summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--keystone-moon/keystone/contrib/moon/backends/__init__.py11
-rw-r--r--keystone-moon/keystone/contrib/moon/backends/sql.py153
-rw-r--r--keystone-moon/keystone/contrib/moon/controllers.py161
-rw-r--r--keystone-moon/keystone/contrib/moon/core.py17
4 files changed, 186 insertions, 156 deletions
diff --git a/keystone-moon/keystone/contrib/moon/backends/__init__.py b/keystone-moon/keystone/contrib/moon/backends/__init__.py
index b6e97901..b86dae19 100644
--- a/keystone-moon/keystone/contrib/moon/backends/__init__.py
+++ b/keystone-moon/keystone/contrib/moon/backends/__init__.py
@@ -9,6 +9,17 @@ intra_extensions = {
...
}
+tenants = {
+ tenant_id1: {
+ name: xxx,
+ description: yyy,
+ intra_authz_extension_id: zzz,
+ intra_admin_extension_id: zzz,
+ },
+ tenant_id2: {...},
+ ...
+}
+
--------------- for each intra-extension -----------------
subject_categories = {
diff --git a/keystone-moon/keystone/contrib/moon/backends/sql.py b/keystone-moon/keystone/contrib/moon/backends/sql.py
index b328112c..ac459d4c 100644
--- a/keystone-moon/keystone/contrib/moon/backends/sql.py
+++ b/keystone-moon/keystone/contrib/moon/backends/sql.py
@@ -38,6 +38,35 @@ class IntraExtension(sql.ModelBase, sql.DictBase):
return dict(six.iteritems(self))
+class Tenant(sql.ModelBase, sql.DictBase):
+ __tablename__ = 'tenants'
+ # attributes = ['id', 'tenant', 'intra_authz_extension_id', 'intra_adminextension_id']
+ attributes = ['id', 'tenant']
+ id = sql.Column(sql.String(64), primary_key=True, nullable=False)
+ tenant = sql.Column(sql.JsonBlob(), nullable=True)
+ # intra_authz_extension_id = sql.Column(sql.ForeignKey("intra_extensions.id"), nullable=False)
+ # intra_admin_extension_id = sql.Column(sql.ForeignKey("intra_extensions.id"), nullable=False)
+ # name = sql.Column(sql.String(128), nullable=True)
+ # authz = sql.Column(sql.String(64), nullable=True)
+ # admin = sql.Column(sql.String(64), nullable=True)
+
+ @classmethod
+ def from_dict(cls, d):
+ """Override parent from_dict() method with a different implementation.
+ """
+ new_d = d.copy()
+ uuid = new_d.keys()[0]
+ return cls(id=uuid, **new_d[uuid])
+
+ def to_dict(self):
+ """
+ """
+ tenant_dict = {}
+ for key in ("id", "name", "authz", "admin"):
+ tenant_dict[key] = getattr(self, key)
+ return tenant_dict
+
+
class SubjectCategory(sql.ModelBase, sql.DictBase):
__tablename__ = 'subject_categories'
attributes = ['id', 'subject_category', 'intra_extension_id']
@@ -285,33 +314,9 @@ class Rule(sql.ModelBase, sql.DictBase):
return dict(six.iteritems(self))
-class Tenant(sql.ModelBase, sql.DictBase):
- __tablename__ = 'tenants'
- attributes = [
- 'id', 'name', 'authz', 'admin'
- ]
- id = sql.Column(sql.String(64), primary_key=True, nullable=False)
- name = sql.Column(sql.String(128), nullable=True)
- authz = sql.Column(sql.String(64), nullable=True)
- admin = sql.Column(sql.String(64), nullable=True)
-
- @classmethod
- def from_dict(cls, d):
- """Override parent from_dict() method with a different implementation.
- """
- new_d = d.copy()
- uuid = new_d.keys()[0]
- return cls(id=uuid, **new_d[uuid])
-
- def to_dict(self):
- """
- """
- tenant_dict = {}
- for key in ("id", "name", "authz", "admin"):
- tenant_dict[key] = getattr(self, key)
- return tenant_dict
-
__all_objects__ = (
+ IntraExtensionUnknown,
+ Tenant,
Subject,
Object,
Action,
@@ -329,6 +334,54 @@ __all_objects__ = (
Rule,
)
+class TenantConnector(TenantDriver):
+
+ def get_tenant_dict(self):
+ with sql.transaction() as session:
+ query = session.query(Tenant)
+ # query = query.filter_by(uuid=tenant_uuid)
+ # ref = query.first().to_dict()
+ tenants = query.all()
+ return {tenant.id: Tenant.to_dict(tenant) for tenant in tenants}
+
+ def add_tenant(self, tenant_id, tenant_name, intra_authz_ext_id, intra_admin_ext_id):
+ pass
+
+ def del_tenant(self, tenant_id):
+ pass
+
+ # TODO: def set_tenant(self, tenant_id, tenant_name, intra_authz_ext_id, intra_admin_ext_id)
+ def set_tenant_dict(self, tenant):
+ with sql.transaction() as session:
+ uuid = tenant.keys()[0]
+ query = session.query(Tenant)
+ query = query.filter_by(id=uuid)
+ ref = query.first()
+ if not ref:
+ # if not result, create the database line
+ ref = Tenant.from_dict(tenant)
+ session.add(ref)
+ return Tenant.to_dict(ref)
+ elif not tenant[uuid]["authz"] and not tenant[uuid]["admin"]:
+ # if admin and authz extensions are not set, delete the mapping
+ session.delete(ref)
+ return
+ elif tenant[uuid]["authz"] or tenant[uuid]["admin"]:
+ tenant_ref = ref.to_dict()
+ tenant_ref.update(tenant[uuid])
+ new_tenant = Tenant(
+ id=uuid,
+ name=tenant[uuid]["name"],
+ authz=tenant[uuid]["intra_authz_extension_id"],
+ admin=tenant[uuid]["intra_admin_extension_id"],
+ )
+ for attr in Tenant.attributes:
+ if attr != 'id':
+ setattr(ref, attr, getattr(new_tenant, attr))
+ return Tenant.to_dict(ref)
+ raise TenantException()
+
+
class IntraExtensionConnector(IntraExtensionDriver):
# Tenant functions
@@ -1458,54 +1511,6 @@ class IntraExtensionConnector(IntraExtensionDriver):
return ref.to_dict()
-class TenantConnector(TenantDriver):
-
- def get_tenant_dict(self):
- with sql.transaction() as session:
- query = session.query(Tenant)
- # query = query.filter_by(uuid=tenant_uuid)
- # ref = query.first().to_dict()
- tenants = query.all()
- return {tenant.id: Tenant.to_dict(tenant) for tenant in tenants}
-
- def add_tenant(self, tenant_id, tenant_name, intra_authz_ext_id, intra_admin_ext_id):
- pass
-
- def del_tenant(self, tenant_id):
- pass
-
- # TODO: def set_tenant(self, tenant_id, tenant_name, intra_authz_ext_id, intra_admin_ext_id)
- def set_tenant_dict(self, tenant):
- with sql.transaction() as session:
- uuid = tenant.keys()[0]
- query = session.query(Tenant)
- query = query.filter_by(id=uuid)
- ref = query.first()
- if not ref:
- # if not result, create the database line
- ref = Tenant.from_dict(tenant)
- session.add(ref)
- return Tenant.to_dict(ref)
- elif not tenant[uuid]["authz"] and not tenant[uuid]["admin"]:
- # if admin and authz extensions are not set, delete the mapping
- session.delete(ref)
- return
- elif tenant[uuid]["authz"] or tenant[uuid]["admin"]:
- tenant_ref = ref.to_dict()
- tenant_ref.update(tenant[uuid])
- new_tenant = Tenant(
- id=uuid,
- name=tenant[uuid]["name"],
- authz=tenant[uuid]["authz"],
- admin=tenant[uuid]["admin"],
- )
- for attr in Tenant.attributes:
- if attr != 'id':
- setattr(ref, attr, getattr(new_tenant, attr))
- return Tenant.to_dict(ref)
- raise TenantException()
-
-
# class InterExtension(sql.ModelBase, sql.DictBase):
# __tablename__ = 'inter_extension'
# attributes = [
diff --git a/keystone-moon/keystone/contrib/moon/controllers.py b/keystone-moon/keystone/contrib/moon/controllers.py
index 23f3b615..e4551825 100644
--- a/keystone-moon/keystone/contrib/moon/controllers.py
+++ b/keystone-moon/keystone/contrib/moon/controllers.py
@@ -24,9 +24,14 @@ class Configuration(controller.V3Controller):
def __init__(self):
super(Configuration, self).__init__()
+ def _get_user_id_from_token(self, token_id):
+ response = self.token_provider_api.validate_token(token_id)
+ token_ref = token_model.KeystoneToken(token_id=token_id, token_data=response)
+ return token_ref.get('user')
+
@controller.protected()
def get_policy_templetes(self, context, **kw):
- user_id = self._get_user_uuid_from_token(context["token_id"])
+ user_id = self._get_user_uuid_from_token(context.get("token_id"))
# TODO: belowing code should be move to core.py
# TODO: return self.configuration_api_get_policy_templete_dict(user_id)
nodes = glob.glob(os.path.join(CONF.moon.policy_directory, "*"))
@@ -42,7 +47,7 @@ class Configuration(controller.V3Controller):
:param kw:
:return: {aggregation_algorithm_id: description}
"""
- user_id = self._get_user_uuid_from_token(context["token_id"])
+ user_id = self._get_user_uuid_from_token(context.get("token_id"))
return self.configuration_api.get_aggregation_algorithm_dict(user_id)
@controller.protected()
@@ -52,7 +57,7 @@ class Configuration(controller.V3Controller):
:param kw:
:return: {sub_meta_rule_algorithm_id: description}
"""
- user_id = self._get_user_uuid_from_token(context["token_id"])
+ user_id = self._get_user_uuid_from_token(context.get("token_id"))
return self.configuration_api.get_sub_meta_rule_algorithm_dict(user_id)
@@ -65,16 +70,16 @@ class Tenants(controller.V3Controller):
def _get_user_id_from_token(self, token_id):
response = self.token_provider_api.validate_token(token_id)
token_ref = token_model.KeystoneToken(token_id=token_id, token_data=response)
- return token_ref['user']
+ return token_ref.get('user')
@controller.protected()
def get_tenants(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get("token_id"))
return self.tenant_api.get_tenant_dict(user_id)
@controller.protected()
def add_tenant(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get("token_id"))
# TODO: get tenant name from keystone
tenant_name = kw.get("tenant_name")
intra_authz_ext_id = kw.get("intra_authz_ext_id")
@@ -83,18 +88,18 @@ class Tenants(controller.V3Controller):
@controller.protected()
def get_tenant(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
tenant_id = kw.get("tenant_id")
return self.tenant_api.get_tenant(user_id, tenant_id)
@controller.protected()
def del_tenant(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
tenant_id = kw.get("tenant_id")
return self.tenant_api.del_tenant(user_id, tenant_id)
"""def load_tenant(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
tenant_id = kw["tenant_id"]
tenant_name = self.resource_api.get_project(tenant_id)["name"]
intra_authz_ext_id = kw.get("intra_authz_ext_id")
@@ -118,7 +123,7 @@ class Authz_v3(controller.V3Controller):
def get_authz(self, context, tenant_name, subject_name, object_name, action_name):
try:
return self.authz_api.authz(tenant_name, subject_name, object_name, action_name)
- except TenantIDNotFound:
+ except TenantUnknown:
return True
except:
return False
@@ -140,12 +145,12 @@ class IntraExtensions(controller.V3Controller):
# IntraExtension functions
@controller.protected()
def get_intra_extensions(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
return self.admin_api.get_intra_extension_dict(user_id)
@controller.protected()
def add_intra_extension(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
intra_extension_dict = dict()
# TODO: replace kw by a tangible dict with known variables
intra_extension_dict["intra_extension_name"] = kw.get("intra_extension_name", dict())
@@ -168,13 +173,13 @@ class IntraExtensions(controller.V3Controller):
@controller.protected()
def get_intra_extension(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get('intra_extension_id', None)
return self.admin_api.get_intra_extension_dict(user_id)[ie_id]
@controller.protected()
def del_intra_extension(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
if "ie_id" not in kw:
raise IntraExtensionUnknown
ie_id = kw.get('intra_extension_id', None)
@@ -183,81 +188,81 @@ class IntraExtensions(controller.V3Controller):
# Metadata functions
@controller.protected()
def get_subject_categories(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get('intra_extension_id', None)
return self.admin_api.get_subject_category_dict(user_id, ie_id)
@controller.protected()
def add_subject_category(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get('intra_extension_id', None)
subject_category_name = kw.get("subject_category_name", None)
return self.admin_api.add_subject_category(user_id, ie_id, subject_category_name)
@controller.protected()
def get_subject_category(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get('intra_extension_id', None)
subject_category_id = kw.get("subject_category_id", None)
return self.admin_api.get_subject_category_dict(user_id, ie_id)[subject_category_id]
@controller.protected()
def del_subject_category(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get('intra_extension_id', None)
subject_category_id = kw["subject_category_id"]
return self.admin_api.del_subject_category(user_id, ie_id, subject_category_id)
@controller.protected()
def get_object_categories(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get('intra_extension_id', None)
return self.admin_api.get_object_category_dict(user_id, ie_id)
@controller.protected()
def add_object_category(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get('intra_extension_id', None)
object_category_name = kw["object_category_name"]
return self.admin_api.add_object_category(user_id, ie_id, object_category_name)
@controller.protected()
def get_object_category(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get('intra_extension_id', None)
object_category_id = kw["object_category_id"]
return self.admin_api.get_object_category_dict(user_id, ie_id)[object_category_id]
@controller.protected()
def del_object_category(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get('intra_extension_id', None)
object_category_id = kw["object_category_id"]
return self.admin_api.del_object_category(user_id, ie_id, object_category_id)
@controller.protected()
def get_action_categories(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get('intra_extension_id', None)
return self.admin_api.get_action_category_dict(user_id, ie_id)
@controller.protected()
def add_action_category(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get('intra_extension_id', None)
action_category_name = kw["action_category_name"]
return self.admin_api.add_action_category(user_id, ie_id, action_category_name)
@controller.protected()
def get_action_category(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get('intra_extension_id', None)
action_category_id = kw["action_category_id"]
return self.admin_api.get_action_category_dict(user_id, ie_id)[action_category_id]
@controller.protected()
def del_action_category(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get('intra_extension_id', None)
action_category_id = kw["action_category_id"]
return self.admin_api.del_action_category(user_id, ie_id, action_category_id)
@@ -265,81 +270,81 @@ class IntraExtensions(controller.V3Controller):
# Perimeter functions
@controller.protected()
def get_subjects(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get('intra_extension_id', None)
return self.admin_api.get_subject_dict(user_id, ie_id)
@controller.protected()
def add_subject(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get('intra_extension_id', None)
subject_name = kw["subject_name"]
return self.admin_api.add_subject(user_id, ie_id, subject_name)
@controller.protected()
def get_subject(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get('intra_extension_id', None)
subject_id = kw["subject_id"]
return self.admin_api.get_subject_dict(user_id, ie_id)[subject_id]
@controller.protected()
def del_subject(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get('intra_extension_id', None)
subject_id = kw["subject_id"]
return self.admin_api.del_subject(user_id, ie_id, subject_id)
@controller.protected()
def get_objects(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get("intra_extension_id", None)
return self.admin_api.get_object_dict(user_id, ie_id)
@controller.protected()
def add_object(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get("intra_extension_id", None)
object_name = kw["object_name"]
return self.admin_api.add_object(user_id, ie_id, object_name)
@controller.protected()
def get_object(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get("intra_extension_id", None)
object_id = kw["object_id"]
return self.admin_api.get_object_dict(user_id, ie_id)[object_id]
@controller.protected()
def del_object(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get("intra_extension_id", None)
object_id = kw["object_id"]
return self.admin_api.del_object(user_id, ie_id, object_id)
@controller.protected()
def get_actions(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get("intra_extension_id", None)
return self.admin_api.get_action_dict(user_id, ie_id)
@controller.protected()
def add_action(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get("intra_extension_id", None)
action_name = kw["action_name"]
return self.admin_api.add_action(user_id, ie_id, action_name)
@controller.protected()
def get_action(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get("intra_extension_id", None)
action_id = kw["action_id"]
return self.admin_api.get_action_dict(user_id, ie_id)[action_id]
@controller.protected()
def del_action(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get("intra_extension_id", None)
action_id = kw["action_id"]
return self.admin_api.del_action(user_id, ie_id, action_id)
@@ -347,14 +352,14 @@ class IntraExtensions(controller.V3Controller):
# Scope functions
@controller.protected()
def get_subject_scopes(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get("intra_extension_id", None)
subject_category_id = kw["subject_category_id"]
return self.admin_api.get_subject_scope_dict(user_id, ie_id, subject_category_id)
@controller.protected()
def add_subject_scope(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get("intra_extension_id", None)
subject_category_id = kw["subject_category_id"]
subject_scope_name = kw["subject_scope_name"]
@@ -366,7 +371,7 @@ class IntraExtensions(controller.V3Controller):
@controller.protected()
def get_subject_scope(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get("intra_extension_id", None)
subject_category_id = kw["subject_category_id"]
subject_scope_id = kw["subject_scope_id"]
@@ -374,7 +379,7 @@ class IntraExtensions(controller.V3Controller):
@controller.protected()
def del_subject_scope(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get("intra_extension_id", None)
subject_category_id = kw["subject_category_id"]
subject_scope_id = kw["subject_scope_id"]
@@ -386,14 +391,14 @@ class IntraExtensions(controller.V3Controller):
@controller.protected()
def get_object_scopes(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get("intra_extension_id", None)
object_category_id = kw["object_category_id"]
return self.admin_api.get_object_scope_dict(user_id, ie_id, object_category_id)
@controller.protected()
def add_object_scope(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get("intra_extension_id", None)
object_category_id = kw["object_category_id"]
object_scope_name = kw["object_scope_name"]
@@ -405,7 +410,7 @@ class IntraExtensions(controller.V3Controller):
@controller.protected()
def get_object_scope(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get("intra_extension_id", None)
object_category_id = kw["object_category_id"]
object_scope_id = kw["object_scope_id"]
@@ -413,7 +418,7 @@ class IntraExtensions(controller.V3Controller):
@controller.protected()
def del_object_scope(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get("intra_extension_id", None)
object_category_id = kw["object_category_id"]
object_scope_id = kw["object_scope_id"]
@@ -425,14 +430,14 @@ class IntraExtensions(controller.V3Controller):
@controller.protected()
def get_action_scopes(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get("intra_extension_id", None)
action_category_id = kw["action_category_id"]
return self.admin_api.get_action_scope_dict(user_id, ie_id, action_category_id)
@controller.protected()
def add_action_scope(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get("intra_extension_id", None)
action_category_id = kw["action_category_id"]
action_scope_name = kw["action_scope_name"]
@@ -444,7 +449,7 @@ class IntraExtensions(controller.V3Controller):
@controller.protected()
def get_action_scope(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get("intra_extension_id", None)
action_category_id = kw["action_category_id"]
action_scope_id = kw["action_scope_id"]
@@ -452,7 +457,7 @@ class IntraExtensions(controller.V3Controller):
@controller.protected()
def del_action_scope(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get("intra_extension_id", None)
action_category_id = kw["action_category_id"]
action_scope_id = kw["action_scope_id"]
@@ -465,14 +470,14 @@ class IntraExtensions(controller.V3Controller):
# Assignment functions
@controller.protected()
def get_subject_assignments(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get("intra_extension_id", None)
subject_id = kw["subject_id"]
return self.admin_api.get_subject_assignment_dict(user_id, ie_id, subject_id)
@controller.protected()
def add_subject_assignment(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get("intra_extension_id", None)
subject_id = kw["subject_id"]
subject_category_id = kw["subject_category_id"]
@@ -486,7 +491,7 @@ class IntraExtensions(controller.V3Controller):
@controller.protected()
def get_subject_assignment(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get("intra_extension_id", None)
subject_id = kw["subject_id"]
subject_category_id = kw["subject_category_id"]
@@ -494,7 +499,7 @@ class IntraExtensions(controller.V3Controller):
@controller.protected()
def del_subject_assignment(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get("intra_extension_id", None)
subject_id = kw["subject_id"]
subject_category_id = kw["subject_category_id"]
@@ -508,14 +513,14 @@ class IntraExtensions(controller.V3Controller):
@controller.protected()
def get_object_assignments(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get("intra_extension_id", None)
object_id = kw["object_id"]
return self.admin_api.get_object_assignment_dict(user_id, ie_id, object_id)
@controller.protected()
def add_object_assignment(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get("intra_extension_id", None)
object_id = kw["object_id"]
object_category_id = kw["object_category_id"]
@@ -529,7 +534,7 @@ class IntraExtensions(controller.V3Controller):
@controller.protected()
def get_object_assignment(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get("intra_extension_id", None)
object_id = kw["object_id"]
object_category_id = kw["object_category_id"]
@@ -537,7 +542,7 @@ class IntraExtensions(controller.V3Controller):
@controller.protected()
def del_object_assignment(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get("intra_extension_id", None)
object_id = kw["object_id"]
object_category_id = kw["object_category_id"]
@@ -551,14 +556,14 @@ class IntraExtensions(controller.V3Controller):
@controller.protected()
def get_action_assignments(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get("intra_extension_id", None)
action_id = kw["action_id"]
return self.admin_api.get_action_assignment_dict(user_id, ie_id, action_id)
@controller.protected()
def add_action_assignment(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get("intra_extension_id", None)
action_id = kw["action_id"]
action_category_id = kw["action_category_id"]
@@ -572,7 +577,7 @@ class IntraExtensions(controller.V3Controller):
@controller.protected()
def get_action_assignment(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get("intra_extension_id", None)
action_id = kw["action_id"]
action_category_id = kw["action_category_id"]
@@ -580,7 +585,7 @@ class IntraExtensions(controller.V3Controller):
@controller.protected()
def del_action_assignment(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get("intra_extension_id", None)
action_id = kw["action_id"]
action_category_id = kw["action_category_id"]
@@ -595,7 +600,7 @@ class IntraExtensions(controller.V3Controller):
# Metarule functions
@controller.protected()
def add_aggregation_algorithm(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get("intra_extension_id", None)
aggregation_algorithm_id = kw["aggregation_algorithm_id"]
return self.admin_api.add_aggregation_algorithm(
@@ -605,13 +610,13 @@ class IntraExtensions(controller.V3Controller):
@controller.protected()
def get_aggregation_algorithm(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get("intra_extension_id", None)
return self.admin_api.get_aggregation_algorithm(user_id, ie_id)
@controller.protected()
def del_aggregation_algorithm(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get("intra_extension_id", None)
aggregation_algorithm_id = kw["aggregation_algorithm_id"]
return self.admin_api.del_aggregation_algorithm(
@@ -621,13 +626,13 @@ class IntraExtensions(controller.V3Controller):
@controller.protected()
def get_sub_meta_rules(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get("intra_extension_id", None)
return self.admin_api.get_sub_meta_rule_dict(user_id, ie_id)
@controller.protected()
def add_sub_meta_rule(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get("intra_extension_id", None)
sub_meta_rule_name = kw["sub_meta_rule_name"]
subject_category_list = kw["subject_categories"]
@@ -647,14 +652,14 @@ class IntraExtensions(controller.V3Controller):
@controller.protected()
def get_sub_meta_rule(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get("intra_extension_id", None)
sub_meta_rule_id = kw["sub_meta_rule_id"]
return self.admin_api.get_sub_meta_rule(user_id, ie_id, sub_meta_rule_id)
@controller.protected()
def del_sub_meta_rule(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get("intra_extension_id")
sub_meta_rule_id = kw["sub_meta_rule_id"]
return self.admin_api.get_sub_meta_rule(user_id, ie_id, sub_meta_rule_id)
@@ -662,14 +667,14 @@ class IntraExtensions(controller.V3Controller):
# Rules functions
@controller.protected()
def get_rules(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get("intra_extension_id", None)
sub_meta_rule_id = kw["sub_meta_rule_id"]
return self.admin_api.get_rule_dict(user_id, ie_id, sub_meta_rule_id)
@controller.protected()
def add_rule(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get("intra_extension_id", None)
sub_meta_rule_id = kw.get("sub_meta_rule_id")
rule_list = list()
@@ -681,7 +686,7 @@ class IntraExtensions(controller.V3Controller):
@controller.protected()
def get_rule(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get("intra_extension_id", None)
sub_meta_rule_id = kw.get("sub_meta_rule_id")
rule_id = kw.get("rule_id")
@@ -689,7 +694,7 @@ class IntraExtensions(controller.V3Controller):
@controller.protected()
def del_rule(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
ie_id = kw.get("intra_extension_id", None)
sub_meta_rule_id = kw["sub_meta_rule_id"]
rule_id = kw["rule_id"]
@@ -709,7 +714,7 @@ class InterExtensions(controller.V3Controller):
# @controller.protected()
# def get_inter_extensions(self, context, **kw):
- # user = self._get_user_from_token(context["token_id"])
+ # user = self._get_user_from_token(context.get('token_id'))
# return {
# "inter_extensions":
# self.interextension_api.get_inter_extensions()
@@ -717,7 +722,7 @@ class InterExtensions(controller.V3Controller):
# @controller.protected()
# def get_inter_extension(self, context, **kw):
- # user = self._get_user_from_token(context["token_id"])
+ # user = self._get_user_from_token(context.get('token_id'))
# return {
# "inter_extensions":
# self.interextension_api.get_inter_extension(uuid=kw['inter_extension_id'])
@@ -725,12 +730,12 @@ class InterExtensions(controller.V3Controller):
# @controller.protected()
# def create_inter_extension(self, context, **kw):
- # user = self._get_user_from_token(context["token_id"])
+ # user = self._get_user_from_token(context.get('token_id'))
# return self.interextension_api.create_inter_extension(kw)
# @controller.protected()
# def delete_inter_extension(self, context, **kw):
- # user = self._get_user_from_token(context["token_id"])
+ # user = self._get_user_from_token(context.get('token_id'))
# if "inter_extension_id" not in kw:
# raise exception.Error
# return self.interextension_api.delete_inter_extension(kw["inter_extension_id"])
@@ -756,7 +761,7 @@ class Logs(controller.V3Controller):
@controller.protected()
def get_logs(self, context, **kw):
- user_id = self._get_user_id_from_token(context["token_id"])
+ user_id = self._get_user_id_from_token(context.get('token_id'))
options = kw.get("options", "")
# FIXME (dthom): the authorization for get_logs must be done with an intra_extension
#if self.authz_api.admin(user["name"], "logs", "read"):
diff --git a/keystone-moon/keystone/contrib/moon/core.py b/keystone-moon/keystone/contrib/moon/core.py
index 74e3404d..524cc420 100644
--- a/keystone-moon/keystone/contrib/moon/core.py
+++ b/keystone-moon/keystone/contrib/moon/core.py
@@ -184,10 +184,20 @@ class TenantManager(manager.Manager):
def get_tenant_dict(self, user_id):
"""
Return a dictionary with all tenants
- :return: dict
+ :return: {
+ tenant_id1: {
+ name: xxx,
+ description: yyy,
+ intra_authz_extension_id: zzz,
+ intra_admin_extension_id: zzz,
+ },
+ tenant_id2: {...},
+ ...
+ }
"""
# TODO: check user right with user_id in SuperExtension
tenant_dict = self.driver.get_tenant_dict()
+ # TODO: check whether we need this exception
if not tenant_dict:
raise TenantDictEmpty()
return tenant_dict
@@ -198,7 +208,7 @@ class TenantManager(manager.Manager):
for tenant_id in tenant_dict:
if tenant_dict[tenant_id]['name'] is tenant_name:
raise TenantAddedNameExisting()
- return self.driver.add_tenant(uuid4().hex, tenant_name, intra_authz_ext_id, intra_admin_ext_id)
+ return self.driver.add_tenant(uuid4().hex(), tenant_name, intra_authz_ext_id, intra_admin_ext_id)
def get_tenant(self, user_id, tenant_id):
# TODO: check user right with user_id in SuperExtension
@@ -209,8 +219,7 @@ class TenantManager(manager.Manager):
def del_tenant(self, user_id, tenant_id):
# TODO: check user right with user_id in SuperExtension
- tenant_dict = self.driver.get_tenant_dict()
- if tenant_id not in tenant_dict:
+ if tenant_id not in self.driver.get_tenant_dict():
raise TenantUnknown()
return self.driver.del_tenant(tenant_id)