extension_uuid, object_category_list): # TODO (asteroide): we must check input here. object_category = {uuid4().hex: item for item in object_category_list} object_category_dict = self.driver.set_object_category_dict(intra_extension_uuid, object_category) @@ -824,7 +843,7 @@ class IntraExtensionManager(manager.Manager): @filter_args @enforce("read", "object_categories") @enforce("write", "object_categories") - def add_object_category_dict(self, user_uuid, intra_extension_uuid, object_category_dict): + def add_object_category_dict(self, user_id, intra_extension_uuid, object_category_dict): # TODO (asteroide): we must check input here. object_category_uuid = uuid4().hex object_categories = self.driver.add_object_category_dict( @@ -833,19 +852,19 @@ class IntraExtensionManager(manager.Manager): @filter_args @enforce("write", "object_categories") - def del_object_category(self, user_uuid, intra_extension_uuid, object_uuid): + def del_object_category(self, user_id, intra_extension_uuid, object_uuid): return self.driver.remove_object_category(intra_extension_uuid, object_uuid) @filter_args @enforce("read", "action_categories") - def get_action_category_dict(self, user_uuid, intra_extension_uuid): + def get_action_category_dict(self, user_id, intra_extension_uuid): return self.driver.get_action_category_dict(intra_extension_uuid) @filter_args @enforce("read", "action_categories") @enforce("read", "action_category_scope") @enforce("write", "action_category_scope") - def set_action_category_dict(self, user_uuid, intra_extension_uuid, action_category_list): + def set_action_category_dict(self, user_id, intra_extension_uuid, action_category_list): # TODO (asteroide): we must check input here. action_category = {uuid4().hex: item for item in action_category_list} action_category_dict = self.driver.set_action_category_dict(intra_extension_uuid, action_category) @@ -860,7 +879,7 @@ class IntraExtensionManager(manager.Manager): @filter_args @enforce("read", "action_categories") @enforce("write", "action_categories") - def add_action_category_dict(self, user_uuid, intra_extension_uuid, action_category_dict): + def add_action_category_dict(self, user_id, intra_extension_uuid, action_category_dict): # TODO (asteroide): we must check input here. action_category_uuid = uuid4().hex action_categories = self.driver.add_action_category_dict( @@ -869,22 +888,22 @@ class IntraExtensionManager(manager.Manager): @filter_args @enforce("write", "action_categories") - def del_action_category(self, user_uuid, intra_extension_uuid, action_uuid): + def del_action_category(self, user_id, intra_extension_uuid, action_uuid): return self.driver.remove_action_category(intra_extension_uuid, action_uuid) # Scope functions @filter_args @enforce("read", "subject_category_scope") @enforce("read", "subject_category") - def get_subject_category_scope_dict(self, user_uuid, intra_extension_uuid, category): - if category not in self.get_subject_category_dict(user_uuid, intra_extension_uuid)["subject_categories"]: + def get_subject_category_scope_dict(self, user_id, intra_extension_uuid, category): + if category not in self.get_subject_category_dict(user_id, intra_extension_uuid)["subject_categories"]: raise SubjectCategoryUnknown() return self.driver.get_subject_category_scope_dict(intra_extension_uuid, category) @filter_args @enforce("read", "subject_category_scope") @enforce("read", "subject_category") - def set_subject_category_scope_dict(self, user_uuid, intra_extension_uuid, category_uuid, scope_list): + def set_subject_category_scope_dict(self, user_id, intra_extension_uuid, category_uuid, scope_list): # TODO (asteroide): we must check input here. scope_dict = {uuid4().hex: item for item in scope_list} return self.driver.set_subject_category_scope_dict(intra_extension_uuid, category_uuid, scope_dict) @@ -892,7 +911,7 @@ class IntraExtensionManager(manager.Manager): @filter_args @enforce(("read", "write"), "subject_category_scope") @enforce("read", "subject_category") - def add_subject_category_scope_dict(self, user_uuid, intra_extension_uuid, category_uuid, scope_dict): + def add_subject_category_scope_dict(self, user_id, intra_extension_uuid, category_uuid, scope_dict): # TODO (asteroide): we must check input here. scope_uuid = uuid4().hex return self.driver.add_subject_category_scope_dict( @@ -904,7 +923,7 @@ class IntraExtensionManager(manager.Manager): @filter_args @enforce("write", "subject_category_scope") @enforce("read", "subject_category") - def del_subject_category_scope(self, user_uuid, intra_extension_uuid, category_uuid, scope_uuid): + def del_subject_category_scope(self, user_id, intra_extension_uuid, category_uuid, scope_uuid): self.driver.remove_subject_category_scope_dict( intra_extension_uuid, category_uuid, @@ -913,13 +932,13 @@ class IntraExtensionManager(manager.Manager): @filter_args @enforce("read", "object_category_scope") @enforce("read", "object_category") - def get_object_category_scope_dict(self, user_uuid, intra_extension_uuid, category_uuid): + def get_object_category_scope_dict(self, user_id, intra_extension_uuid, category_uuid): return self.driver.get_object_category_scope_dict(intra_extension_uuid, category_uuid) @filter_args @enforce("read", "object_category_scope") @enforce("read", "object_category") - def set_object_category_scope_dict(self, user_uuid, intra_extension_uuid, category_uuid, scope_list): + def set_object_category_scope_dict(self, user_id, intra_extension_uuid, category_uuid, scope_list): # TODO (asteroide): we must check input here. scope_dict = {uuid4().hex: item for item in scope_list} return self.driver.set_object_category_scope_dict(intra_extension_uuid, category_uuid, scope_dict) @@ -927,7 +946,7 @@ class IntraExtensionManager(manager.Manager): @filter_args @enforce(("read", "write"), "object_category_scope") @enforce("read", "object_category") - def add_object_category_scope_dict(self, user_uuid, intra_extension_uuid, category_uuid, scope_dict): + def add_object_category_scope_dict(self, user_id, intra_extension_uuid, category_uuid, scope_dict): # TODO (asteroide): we must check input here. scope_uuid = uuid4().hex return self.driver.add_subject_category_scope_dict( @@ -939,7 +958,7 @@ class IntraExtensionManager(manager.Manager): @filter_args @enforce("write", "object_category_scope") @enforce("read", "object_category") - def del_object_category_scope(self, user_uuid, intra_extension_uuid, category_uuid, scope_uuid): + def del_object_category_scope(self, user_id, intra_extension_uuid, category_uuid, scope_uuid): self.driver.remove_object_category_scope_dict( intra_extension_uuid, category_uuid, @@ -948,13 +967,13 @@ class IntraExtensionManager(manager.Manager): @filter_args @enforce("read", "action_category_scope") @enforce("read", "action_category") - def get_action_category_scope_dict(self, user_uuid, intra_extension_uuid, category_uuid): + def get_action_category_scope_dict(self, user_id, intra_extension_uuid, category_uuid): return self.driver.get_action_category_scope_dict(intra_extension_uuid, category_uuid) @filter_args @enforce(("read", "write"), "action_category_scope") @enforce("read", "action_category") - def set_action_category_scope_dict(self, user_uuid, intra_extension_uuid, category_uuid, scope_list): + def set_action_category_scope_dict(self, user_id, intra_extension_uuid, category_uuid, scope_list): # TODO (asteroide): we must check input here. scope_dict = {uuid4().hex: item for item in scope_list} return self.driver.set_action_category_scope_dict(intra_extension_uuid, category_uuid, scope_dict) @@ -962,7 +981,7 @@ class IntraExtensionManager(manager.Manager): @filter_args @enforce(("read", "write"), "action_category_scope") @enforce("read", "action_category") - def add_action_category_scope_dict(self, user_uuid, intra_extension_uuid, category_uuid, scope_dict): + def add_action_category_scope_dict(self, user_id, intra_extension_uuid, category_uuid, scope_dict): # TODO (asteroide): we must check input here. scope_uuid = uuid4().hex return self.driver.add_action_category_scope_dict( @@ -974,7 +993,7 @@ class IntraExtensionManager(manager.Manager): @filter_args @enforce("write", "action_category_scope") @enforce("read", "action_category") - def del_action_category_scope(self, user_uuid, intra_extension_uuid, category_uuid, scope_uuid): + def del_action_category_scope(self, user_id, intra_extension_uuid, category_uuid, scope_uuid): self.driver.remove_action_category_scope_dict( intra_extension_uuid, category_uuid, @@ -985,14 +1004,14 @@ class IntraExtensionManager(manager.Manager): @filter_args @enforce("read", "subject_category_assignment") @enforce("read", "subjects") - def get_subject_category_assignment_dict(self, user_uuid, intra_extension_uuid, subject_uuid): + def get_subject_category_assignment_dict(self, user_id, intra_extension_uuid, subject_uuid): return self.driver.get_subject_category_assignment_dict(intra_extension_uuid, subject_uuid) @filter_args @enforce("read", "subject_category_assignment") @enforce("write", "subject_category_assignment") @enforce("read", "subjects") - def set_subject_category_assignment_dict(self, user_uuid, intra_extension_uuid, subject_uuid, assignment_dict): + def set_subject_category_assignment_dict(self, user_id, intra_extension_uuid, subject_uuid, assignment_dict): # TODO (asteroide): we must check input here. return self.driver.set_subject_category_assignment_dict(intra_extension_uuid, subject_uuid, assignment_dict) @@ -1002,7 +1021,7 @@ class IntraExtensionManager(manager.Manager): @enforce("read", "subjects") @enforce("read", "subject_category") @enforce("read", "subject_scope") - def del_subject_category_assignment(self, user_uuid, intra_extension_uuid, subject_uuid, category_uuid, scope_uuid): + def del_subject_category_assignment(self, user_id, intra_extension_uuid, subject_uuid, category_uuid, scope_uuid): self.driver.remove_subject_category_assignment(intra_extension_uuid, subject_uuid, category_uuid, scope_uuid) @filter_args @@ -1010,7 +1029,7 @@ class IntraExtensionManager(manager.Manager): @enforce("read", "subjects") @enforce("read", "subject_category") def add_subject_category_assignment_dict(self, - user_uuid, + user_id, intra_extension_uuid, subject_uuid, category_uuid, @@ -1021,14 +1040,14 @@ class IntraExtensionManager(manager.Manager): @filter_args @enforce("read", "object_category_assignment") @enforce("read", "objects") - def get_object_category_assignment_dict(self, user_uuid, intra_extension_uuid, object_uuid): + def get_object_category_assignment_dict(self, user_id, intra_extension_uuid, object_uuid): return self.driver.get_object_category_assignment_dict(intra_extension_uuid, object_uuid) @filter_args @enforce("read", "object_category_assignment") @enforce("write", "object_category_assignment") @enforce("read", "objects") - def set_object_category_assignment_dict(self, user_uuid, intra_extension_uuid, object_uuid, assignment_dict): + def set_object_category_assignment_dict(self, user_id, intra_extension_uuid, object_uuid, assignment_dict): # TODO (asteroide): we must check input here. return self.driver.set_object_category_assignment_dict(intra_extension_uuid, object_uuid, assignment_dict) @@ -1037,7 +1056,7 @@ class IntraExtensionManager(manager.Manager): @enforce("write", "object_category_assignment") @enforce("read", "objects") @enforce("read", "object_category") - def del_object_category_assignment(self, user_uuid, intra_extension_uuid, object_uuid, category_uuid, scope_uuid): + def del_object_category_assignment(self, user_id, intra_extension_uuid, object_uuid, category_uuid, scope_uuid): self.driver.remove_object_category_assignment(intra_extension_uuid, object_uuid, category_uuid, scope_uuid) @filter_args @@ -1045,7 +1064,7 @@ class IntraExtensionManager(manager.Manager): @enforce("read", "objects") @enforce("read", "object_category") def add_object_category_assignment_dict(self, - user_uuid, + user_id, intra_extension_uuid, object_uuid, category_uuid, @@ -1056,14 +1075,14 @@ class IntraExtensionManager(manager.Manager): @filter_args @enforce("read", "action_category_assignment") @enforce("read", "actions") - def get_action_category_assignment_dict(self, user_uuid, intra_extension_uuid, action_uuid): + def get_action_category_assignment_dict(self, user_id, intra_extension_uuid, action_uuid): return self.driver.get_action_category_assignment_dict(intra_extension_uuid, action_uuid) @filter_args @enforce("read", "action_category_assignment") @enforce("write", "action_category_assignment") @enforce("read", "actions") - def set_action_category_assignment_dict(self, user_uuid, intra_extension_uuid, action_uuid, assignment_dict): + def set_action_category_assignment_dict(self, user_id, intra_extension_uuid, action_uuid, assignment_dict): # TODO (asteroide): we must check input here. return self.driver.set_action_category_assignment_dict(intra_extension_uuid, action_uuid, assignment_dict) @@ -1072,7 +1091,7 @@ class IntraExtensionManager(manager.Manager): @enforce("write", "action_category_assignment") @enforce("read", "actions") @enforce("read", "action_category") - def del_action_category_assignment(self, user_uuid, intra_extension_uuid, action_uuid, category_uuid, scope_uuid): + def del_action_category_assignment(self, user_id, intra_extension_uuid, action_uuid, category_uuid, scope_uuid): self.driver.remove_action_category_assignment(intra_extension_uuid, action_uuid, category_uuid, scope_uuid) @filter_args @@ -1080,7 +1099,7 @@ class IntraExtensionManager(manager.Manager): @enforce("read", "actions") @enforce("read", "action_category") def add_action_category_assignment_dict(self, - user_uuid, + user_id, intra_extension_uuid, action_uuid, category_uuid, @@ -1094,21 +1113,16 @@ class IntraExtensionManager(manager.Manager): # Metarule functions @filter_args - def get_aggregation_algorithms(self, user_uuid, intra_extension_uuid): - # TODO: check which algorithms are really usable - return {"aggregation_algorithms": ["and_true_aggregation", "test_aggregation", "all_true"]} - - @filter_args @enforce("read", "aggregation_algorithms") - def get_aggregation_algorithm(self, user_uuid, intra_extension_uuid): + def get_aggregation_algorithm(self, user_id, intra_extension_uuid): return self.driver.get_meta_rule_dict(intra_extension_uuid) @filter_args @enforce("read", "aggregation_algorithms") @enforce("write", "aggregation_algorithms") - def set_aggregation_algorithm(self, user_uuid, intra_extension_uuid, aggregation_algorithm): + def set_aggregation_algorithm(self, user_id, intra_extension_uuid, aggregation_algorithm): if aggregation_algorithm not in self.get_aggregation_algorithms( - user_uuid, intra_extension_uuid)["aggregation_algorithms"]: + user_id, intra_extension_uuid)["aggregation_algorithms"]: raise IntraExtensionError("Unknown aggregation_algorithm: {}".format(aggregation_algorithm)) meta_rule = self.driver.get_meta_rule_dict(intra_extension_uuid) meta_rule["aggregation"] = aggregation_algorithm @@ -1116,35 +1130,35 @@ class IntraExtensionManager(manager.Manager): @filter_args @enforce("read", "sub_meta_rule") - def get_sub_meta_rule(self, user_uuid, intra_extension_uuid): + def get_sub_meta_rule(self, user_id, intra_extension_uuid): return self.driver.get_meta_rule_dict(intra_extension_uuid) @filter_args @enforce("read", "sub_meta_rule") @enforce("write", "sub_meta_rule") - def set_sub_meta_rule(self, user_uuid, intra_extension_uuid, sub_meta_rules): + def set_sub_meta_rule(self, user_id, intra_extension_uuid, sub_meta_rules): # TODO: check which algorithms are really usable # TODO (dthom): When sub_meta_rule is set, all rules must be dropped # because the previous rules cannot be mapped to the new sub_meta_rule. for relation in sub_meta_rules.keys(): - if relation not in self.get_sub_meta_rule_relations(user_uuid, intra_extension_uuid)["sub_meta_rule_relations"]: + if relation not in self.get_sub_meta_rule_relations(user_id, intra_extension_uuid)["sub_meta_rule_relations"]: raise IntraExtensionError("set_sub_meta_rule unknown MetaRule relation {}".format(relation)) for cat in ("subject_categories", "object_categories", "action_categories"): if cat not in sub_meta_rules[relation]: raise IntraExtensionError("set_sub_meta_rule category {} missed".format(cat)) if type(sub_meta_rules[relation][cat]) is not list: raise IntraExtensionError("set_sub_meta_rule category {} is not a list".format(cat)) - subject_categories = self.get_subject_category_dict(user_uuid, intra_extension_uuid)["subject_categories"] + subject_categories = self.get_subject_category_dict(user_id, intra_extension_uuid)["subject_categories"] for data in list(sub_meta_rules[relation]["subject_categories"]): if data not in subject_categories: raise IntraExtensionError("set_sub_meta_rule category {} is not part of subject_categories {}".format( data, subject_categories)) - object_categories = self.get_object_category_dict(user_uuid, intra_extension_uuid)["object_categories"] + object_categories = self.get_object_category_dict(user_id, intra_extension_uuid)["object_categories"] for data in sub_meta_rules[relation]["object_categories"]: if data not in object_categories: raise IntraExtensionError("set_sub_meta_rule category {} is not part of object_categories {}".format( data, object_categories)) - action_categories = self.get_action_category_dict(user_uuid, intra_extension_uuid)["actions_categories"] + action_categories = self.get_action_category_dict(user_id, intra_extension_uuid)["actions_categories"] for data in sub_meta_rules[relation]["action_categories"]: if data not in action_categories: raise IntraExtensionError("set_sub_meta_rule category {} is not part of action_categories {}".format( @@ -1160,24 +1174,24 @@ class IntraExtensionManager(manager.Manager): # Sub-rules functions @filter_args @enforce("read", "sub_rules") - def get_rules(self, user_uuid, intra_extension_uuid): + def get_rules(self, user_id, intra_extension_uuid): return self.driver.get_rules(intra_extension_uuid) @filter_args @enforce("read", "sub_rules") @enforce("write", "sub_rules") - def set_rule(self, user_uuid, intra_extension_uuid, relation, sub_rule): + def set_rule(self, user_id, intra_extension_uuid, relation, sub_rule): for item in sub_rule: if type(item) not in (str, unicode, bool): raise IntraExtensionError("Bad input data (sub_rule).") ref_rules = self.driver.get_rules(intra_extension_uuid) _sub_rule = list(sub_rule) - if relation not in self.get_sub_meta_rule_relations(user_uuid, intra_extension_uuid)["sub_meta_rule_relations"]: + if relation not in self.get_sub_meta_rule_relations(user_id, intra_extension_uuid)["sub_meta_rule_relations"]: raise IntraExtensionError("Bad input data (rules).") # filter strings in sub_rule sub_rule = [filter_input(x) for x in sub_rule] # check if length of sub_rule is correct from metadata_sub_rule - metadata_sub_rule = self.get_sub_meta_rule(user_uuid, intra_extension_uuid) + metadata_sub_rule = self.get_sub_meta_rule(user_id, intra_extension_uuid) metadata_sub_rule_length = len(metadata_sub_rule['sub_meta_rules'][relation]["subject_categories"]) + \ len(metadata_sub_rule['sub_meta_rules'][relation]["action_categories"]) + \ len(metadata_sub_rule['sub_meta_rules'][relation]["object_categories"]) + 1 @@ -1188,12 +1202,12 @@ class IntraExtensionManager(manager.Manager): for category in metadata_sub_rule['sub_meta_rules'][relation]["subject_categories"]: item = _sub_rule.pop(0) if item not in self.get_subject_category_scope_dict( - user_uuid, + user_id, intra_extension_uuid, category)["subject_category_scope"][category].keys(): raise IntraExtensionError("Bad subject value in sub_rule {}/{}".format(category, item)) for category in metadata_sub_rule['sub_meta_rules'][relation]["action_categories"]: action_categories = self.get_action_category_scope_dict( - user_uuid, + user_id, intra_extension_uuid, category)["action_category_scope"][category] item = _sub_rule.pop(0) if item not in action_categories.keys(): @@ -1202,7 +1216,7 @@ class IntraExtensionManager(manager.Manager): for category in metadata_sub_rule['sub_meta_rules'][relation]["object_categories"]: item = _sub_rule.pop(0) if item not in self.get_object_category_scope_dict( - user_uuid, + user_id, intra_extension_uuid, category)["object_category_scope"][category].keys(): raise IntraExtensionError("Bad object value in sub_rule {}/{}".format(category, item)) # check if relation is already there @@ -1215,7 +1229,7 @@ class IntraExtensionManager(manager.Manager): @filter_args @enforce("read", "sub_rules") @enforce("write", "sub_rules") - def del_rule(self, user_uuid, intra_extension_uuid, relation_name, sub_rule): + def del_rule(self, user_id, intra_extension_uuid, relation_name, sub_rule): ref_rules = self.driver.get_rules(intra_extension_uuid) sub_rule = sub_rule.split("+") for index, _item in enumerate(sub_rule): @@ -1234,148 +1248,161 @@ class IntraExtensionManager(manager.Manager): @dependency.provider('authz_api') -@dependency.requires('identity_api', 'moonlog_api', 'tenant_api') +@dependency.requires('identity_api', 'tenant_api', 'moonlog_api') class IntraExtensionAuthzManager(IntraExtensionManager): __genre__ = "authz" - def authz(self, tenant_uuid, sub, obj, act): + def authz(self, tenant_name, subject_name, object_name, action_name): """Check authorization for a particular action. - - :param tenant_uuid: UUID of a tenant - :param sub: subject of the request - :param obj: object of the request - :param act: action of the request :return: True or False or raise an exception """ - _intra_authz_extention_uuid = self.tenant_api.get_extension_uuid(tenant_uuid, "authz") - return super(IntraExtensionAuthzManager, self).authz(_intra_authz_extention_uuid, sub, obj, act) + tenant_id = self.tenant_api.get_tenant_id_from_name(self.__default_user, tenant_name) + intra_extension_id = self.tenant_api.get_extension_id(tenant_id, self.__genre__) + subject_dict = self.get_subject_dict(self.__default_user, intra_extension_id) + subject_id = None + for _subject_id in subject_dict: + if subject_dict[_subject_id] is subject_name: + subject_id = _subject_id + object_dict = self.get_object_dict(self.__default_user, intra_extension_id) + object_id = None + for _object_id in object_dict: + if object_dict[_object_id] is object_name: + object_id = _object_id + action_dict = self.get_action_dict(self.__default_user, intra_extension_id) + action_id = None + for _action_id in action_dict: + if action_dict[_action_id] is action_name: + action_id = _action_id + + return super(IntraExtensionAuthzManager, self).authz(intra_extension_id, subject_id, object_id, action_id) def delete_intra_extension(self, intra_extension_id): raise AdminException() - def set_subject_dict(self, user_uuid, intra_extension_uuid, subject_dict): + def set_subject_dict(self, user_id, intra_extension_uuid, subject_dict): raise SubjectAddNotAuthorized() - def add_subject_dict(self, user_uuid, intra_extension_uuid, subject_name): + def add_subject_dict(self, user_id, intra_extension_uuid, subject_name): raise SubjectAddNotAuthorized() - def del_subject(self, user_uuid, intra_extension_uuid, subject_name): + def del_subject(self, user_id, intra_extension_uuid, subject_name): raise SubjectDelNotAuthorized() - def set_object_dict(self, user_uuid, intra_extension_uuid, object_dict): + def set_object_dict(self, user_id, intra_extension_uuid, object_dict): raise ObjectAddNotAuthorized() - def add_object_dict(self, user_uuid, intra_extension_uuid, object_name): + def add_object_dict(self, user_id, intra_extension_uuid, object_name): raise ObjectAddNotAuthorized() - def del_object(self, user_uuid, intra_extension_uuid, object_uuid): + def del_object(self, user_id, intra_extension_uuid, object_uuid): raise ObjectDelNotAuthorized() - def set_action_dict(self, user_uuid, intra_extension_uuid, action_dict): + def set_action_dict(self, user_id, intra_extension_uuid, action_dict): raise ActionAddNotAuthorized() - def add_action_dict(self, user_uuid, intra_extension_uuid, action_dict): + def add_action_dict(self, user_id, intra_extension_uuid, action_dict): raise ActionAddNotAuthorized() - def del_action(self, user_uuid, intra_extension_uuid, action_uuid): + def del_action(self, user_id, intra_extension_uuid, action_uuid): raise ActionDelNotAuthorized() - def set_subject_category_dict(self, user_uuid, intra_extension_uuid, subject_category): + def set_subject_category_dict(self, user_id, intra_extension_uuid, subject_category): raise SubjectCategoryAddNotAuthorized() - def add_subject_category_dict(self, user_uuid, intra_extension_uuid, subject_category_name): + def add_subject_category_dict(self, user_id, intra_extension_uuid, subject_category_name): raise SubjectCategoryAddNotAuthorized() - def del_subject_category(self, user_uuid, intra_extension_uuid, subject_uuid): + def del_subject_category(self, user_id, intra_extension_uuid, subject_uuid): raise SubjectCategoryDelNotAuthorized() - def set_object_category_dict(self, user_uuid, intra_extension_uuid, object_category): + def set_object_category_dict(self, user_id, intra_extension_uuid, object_category): raise ObjectCategoryAddNotAuthorized() - def add_object_category_dict(self, user_uuid, intra_extension_uuid, object_category_name): + def add_object_category_dict(self, user_id, intra_extension_uuid, object_category_name): raise ObjectCategoryAddNotAuthorized() - def del_object_category(self, user_uuid, intra_extension_uuid, object_uuid): + def del_object_category(self, user_id, intra_extension_uuid, object_uuid): raise ObjectCategoryDelNotAuthorized() - def set_action_category_dict(self, user_uuid, intra_extension_uuid, action_category): + def set_action_category_dict(self, user_id, intra_extension_uuid, action_category): raise ActionCategoryAddNotAuthorized() - def add_action_category_dict(self, user_uuid, intra_extension_uuid, action_category_name): + def add_action_category_dict(self, user_id, intra_extension_uuid, action_category_name): raise ActionCategoryAddNotAuthorized() - def del_action_category(self, user_uuid, intra_extension_uuid, action_uuid): + def del_action_category(self, user_id, intra_extension_uuid, action_uuid): raise ActionCategoryDelNotAuthorized() - def set_subject_category_scope_dict(self, user_uuid, intra_extension_uuid, category, scope): + def set_subject_category_scope_dict(self, user_id, intra_extension_uuid, category, scope): raise SubjectCategoryScopeAddNotAuthorized() - def add_subject_category_scope_dict(self, user_uuid, intra_extension_uuid, subject_category, scope_name): + def add_subject_category_scope_dict(self, user_id, intra_extension_uuid, subject_category, scope_name): raise SubjectCategoryScopeAddNotAuthorized() - def del_subject_category_scope(self, user_uuid, intra_extension_uuid, subject_category, subject_category_scope): + def del_subject_category_scope(self, user_id, intra_extension_uuid, subject_category, subject_category_scope): raise SubjectCategoryScopeDelNotAuthorized() - def set_object_category_scope_dict(self, user_uuid, intra_extension_uuid, category, scope): + def set_object_category_scope_dict(self, user_id, intra_extension_uuid, category, scope): raise ObjectCategoryScopeAddNotAuthorized() - def add_object_category_scope_dict(self, user_uuid, intra_extension_uuid, object_category, scope_name): + def add_object_category_scope_dict(self, user_id, intra_extension_uuid, object_category, scope_name): raise ObjectCategoryScopeAddNotAuthorized() - def del_object_category_scope(self, user_uuid, intra_extension_uuid, object_category, object_category_scope): + def del_object_category_scope(self, user_id, intra_extension_uuid, object_category, object_category_scope): raise ObjectCategoryScopeDelNotAuthorized() - def set_action_category_scope_dict(self, user_uuid, intra_extension_uuid, category, scope): + def set_action_category_scope_dict(self, user_id, intra_extension_uuid, category, scope): raise ActionCategoryScopeAddNotAuthorized() - def add_action_category_scope_dict(self, user_uuid, intra_extension_uuid, action_category, scope_name): + def add_action_category_scope_dict(self, user_id, intra_extension_uuid, action_category, scope_name): raise ActionCategoryScopeAddNotAuthorized() - def del_action_category_scope(self, user_uuid, intra_extension_uuid, action_category, action_category_scope): + def del_action_category_scope(self, user_id, intra_extension_uuid, action_category, action_category_scope): raise ActionCategoryScopeDelNotAuthorized() - def set_subject_category_assignment_dict(self, user_uuid, intra_extension_uuid, subject_uuid, assignment_dict): + def set_subject_category_assignment_dict(self, user_id, intra_extension_uuid, subject_uuid, assignment_dict): raise SubjectCategoryAssignmentAddNotAuthorized() - def del_subject_category_assignment(self, user_uuid, intra_extension_uuid, subject_uuid, category_uuid, scope_uuid): + def del_subject_category_assignment(self, user_id, intra_extension_uuid, subject_uuid, category_uuid, scope_uuid): raise SubjectCategoryAssignmentAddNotAuthorized() - def add_subject_category_assignment_dict(self, user_uuid, intra_extension_uuid, subject_uuid, category_uuid, scope_uuid): + def add_subject_category_assignment_dict(self, user_id, intra_extension_uuid, subject_uuid, category_uuid, scope_uuid): raise SubjectCategoryAssignmentDelNotAuthorized() - def set_object_category_assignment_dict(self, user_uuid, intra_extension_uuid, object_uuid, assignment_dict): + def set_object_category_assignment_dict(self, user_id, intra_extension_uuid, object_uuid, assignment_dict): raise ObjectCategoryAssignmentAddNotAuthorized() - def del_object_category_assignment(self, user_uuid, intra_extension_uuid, object_uuid, category_uuid, scope_uuid): + def del_object_category_assignment(self, user_id, intra_extension_uuid, object_uuid, category_uuid, scope_uuid): raise ObjectCategoryAssignmentAddNotAuthorized() - def add_object_category_assignment_dict(self, user_uuid, intra_extension_uuid, object_uuid, category_uuid, scope_uuid): + def add_object_category_assignment_dict(self, user_id, intra_extension_uuid, object_uuid, category_uuid, scope_uuid): raise ObjectCategoryAssignmentDelNotAuthorized() - def set_action_category_assignment_dict(self, user_uuid, intra_extension_uuid, action_uuid, assignment_dict): + def set_action_category_assignment_dict(self, user_id, intra_extension_uuid, action_uuid, assignment_dict): raise ActionCategoryAssignmentAddNotAuthorized() - def del_action_category_assignment(self, user_uuid, intra_extension_uuid, action_uuid, category_uuid, scope_uuid): + def del_action_category_assignment(self, user_id, intra_extension_uuid, action_uuid, category_uuid, scope_uuid): raise ActionCategoryAssignmentAddNotAuthorized() - def add_action_category_assignment_dict(self, user_uuid, intra_extension_uuid, action_uuid, category_uuid, scope_uuid): + def add_action_category_assignment_dict(self, user_id, intra_extension_uuid, action_uuid, category_uuid, scope_uuid): raise ActionCategoryAssignmentDelNotAuthorized() - def set_aggregation_algorithm(self, user_uuid, intra_extension_uuid, aggregation_algorithm): + def set_aggregation_algorithm(self, user_id, intra_extension_uuid, aggregation_algorithm): raise MetaRuleAddNotAuthorized() - def set_sub_meta_rule(self, user_uuid, intra_extension_uuid, sub_meta_rules): + def set_sub_meta_rule(self, user_id, intra_extension_uuid, sub_meta_rules): raise MetaRuleAddNotAuthorized() - def set_sub_rule(self, user_uuid, intra_extension_uuid, relation, sub_rule): + def set_sub_rule(self, user_id, intra_extension_uuid, relation, sub_rule): raise RuleAddNotAuthorized() - def del_sub_rule(self, user_uuid, intra_extension_uuid, relation_name, rule): + def del_sub_rule(self, user_id, intra_extension_uuid, relation_name, rule): raise RuleAddNotAuthorized() + @dependency.provider('admin_api') -@dependency.requires('identity_api', 'moonlog_api', 'tenant_api') +@dependency.requires('identity_api', 'tenant_api', 'moonlog_api') class IntraExtensionAdminManager(IntraExtensionManager): __genre__ = "admin" @@ -1401,85 +1428,129 @@ class IntraExtensionAdminManager(IntraExtensionManager): # raise AdminIntraExtensionModificationNotAuthorized() -class AuthzDriver(object): +@dependency.provider('moonlog_api') +class LogManager(manager.Manager): - def get_subject_category_list(self, extension_uuid): - raise exception.NotImplemented() # pragma: no cover + def __init__(self): + driver = CONF.moon.log_driver + super(LogManager, self).__init__(driver) - def get_object_category_list(self, extension_uuid): - raise exception.NotImplemented() # pragma: no cover + def get_logs(self, logger="authz", options="", event_number=None, time_from=None, time_to=None, filter_str=None): - def get_action_category_list(self, extension_uuid): - raise exception.NotImplemented() # pragma: no cover + if len(options) > 0: + options = options.split(",") + event_number = None + time_from = None + time_to = None + filter_str = None + for opt in options: + if "event_number" in opt: + event_number = "".join(re.findall("\d*", opt.split("=")[-1])) + try: + event_number = int(event_number) + except ValueError: + event_number = None + elif "from" in opt: + time_from = "".join(re.findall("[\w\-:]*", opt.split("=")[-1])) + try: + time_from = time.strptime(time_from, self.TIME_FORMAT) + except ValueError: + time_from = None + elif "to" in opt: + time_to = "".join(re.findall("[\w\-:] *", opt.split("=")[-1])) + try: + time_to = time.strptime(time_to, self.TIME_FORMAT) + except ValueError: + time_to = None + elif "filter" in opt: + filter_str = "".join(re.findall("\w*", opt.split("=")[-1])) + return self.driver.get_logs(logger, event_number, time_from, time_to, filter_str) - def get_subject_category_value_dict(self, extension_uuid, subject_uuid): - raise exception.NotImplemented() # pragma: no cover + def get_authz_logs(self, options="", event_number=None, time_from=None, time_to=None, filter_str=None): + return self.get_logs( + logger="authz", + options="", + event_number=None, + time_from=None, + time_to=None, + filter_str=None) - def get_object_category_value_dict(self, extension_uuid, object_uuid): - raise exception.NotImplemented() # pragma: no cover + def get_sys_logs(self, options="", event_number=None, time_from=None, time_to=None, filter_str=None): + return self.get_logs( + logger="sys", + options="", + event_number=None, + time_from=None, + time_to=None, + filter_str=None) - def get_action_category_value_dict(self, extension_uuid, action_uuid): - raise exception.NotImplemented() # pragma: no cover + def authz(self, message): + return self.driver.authz(message) - def get_meta_rule(self, extension_uuid): - raise exception.NotImplemented() # pragma: no cover + def debug(self, message): + return self.driver.debug(message) - def get_rules(self, extension_uuid): - raise exception.NotImplemented() # pragma: no cover + def info(self, message): + return self.driver.info(message) + def warning(self, message): + return self.driver.warning(message) -class UpdateDriver(object): + def error(self, message): + return self.driver.error(message) - def get_intra_extensions(self): - raise exception.NotImplemented() # pragma: no cover + def critical(self, message): + return self.driver.critical(message) - def get_intra_extension(self, extension_uuid): - raise exception.NotImplemented() # pragma: no cover - def create_intra_extensions(self, extension_uuid, intra_extension): - raise exception.NotImplemented() # pragma: no cover +class ConfigurationDriver(object): - def delete_intra_extensions(self, extension_uuid): + def get_policy_templete_dict(self): raise exception.NotImplemented() # pragma: no cover - # Getter and setter for tenant - - def get_tenant(self, uuid): + def get_aggregation_algorithm_dict(self): raise exception.NotImplemented() # pragma: no cover - def set_tenant(self, uuid, tenant_id): + def get_sub_meta_rule_algorithm_dict(self): raise exception.NotImplemented() # pragma: no cover - # Getter and setter for name - def get_name(self, uuid): +class TenantDriver(object): + + def get_tenant_dict(self): + # TODO: should implement TenantListEmpty exception raise exception.NotImplemented() # pragma: no cover - def set_name(self, uuid, name): + def set_tenant(self, tenant_id, tenant_name, intra_authz_ext_id, intra_admin_ext_id): + # if tenant_id exists, then modify; if the tenant_id not exists, then add the tenant + # TODO: should implement AddedTenantNameExist exception raise exception.NotImplemented() # pragma: no cover - # Getter and setter for model - def get_model(self, uuid): +class AuthzDriver(object): + + def get_subject_category_list(self, extension_uuid): raise exception.NotImplemented() # pragma: no cover - def set_model(self, uuid, model): + def get_object_category_list(self, extension_uuid): raise exception.NotImplemented() # pragma: no cover - # Getter and setter for genre + def get_action_category_list(self, extension_uuid): + raise exception.NotImplemented() # pragma: no cover - def get_genre(self, uuid): + def get_subject_category_value_dict(self, extension_uuid, subject_uuid): raise exception.NotImplemented() # pragma: no cover - def set_genre(self, uuid, genre): + def get_object_category_value_dict(self, extension_uuid, object_uuid): raise exception.NotImplemented() # pragma: no cover - # Getter and setter for description + def get_action_category_value_dict(self, extension_uuid, action_uuid): + raise exception.NotImplemented() # pragma: no cover - def get_description(self, uuid): + def get_meta_rule(self, extension_uuid): raise exception.NotImplemented() # pragma: no cover - def set_description(self, uuid, args): + def get_rules(self, extension_uuid): raise exception.NotImplemented() # pragma: no cover @@ -1570,7 +1641,7 @@ class IntraExtensionDriver(object): if category_uuid: return data_values[category_uuid] return data_values - + # zzzzzzzzzzzzzzzzzz def get_uuid_from_name(self, intra_extension_uuid, name, data_name, category_name=None, category_uuid=None): data_values = self.__get_data_from_type( intra_extension_uuid=intra_extension_uuid, @@ -1591,6 +1662,47 @@ class IntraExtensionDriver(object): ) return data_values[uuid] + # Getter and Setter for intra_extension + + def get_intra_extension_list(self): + """Get a list of IntraExtension UUIDs + :return: a list of IntraExtension UUIDs ["uuid1", "uuid2"] + """ + raise exception.NotImplemented() # pragma: no cover + + def get_intra_extension_dict(self, intra_extension_id): + """Get a description of an IntraExtension + :param intra_extension_id: the IntraExtension UUID + :return: {intra_extension_id: intra_extension_name, ...} + """ + raise exception.NotImplemented() # pragma: no cover + + def set_intra_extension(self, extension_uuid, extension_dict): + """Set a new IntraExtension + + :param extension_uuid: IntraExtension UUID + :type extension_uuid: string + :param extension_dict: a dictionary withe the description of the IntraExtension (see below) + :type extension_dict: dict + :return: the IntraExtension dictionary, example: + { + "id": "uuid1", + "name": "Name of the intra_extension", + "model": "Model of te intra_extension (admin or authz)" + "description": "a description of the intra_extension" + } + """ + raise exception.NotImplemented() # pragma: no cover + + def delete_intra_extension(self, extension_uuid): + """Delete an IntraExtension + + :param extension_uuid: IntraExtension UUID + :type extension_uuid: string + :return: None + """ + raise exception.NotImplemented() # pragma: no cover + # Getter ad Setter for subjects def get_subject_dict(self, extension_uuid): @@ -2281,53 +2393,60 @@ class IntraExtensionDriver(object): """ raise exception.NotImplemented() # pragma: no cover - # Getter and Setter for intra_extension - def get_intra_extension_list(self): - """Get a list of IntraExtension UUIDs +class UpdateDriver(object): - :return: a list of IntraExtension UUIDs ["uuid1", "uuid2"] - """ + def get_intra_extensions(self): raise exception.NotImplemented() # pragma: no cover - def get_intra_extension_dict(self, extension_uuid): - """Get a description of an IntraExtension + def get_intra_extension(self, extension_uuid): + raise exception.NotImplemented() # pragma: no cover - :param extension_uuid: the UUID of the IntraExtension - :type extension_uuid: string - :return: - """ + def create_intra_extensions(self, extension_uuid, intra_extension): raise exception.NotImplemented() # pragma: no cover - def set_intra_extension(self, extension_uuid, extension_dict): - """Set a new IntraExtension + def delete_intra_extensions(self, extension_uuid): + raise exception.NotImplemented() # pragma: no cover - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :param extension_dict: a dictionary withe the description of the IntraExtension (see below) - :type extension_dict: dict - :return: the IntraExtension dictionary, example: - { - "id": "uuid1", - "name": "Name of the intra_extension", - "model": "Model of te intra_extension (admin or authz)" - "description": "a description of the intra_extension" - } - """ + # Getter and setter for tenant + + def get_tenant(self, uuid): raise exception.NotImplemented() # pragma: no cover - def delete_intra_extension(self, extension_uuid): - """Delete an IntraExtension + def set_tenant(self, uuid, tenant_id): + raise exception.NotImplemented() # pragma: no cover - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :return: None - """ + # Getter and setter for name + + def get_name(self, uuid): raise exception.NotImplemented() # pragma: no cover - def get_sub_meta_rule_relations(self, username, uuid): - # TODO: check which relations are really usable - return {"sub_meta_rule_relations": ["relation_super", "relation_test"]} + def set_name(self, uuid, name): + raise exception.NotImplemented() # pragma: no cover + + # Getter and setter for model + + def get_model(self, uuid): + raise exception.NotImplemented() # pragma: no cover + + def set_model(self, uuid, model): + raise exception.NotImplemented() # pragma: no cover + + # Getter and setter for genre + + def get_genre(self, uuid): + raise exception.NotImplemented() # pragma: no cover + + def set_genre(self, uuid, genre): + raise exception.NotImplemented() # pragma: no cover + + # Getter and setter for description + + def get_description(self, uuid): + raise exception.NotImplemented() # pragma: no cover + + def set_description(self, uuid, args): + raise exception.NotImplemented() # pragma: no cover class LogDriver(object): @@ -2397,6 +2516,7 @@ class LogDriver(object): """ raise exception.NotImplemented() # pragma: no cover + # @dependency.provider('superextension_api') # class SuperExtensionManager(manager.Manager): # diff --git a/keystone-moon/keystone/contrib/moon/exception.py b/keystone-moon/keystone/contrib/moon/exception.py index 47b9c2f1..21cf666d 100644 --- a/keystone-moon/keystone/contrib/moon/exception.py +++ b/keystone-moon/keystone/contrib/moon/exception.py @@ -56,12 +56,17 @@ class TenantListEmpty(TenantException): logger = "WARNING" -class TenantNotFound(TenantException): +class TenantIDNotFound(TenantException): message_format = _("The tenant UUID was not found.") code = 400 title = 'Tenant UUID Not Found Error' +class AddedTenantNameExist(TenantException): + message_format = _("The tenant name exists already.") + code = 400 + title = 'Added Tenant Name Exist' + # Exceptions for IntraExtension diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py index e2e151ed..b07b4c1d 100644 --- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py +++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py @@ -99,22 +99,22 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): self.manager.get_tenant_dict ) self.assertRaises( - TenantNotFound, + TenantIDNotFound, self.manager.get_tenant_name, uuid.uuid4().hex ) self.assertRaises( - TenantNotFound, + TenantIDNotFound, self.manager.set_tenant_name, uuid.uuid4().hex, uuid.uuid4().hex ) self.assertRaises( - TenantNotFound, + TenantIDNotFound, self.manager.get_extension_uuid, uuid.uuid4().hex, "authz" ) self.assertRaises( - TenantNotFound, + TenantIDNotFound, self.manager.get_extension_uuid, uuid.uuid4().hex, "admin" ) diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py index 0762f37a..615b8bbc 100644 --- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py +++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py @@ -47,10 +47,10 @@ class TestTenantManager(tests.TestCase): } } data = self.manager.set_tenant_dict( - tenant_uuid=_uuid, - name=new_mapping[_uuid]["name"], - authz_extension_uuid=new_mapping[_uuid]["authz"], - admin_extension_uuid=new_mapping[_uuid]["admin"] + tenant_id=_uuid, + tenant_name=new_mapping[_uuid]["name"], + intra_authz_ext_id=new_mapping[_uuid]["authz"], + intra_admin_ext_id=new_mapping[_uuid]["admin"] ) self.assertEquals(_uuid, data["id"]) self.assertEquals(data["name"], new_mapping[_uuid]["name"]) @@ -79,10 +79,10 @@ class TestTenantManager(tests.TestCase): } } data = self.manager.set_tenant_dict( - tenant_uuid=_uuid, - name=new_mapping[_uuid]["name"], - authz_extension_uuid=new_mapping[_uuid]["authz"], - admin_extension_uuid=new_mapping[_uuid]["admin"] + tenant_id=_uuid, + tenant_name=new_mapping[_uuid]["name"], + intra_authz_ext_id=new_mapping[_uuid]["authz"], + intra_admin_ext_id=new_mapping[_uuid]["admin"] ) self.assertEquals(_uuid, data["id"]) self.assertEquals(data["name"], new_mapping[_uuid]["name"]) @@ -102,10 +102,10 @@ class TestTenantManager(tests.TestCase): } } data = self.manager.set_tenant_dict( - tenant_uuid=_uuid, - name=new_mapping[_uuid]["name"], - authz_extension_uuid=new_mapping[_uuid]["authz"], - admin_extension_uuid=new_mapping[_uuid]["admin"] + tenant_id=_uuid, + tenant_name=new_mapping[_uuid]["name"], + intra_authz_ext_id=new_mapping[_uuid]["authz"], + intra_admin_ext_id=new_mapping[_uuid]["admin"] ) self.assertEquals(_uuid, data["id"]) self.assertEquals(data["name"], new_mapping[_uuid]["name"]) @@ -127,21 +127,21 @@ class TestTenantManager(tests.TestCase): } } data = self.manager.set_tenant_dict( - tenant_uuid=_uuid, - name=new_mapping[_uuid]["name"], - authz_extension_uuid=new_mapping[_uuid]["authz"], - admin_extension_uuid=new_mapping[_uuid]["admin"] + tenant_id=_uuid, + tenant_name=new_mapping[_uuid]["name"], + intra_authz_ext_id=new_mapping[_uuid]["authz"], + intra_admin_ext_id=new_mapping[_uuid]["admin"] ) self.assertEquals(_uuid, data["id"]) - data = self.manager.get_extension_uuid(_uuid) + data = self.manager.get_extension_id(_uuid) self.assertEqual(data, new_mapping[_uuid]["authz"]) - data = self.manager.get_extension_uuid(_uuid, "admin") + data = self.manager.get_extension_id(_uuid, "admin") self.assertEqual(data, new_mapping[_uuid]["admin"]) def test_unkown_tenant_uuid(self): - self.assertRaises(TenantNotFound, self.manager.get_tenant_name, uuid.uuid4().hex) - self.assertRaises(TenantNotFound, self.manager.set_tenant_name, uuid.uuid4().hex, "new name") - self.assertRaises(TenantNotFound, self.manager.get_extension_uuid, uuid.uuid4().hex) + self.assertRaises(TenantIDNotFound, self.manager.get_tenant_name, uuid.uuid4().hex) + self.assertRaises(TenantIDNotFound, self.manager.set_tenant_name, uuid.uuid4().hex, "new name") + self.assertRaises(TenantIDNotFound, self.manager.get_extension_id, uuid.uuid4().hex) _uuid = uuid.uuid4().hex new_mapping = { _uuid: { @@ -151,12 +151,12 @@ class TestTenantManager(tests.TestCase): } } data = self.manager.set_tenant_dict( - tenant_uuid=_uuid, - name=new_mapping[_uuid]["name"], - authz_extension_uuid=new_mapping[_uuid]["authz"], - admin_extension_uuid="" + tenant_id=_uuid, + tenant_name=new_mapping[_uuid]["name"], + intra_authz_ext_id=new_mapping[_uuid]["authz"], + intra_admin_ext_id="" ) self.assertEquals(_uuid, data["id"]) - self.assertRaises(IntraExtensionNotFound, self.manager.get_extension_uuid, _uuid, "admin") - self.assertRaises(TenantNotFound, self.manager.get_tenant_uuid, uuid.uuid4().hex) + self.assertRaises(IntraExtensionNotFound, self.manager.get_extension_id, _uuid, "admin") + self.assertRaises(TenantIDNotFound, self.manager.get_tenant_uuid, uuid.uuid4().hex) # self.assertRaises(AdminIntraExtensionNotFound, self.manager.get_admin_extension_uuid, uuid.uuid4().hex) |