summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--keystone-moon/keystone/contrib/moon/backends/sql.py21
-rw-r--r--keystone-moon/keystone/contrib/moon/core.py8
-rw-r--r--keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py4
-rw-r--r--keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py4
-rw-r--r--moonclient/moonclient/metarules.py6
5 files changed, 24 insertions, 19 deletions
diff --git a/keystone-moon/keystone/contrib/moon/backends/sql.py b/keystone-moon/keystone/contrib/moon/backends/sql.py
index 06071507..2b7258ea 100644
--- a/keystone-moon/keystone/contrib/moon/backends/sql.py
+++ b/keystone-moon/keystone/contrib/moon/backends/sql.py
@@ -292,12 +292,6 @@ class Rule(sql.ModelBase, sql.DictBase):
__all_objects__ = (
- Subject,
- Object,
- Action,
- SubjectCategory,
- ObjectCategory,
- ActionCategory,
SubjectScope,
ObjectScope,
ActionScope,
@@ -305,6 +299,12 @@ __all_objects__ = (
ObjectAssignment,
ActionAssignment,
SubMetaRule,
+ SubjectCategory,
+ ObjectCategory,
+ ActionCategory,
+ Subject,
+ Object,
+ Action,
Rule,
)
@@ -375,8 +375,8 @@ class IntraExtensionConnector(IntraExtensionDriver):
for _object in __all_objects__:
query = session.query(_object)
query = query.filter_by(intra_extension_id=intra_extension_id)
- _ref = query.first()
- if _ref:
+ _refs = query.all()
+ for _ref in _refs:
session.delete(_ref)
session.flush()
session.delete(ref)
@@ -936,7 +936,7 @@ class IntraExtensionConnector(IntraExtensionDriver):
query = query.filter_by(id=intra_extension_id)
ref = query.first()
try:
- return ref.intra_extension["aggregation_algorithm"]
+ return {"aggregation_algorithm": ref.intra_extension["aggregation_algorithm"]}
except KeyError:
return ""
@@ -948,7 +948,8 @@ class IntraExtensionConnector(IntraExtensionDriver):
intra_extension_dict = dict(ref.intra_extension)
intra_extension_dict["aggregation_algorithm"] = aggregation_algorithm_id
setattr(ref, "intra_extension", intra_extension_dict)
- return self.get_aggregation_algorithm_id(intra_extension_id)
+ session.flush()
+ return {"aggregation_algorithm": ref.intra_extension["aggregation_algorithm"]}
def del_aggregation_algorithm(self, intra_extension_id):
with sql.transaction() as session:
diff --git a/keystone-moon/keystone/contrib/moon/core.py b/keystone-moon/keystone/contrib/moon/core.py
index 0560d464..8e56f135 100644
--- a/keystone-moon/keystone/contrib/moon/core.py
+++ b/keystone-moon/keystone/contrib/moon/core.py
@@ -496,7 +496,8 @@ class IntraExtensionManager(manager.Manager):
try:
self.root_extension_id = self.root_api.get_root_extension_id()
self.aggregation_algorithm_dict = self.configuration_api.get_aggregation_algorithms_dict(self.root_extension_id)
- except AttributeError:
+ except AttributeError as e:
+ LOG.warning("Error on init_aggregation_algorithm ({})".format(e))
self.root_extension_id = None
self.aggregation_algorithm_dict = {}
@@ -588,7 +589,7 @@ class IntraExtensionManager(manager.Manager):
if not self.root_extension_id:
self.__init_aggregation_algorithm()
- aggregation_algorithm_id = self.driver.get_aggregation_algorithm_id(intra_extension_id)
+ aggregation_algorithm_id = self.driver.get_aggregation_algorithm_id(intra_extension_id)['aggregation_algorithm']
if self.aggregation_algorithm_dict[aggregation_algorithm_id]['name'] == 'all_true':
decision = all_true(decision_buffer)
elif self.aggregation_algorithm_dict[aggregation_algorithm_id]['name'] == 'one_true':
@@ -813,6 +814,9 @@ class IntraExtensionManager(manager.Manager):
for _id, _value in self.configuration_api.driver.get_aggregation_algorithms_dict().iteritems():
if _value["name"] == json_metarule["aggregation"]:
self.driver.set_aggregation_algorithm_id(intra_extension_dict["id"], _id)
+ break
+ else:
+ LOG.warning("No aggregation_algorithm found for '{}'".format(json_metarule["aggregation"]))
def __load_rule_file(self, intra_extension_dict, policy_dir):
diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py
index 00e9e09f..424e4cbb 100644
--- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py
+++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py
@@ -852,7 +852,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
aggregation_algorithm = self.admin_manager.get_aggregation_algorithm_id(admin_subject_id, authz_ie_dict["id"])
- self.assertIsInstance(aggregation_algorithm, basestring)
+ self.assertIsInstance(aggregation_algorithm, dict)
# TODO: need more tests on aggregation_algorithms (set and del)
@@ -1999,7 +1999,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
aggregation_algorithm = self.admin_manager.get_aggregation_algorithm_id(admin_subject_id, authz_ie_dict["id"])
- self.assertIsInstance(aggregation_algorithm, basestring)
+ self.assertIsInstance(aggregation_algorithm, dict)
# TODO: need more tests on aggregation_algorithms (set and del)
diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py
index 51654227..afe0e7f2 100644
--- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py
+++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py
@@ -836,7 +836,7 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase):
self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
aggregation_algorithm = self.admin_manager.get_aggregation_algorithm_id(admin_subject_id, authz_ie_dict["id"])
- self.assertIsInstance(aggregation_algorithm, basestring)
+ self.assertIsInstance(aggregation_algorithm, dict)
# TODO: need more tests on aggregation_algorithms (set and del)
@@ -2216,7 +2216,7 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
aggregation_algorithm = self.admin_manager.get_aggregation_algorithm_id(admin_subject_id, authz_ie_dict["id"])
- self.assertIsInstance(aggregation_algorithm, basestring)
+ self.assertIsInstance(aggregation_algorithm, dict)
# TODO: need more tests on aggregation_algorithms (set and del)
diff --git a/moonclient/moonclient/metarules.py b/moonclient/moonclient/metarules.py
index a980cd85..8938f890 100644
--- a/moonclient/moonclient/metarules.py
+++ b/moonclient/moonclient/metarules.py
@@ -36,10 +36,10 @@ class AggregationAlgorithmsList(Lister):
data = self.app.get_url("/v3/OS-MOON/intra_extensions/{}/aggregation_algorithm".format(
parsed_args.intraextension),
authtoken=True)
- algorithm = self.__get_aggregation_algorithm_from_id(data['content'])
+ algorithm = self.__get_aggregation_algorithm_from_id(data['aggregation_algorithm'])
return (
("id", "name", "description"),
- ((data['content'], algorithm["name"], algorithm["description"]), )
+ ((data['aggregation_algorithm'], algorithm["name"], algorithm["description"]), )
)
@@ -82,7 +82,7 @@ class AggregationAlgorithmSet(Command):
"aggregation_algorithm_id": parsed_args.aggregation_algorithm_id,
"aggregation_algorithm_description": parsed_args.description},
authtoken=True)
- algorithm = self.__get_aggregation_algorithm_from_id(data['content'])
+ algorithm = self.__get_aggregation_algorithm_from_id(data['aggregation_algorithm'])
return (
("id",),
(algorithm,)