summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--keystone-moon/keystone/contrib/moon/backends/sql.py24
-rw-r--r--keystone-moon/keystone/contrib/moon/controllers.py9
-rw-r--r--keystone-moon/keystone/contrib/moon/core.py74
-rw-r--r--keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py25
-rw-r--r--moonclient/moonclient/intraextension.py14
-rw-r--r--moonclient/moonclient/shell.py2
-rw-r--r--moonclient/moonclient/tenants.py22
7 files changed, 78 insertions, 92 deletions
diff --git a/keystone-moon/keystone/contrib/moon/backends/sql.py b/keystone-moon/keystone/contrib/moon/backends/sql.py
index 9f4beb6b..43bd3078 100644
--- a/keystone-moon/keystone/contrib/moon/backends/sql.py
+++ b/keystone-moon/keystone/contrib/moon/backends/sql.py
@@ -323,8 +323,21 @@ __all_objects__ = (
Rule,
)
+
class TenantConnector(TenantDriver):
+ @staticmethod
+ def __update_dict(base, update):
+ """Update a dict only if values are not None
+
+ :param base: dict to update
+ :param update: updates for the base dict
+ :return: None
+ """
+ for key in update:
+ if type(update[key]) is not None:
+ base[key] = update[key]
+
def get_tenants_dict(self):
with sql.transaction() as session:
query = session.query(Tenant)
@@ -354,13 +367,10 @@ class TenantConnector(TenantDriver):
query = session.query(Tenant)
query = query.filter_by(id=tenant_id)
ref = query.first()
- tenant_ref = ref.to_dict()
- tenant_ref.update(tenant_dict)
- new_tenant = Tenant(id=tenant_id, tenant=tenant_ref)
- for attr in Tenant.attributes:
- if attr != 'id':
- setattr(ref, attr, getattr(new_tenant, attr))
- return {ref.id: ref.tenant}
+ tenant_dict_orig = dict(ref.tenant)
+ self.__update_dict(tenant_dict_orig, tenant_dict)
+ setattr(ref, "tenant", tenant_dict_orig)
+ return {ref.id: tenant_dict_orig}
class IntraExtensionConnector(IntraExtensionDriver):
diff --git a/keystone-moon/keystone/contrib/moon/controllers.py b/keystone-moon/keystone/contrib/moon/controllers.py
index 4065eabf..239650f5 100644
--- a/keystone-moon/keystone/contrib/moon/controllers.py
+++ b/keystone-moon/keystone/contrib/moon/controllers.py
@@ -92,9 +92,12 @@ class Tenants(controller.V3Controller):
tenant_id = kw.get('tenant_id', None)
tenant_dict = dict()
tenant_dict['name'] = k_tenant_dict.get('name', None)
- tenant_dict['description'] = kw.get('tenant_description', None)
- tenant_dict['intra_authz_extension_id'] = kw.get('tenant_intra_authz_extension_id', None)
- tenant_dict['intra_admin_extension_id'] = kw.get('tenant_intra_admin_extension_id', None)
+ if 'tenant_description' in kw:
+ tenant_dict['description'] = kw.get('tenant_description', None)
+ if 'tenant_intra_authz_extension_id' in kw:
+ tenant_dict['intra_authz_extension_id'] = kw.get('tenant_intra_authz_extension_id', None)
+ if 'tenant_intra_admin_extension_id' in kw:
+ tenant_dict['intra_admin_extension_id'] = kw.get('tenant_intra_admin_extension_id', None)
self.tenant_api.set_tenant_dict(user_id, tenant_id, tenant_dict)
diff --git a/keystone-moon/keystone/contrib/moon/core.py b/keystone-moon/keystone/contrib/moon/core.py
index 86aadc8b..aa6db0cc 100644
--- a/keystone-moon/keystone/contrib/moon/core.py
+++ b/keystone-moon/keystone/contrib/moon/core.py
@@ -412,31 +412,30 @@ class TenantManager(manager.Manager):
keystone_tenant = self.__get_keystone_tenant_dict(tenant_dict['id'], tenant_dict['name'])
tenant_dict.update(keystone_tenant)
# Sync users between intra_authz_extension and intra_admin_extension
- if tenant_dict['intra_admin_extension_id']:
- if not tenant_dict['intra_authz_extension_id']:
- raise TenantNoIntraAuthzExtension()
- # authz_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id'])
- # admin_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id'])
- # for _subject_id in authz_subjects_dict:
- # if _subject_id not in admin_subjects_dict:
- # self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id'], authz_subjects_dict[_subject_id])
- # for _subject_id in admin_subjects_dict:
- # if _subject_id not in authz_subjects_dict:
- # self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id'], admin_subjects_dict[_subject_id])
-
- # TODO (ateroide): check whether we can replace the below code by the above one
- # NOTE (ateroide): at a first glance: no, subject_id changes depending on which intra_extesion is used
- # we must use name which is constant.
- authz_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id'])
- authz_subject_names_list = [authz_subjects_dict[subject_id]["name"] for subject_id in authz_subjects_dict]
- admin_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id'])
- admin_subject_names_list = [admin_subjects_dict[subject_id]["name"] for subject_id in admin_subjects_dict]
- for _subject_id in authz_subjects_dict:
- if authz_subjects_dict[_subject_id]["name"] not in admin_subject_names_list:
- self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id'], authz_subjects_dict[_subject_id])
- for _subject_id in admin_subjects_dict:
- if admin_subjects_dict[_subject_id]["name"] not in authz_subject_names_list:
- self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id'], admin_subjects_dict[_subject_id])
+ if 'intra_admin_extension_id' in tenant_dict:
+ if 'intra_authz_extension_id' in tenant_dict:
+ # authz_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id'])
+ # admin_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id'])
+ # for _subject_id in authz_subjects_dict:
+ # if _subject_id not in admin_subjects_dict:
+ # self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id'], authz_subjects_dict[_subject_id])
+ # for _subject_id in admin_subjects_dict:
+ # if _subject_id not in authz_subjects_dict:
+ # self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id'], admin_subjects_dict[_subject_id])
+
+ # TODO (ateroide): check whether we can replace the below code by the above one
+ # NOTE (ateroide): at a first glance: no, subject_id changes depending on which intra_extesion is used
+ # we must use name which is constant.
+ authz_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id'])
+ authz_subject_names_list = [authz_subjects_dict[subject_id]["name"] for subject_id in authz_subjects_dict]
+ admin_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id'])
+ admin_subject_names_list = [admin_subjects_dict[subject_id]["name"] for subject_id in admin_subjects_dict]
+ for _subject_id in authz_subjects_dict:
+ if authz_subjects_dict[_subject_id]["name"] not in admin_subject_names_list:
+ self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id'], authz_subjects_dict[_subject_id])
+ for _subject_id in admin_subjects_dict:
+ if admin_subjects_dict[_subject_id]["name"] not in authz_subject_names_list:
+ self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id'], admin_subjects_dict[_subject_id])
return self.driver.add_tenant_dict(tenant_dict['id'], tenant_dict)
@@ -463,19 +462,18 @@ class TenantManager(manager.Manager):
raise TenantUnknown()
# Sync users between intra_authz_extension and intra_admin_extension
- if tenant_dict['intra_admin_extension_id']:
- if not tenant_dict['intra_authz_extension_id']:
- raise TenantNoIntraAuthzExtension
- authz_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id'])
- authz_subject_names_list = [authz_subjects_dict[subject_id]["name"] for subject_id in authz_subjects_dict]
- admin_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id'])
- admin_subject_names_list = [admin_subjects_dict[subject_id]["name"] for subject_id in admin_subjects_dict]
- for _subject_id in authz_subjects_dict:
- if authz_subjects_dict[_subject_id]["name"] not in admin_subject_names_list:
- self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id'], authz_subjects_dict[_subject_id])
- for _subject_id in admin_subjects_dict:
- if admin_subjects_dict[_subject_id]["name"] not in authz_subject_names_list:
- self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id'], admin_subjects_dict[_subject_id])
+ if 'intra_admin_extension_id' in tenant_dict:
+ if 'intra_authz_extension_id' in tenant_dict:
+ authz_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id'])
+ authz_subject_names_list = [authz_subjects_dict[subject_id]["name"] for subject_id in authz_subjects_dict]
+ admin_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id'])
+ admin_subject_names_list = [admin_subjects_dict[subject_id]["name"] for subject_id in admin_subjects_dict]
+ for _subject_id in authz_subjects_dict:
+ if authz_subjects_dict[_subject_id]["name"] not in admin_subject_names_list:
+ self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id'], authz_subjects_dict[_subject_id])
+ for _subject_id in admin_subjects_dict:
+ if admin_subjects_dict[_subject_id]["name"] not in authz_subject_names_list:
+ self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id'], admin_subjects_dict[_subject_id])
return self.driver.set_tenant_dict(tenant_id, tenant_dict)
diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py
index bf0fab08..f8b2f4d5 100644
--- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py
+++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py
@@ -183,28 +183,3 @@ class TestTenantManager(tests.TestCase):
self.assertNotEqual(data, {})
self.assertRaises(TenantAddedNameExisting, self.tenant_manager.add_tenant_dict, self.ADMIN_ID, new_tenant['id'], new_tenant)
-
- def test_exception_tenant_no_intra_extension(self):
- authz_intra_extension = create_intra_extension(self, policy_model="policy_authz")
- admin_intra_extension = create_intra_extension(self, policy_model="policy_admin")
- new_tenant = {
- "id": uuid.uuid4().hex,
- "name": "demo",
- "description": uuid.uuid4().hex,
- "intra_authz_extension_id": authz_intra_extension['id'],
- "intra_admin_extension_id": admin_intra_extension['id'],
- }
- new_tenant['intra_authz_extension_id'] = None
- self.assertRaises(TenantNoIntraAuthzExtension, self.tenant_manager.add_tenant_dict, self.ADMIN_ID, new_tenant['id'], new_tenant)
- new_tenant['intra_authz_extension_id'] = authz_intra_extension['id']
- data = self.tenant_manager.add_tenant_dict(user_id=self.ADMIN_ID, tenant_id=new_tenant['id'], tenant_dict=new_tenant)
- data_id = data.keys()[0]
- self.assertEquals(new_tenant["name"], data[data_id]["name"])
- self.assertEquals(new_tenant["intra_authz_extension_id"], data[data_id]["intra_authz_extension_id"])
- self.assertEquals(new_tenant["intra_admin_extension_id"], data[data_id]["intra_admin_extension_id"])
- data = self.tenant_manager.get_tenants_dict(self.ADMIN_ID)
- self.assertNotEqual(data, {})
-
- new_tenant['intra_authz_extension_id'] = None
- new_tenant['name'] = "demo2"
- self.assertRaises(TenantNoIntraAuthzExtension, self.tenant_manager.set_tenant_dict, self.ADMIN_ID, data_id, new_tenant)
diff --git a/moonclient/moonclient/intraextension.py b/moonclient/moonclient/intraextension.py
index c46927cd..1842baa4 100644
--- a/moonclient/moonclient/intraextension.py
+++ b/moonclient/moonclient/intraextension.py
@@ -37,9 +37,9 @@ class IntraExtensionCreate(Command):
def take_action(self, parsed_args):
post_data = {
- "name": parsed_args.name,
- "policymodel": parsed_args.policy_model,
- "description": parsed_args.description
+ "intra_extension_name": parsed_args.name,
+ "intra_extension_model": parsed_args.policy_model,
+ "intra_extension_description": parsed_args.description
}
ie = self.app.get_url("/v3/OS-MOON/intra_extensions", post_data=post_data, authtoken=True)
if "id" not in ie:
@@ -59,11 +59,11 @@ class IntraExtensionList(Lister):
def take_action(self, parsed_args):
ie = self.app.get_url("/v3/OS-MOON/intra_extensions", authtoken=True)
- if "intra_extensions" not in ie:
- raise Exception("Error in command {}".format(ie))
+ # if "intra_extensions" not in ie:
+ # raise Exception("Error in command {}".format(ie))
return (
- ("id",),
- ((_id, ) for _id in ie["intra_extensions"])
+ ("id", "name", "model"),
+ ((_id, ie[_id]["name"], ie[_id]["model"]) for _id in ie.keys())
)
diff --git a/moonclient/moonclient/shell.py b/moonclient/moonclient/shell.py
index 5005095e..10b96511 100644
--- a/moonclient/moonclient/shell.py
+++ b/moonclient/moonclient/shell.py
@@ -100,7 +100,7 @@ class MoonClient(App):
method = "DELETE"
self.log.debug("\033[32m{} {}\033[m".format(method, url))
conn = httplib.HTTPConnection(self.host, self.port)
- self.log.info("Host: {}:{}".format(self.host, self.port))
+ self.log.debug("Host: {}:{}".format(self.host, self.port))
headers = {
"Content-type": "application/x-www-form-urlencoded",
"Accept": "text/plain,text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
diff --git a/moonclient/moonclient/tenants.py b/moonclient/moonclient/tenants.py
index b51b00ee..cc7c1de0 100644
--- a/moonclient/moonclient/tenants.py
+++ b/moonclient/moonclient/tenants.py
@@ -71,7 +71,7 @@ class TenantAdd(Command):
if parsed_args.admin:
post_data["tenant_intra_admin_extension_id"] = parsed_args.admin
if parsed_args.desc:
- post_data["description"] = parsed_args.desc
+ post_data["tenant_description"] = parsed_args.desc
tenants = self.app.get_url("/v3/OS-MOON/tenants",
post_data=post_data,
authtoken=True)
@@ -154,20 +154,20 @@ class TenantSet(Command):
def take_action(self, parsed_args):
post_data = dict()
- post_data["id"] = parsed_args.tenant_id
+ post_data["tenant_id"] = parsed_args.tenant_id
if parsed_args.name:
- post_data["name"] = parsed_args.tenant_name
- if parsed_args.authz:
- post_data["intra_authz_extension_id"] = parsed_args.authz
- if parsed_args.admin:
- post_data["intra_admin_extension_id"] = parsed_args.admin
- if parsed_args.desc:
- post_data["description"] = parsed_args.desc
- tenants = self.app.get_url("/v3/OS-MOON/tenants/{}".format(post_data["id"]),
+ post_data["tenant_name"] = parsed_args.tenant_name
+ if parsed_args.authz is not None:
+ post_data["tenant_intra_authz_extension_id"] = parsed_args.authz
+ if parsed_args.admin is not None:
+ post_data["tenant_intra_admin_extension_id"] = parsed_args.admin
+ if parsed_args.desc is not None:
+ post_data["tenant_description"] = parsed_args.desc
+ tenants = self.app.get_url("/v3/OS-MOON/tenants/{}".format(post_data["tenant_id"]),
post_data=post_data,
authtoken=True)
return (
- ("id", "name", "description", "intra_authz_extension_id", "intra_admin_extension_id"),
+ ("id", "name", "description", "authz", "admin"),
((
tenant_id,
tenants[tenant_id]["name"],