diff options
10 files changed, 118 insertions, 123 deletions
diff --git a/keystone-moon/keystone/contrib/moon/backends/memory.py b/keystone-moon/keystone/contrib/moon/backends/memory.py index 1d5d5fcf..45055f60 100644 --- a/keystone-moon/keystone/contrib/moon/backends/memory.py +++ b/keystone-moon/keystone/contrib/moon/backends/memory.py @@ -10,7 +10,7 @@ import json from keystone import config from keystone.contrib.moon.core import ConfigurationDriver from oslo_log import log - +import hashlib CONF = config.CONF LOG = log.getLogger(__name__) @@ -21,8 +21,10 @@ class ConfigurationConnector(ConfigurationDriver): def __init__(self): super(ConfigurationConnector, self).__init__() self.aggregation_algorithms_dict = dict() - self.aggregation_algorithms_dict[uuid4().hex] = {'name': 'all_true', 'description': 'all_true'} - self.aggregation_algorithms_dict[uuid4().hex] = {'name': 'one_true', 'description': 'one_true'} + self.aggregation_algorithms_dict[hashlib.sha224("all_true").hexdigest()[:32]] = \ + {'name': 'all_true', 'description': 'all rules must match'} + self.aggregation_algorithms_dict[hashlib.sha224("one_true").hexdigest()[:32]] = \ + {'name': 'one_true', 'description': 'only one rule has to match'} self.sub_meta_rule_algorithms_dict = dict() self.sub_meta_rule_algorithms_dict[uuid4().hex] = {'name': 'inclusion', 'description': 'inclusion'} self.sub_meta_rule_algorithms_dict[uuid4().hex] = {'name': 'comparison', 'description': 'comparison'} diff --git a/keystone-moon/keystone/contrib/moon/backends/sql.py b/keystone-moon/keystone/contrib/moon/backends/sql.py index 0a2e2407..a3418c15 100644 --- a/keystone-moon/keystone/contrib/moon/backends/sql.py +++ b/keystone-moon/keystone/contrib/moon/backends/sql.py @@ -942,38 +942,30 @@ class IntraExtensionConnector(IntraExtensionDriver): # Getter and Setter for sub_meta_rule - def get_aggregation_algorithm_dict(self, intra_extension_id): + def get_aggregation_algorithm_id(self, intra_extension_id): with sql.transaction() as session: - query = session.query(AggregationAlgorithm) - query = query.filter_by(intra_extension_id=intra_extension_id) + query = session.query(IntraExtension) + query = query.filter_by(id=intra_extension_id) ref = query.first() try: - return {ref.id: ref.aggregation_algorithm} - except AttributeError: - return {} + return ref.intra_extension["aggregation_algorithm"] + except KeyError: + return "" - def set_aggregation_algorithm_dict(self, intra_extension_id, aggregation_algorithm_id, aggregation_algorithm_dict): + def set_aggregation_algorithm_id(self, intra_extension_id, aggregation_algorithm_id): with sql.transaction() as session: - query = session.query(AggregationAlgorithm) - query = query.filter_by(intra_extension_id=intra_extension_id) + query = session.query(IntraExtension) + query = query.filter_by(id=intra_extension_id) ref = query.first() - new_ref = AggregationAlgorithm.from_dict( - { - "id": aggregation_algorithm_id, - 'aggregation_algorithm': aggregation_algorithm_dict, - 'intra_extension_id': intra_extension_id - } - ) - if ref: - session.delete(ref) - session.add(new_ref) - session.flush() - return self.get_aggregation_algorithm_dict(intra_extension_id) + intra_extension_dict = dict(ref.intra_extension) + intra_extension_dict["aggregation_algorithm"] = aggregation_algorithm_id + setattr(ref, "intra_extension", intra_extension_dict) + return self.get_aggregation_algorithm_id(intra_extension_id) - def del_aggregation_algorithm(self, intra_extension_id, aggregation_algorithm_id): + def del_aggregation_algorithm(self, intra_extension_id): with sql.transaction() as session: query = session.query(AggregationAlgorithm) - query = query.filter_by(intra_extension_id=intra_extension_id, id=aggregation_algorithm_id) + query = query.filter_by(intra_extension_id=intra_extension_id) ref = query.first() session.delete(ref) diff --git a/keystone-moon/keystone/contrib/moon/controllers.py b/keystone-moon/keystone/contrib/moon/controllers.py index 0be0d7e5..4bc619a3 100644 --- a/keystone-moon/keystone/contrib/moon/controllers.py +++ b/keystone-moon/keystone/contrib/moon/controllers.py @@ -644,10 +644,7 @@ class IntraExtensions(controller.V3Controller): user_id = self._get_user_id_from_token(context.get('token_id')) intra_extension_id = kw.get('intra_extension_id', None) aggregation_algorithm_id = kw.get('aggregation_algorithm_id', None) - aggregation_algorithm_dict = dict() - aggregation_algorithm_dict['name'] = kw.get('aggregation_algorithm_name', None) - aggregation_algorithm_dict['description'] = kw.get('aggregation_algorithm_description', None) - return self.admin_api.set_aggregation_algorithm_dict(user_id, intra_extension_id, aggregation_algorithm_id, aggregation_algorithm_dict) + return self.admin_api.set_aggregation_algorithm_dict(user_id, intra_extension_id, aggregation_algorithm_id) @controller.protected() def get_sub_meta_rules(self, context, **kw): diff --git a/keystone-moon/keystone/contrib/moon/core.py b/keystone-moon/keystone/contrib/moon/core.py index a92f026a..db194911 100644 --- a/keystone-moon/keystone/contrib/moon/core.py +++ b/keystone-moon/keystone/contrib/moon/core.py @@ -335,6 +335,7 @@ class ConfigurationManager(manager.Manager): @dependency.provider('tenant_api') +@dependency.requires('admin_api', 'resource_api', 'root_api') @dependency.requires('moonlog_api', 'admin_api', 'configuration_api', 'root_api', 'resource_api') class TenantManager(manager.Manager): @@ -461,6 +462,7 @@ class TenantManager(manager.Manager): return self.driver.set_tenant_dict(tenant_id, tenant_dict) + @dependency.requires('identity_api', 'tenant_api', 'configuration_api', 'authz_api', 'admin_api', 'moonlog_api', 'root_api') class IntraExtensionManager(manager.Manager): @@ -468,6 +470,15 @@ class IntraExtensionManager(manager.Manager): def __init__(self): super(IntraExtensionManager, self).__init__(CONF.moon.intraextension_driver) + self.__init_aggregation_algorithm() + + def __init_aggregation_algorithm(self): + try: + self.root_extension_id = self.root_api.get_root_extension_id() + self.aggregation_algorithm_dict = self.configuration_api.get_aggregation_algorithms_dict(self.root_extension_id) + except AttributeError: + self.root_extension_id = None + self.aggregation_algorithm_dict = {} def __get_authz_buffer(self, intra_extension_id, subject_id, object_id, action_id): """ @@ -548,13 +559,12 @@ class IntraExtensionManager(manager.Manager): meta_rule_dict[sub_meta_rule_id], self.driver.get_rules_dict(intra_extension_id, sub_meta_rule_id).values()) - aggregation_algorithm_dict = self.driver.get_aggregation_algorithm_dict(intra_extension_id) - # We suppose here that we have only one aggregation algorithm for one intra_extension - # TODO: need more work on this part of the model HR: what to do? - aggregation_algorithm_id = aggregation_algorithm_dict.keys()[0] - if aggregation_algorithm_dict[aggregation_algorithm_id]['name'] == 'all_true': + if not self.root_extension_id: + self.__init_aggregation_algorithm() + aggregation_algorithm_id = self.driver.get_aggregation_algorithm_id(intra_extension_id) + if self.aggregation_algorithm_dict[aggregation_algorithm_id]['name'] == 'all_true': decision = all_true(decision_buffer) - elif aggregation_algorithm_dict[aggregation_algorithm_id]['name'] == 'one_true': + elif self.aggregation_algorithm_dict[aggregation_algorithm_id]['name'] == 'one_true': decision = one_true(decision_buffer) if not decision: raise AuthzException("{} {}-{}-{}".format(intra_extension_id, subject_id, action_id, object_id)) @@ -773,11 +783,9 @@ class IntraExtensionManager(manager.Manager): "aggregation": json_metarule["aggregation"], "sub_meta_rules": metarule } - self.driver.set_aggregation_algorithm_dict(intra_extension_dict["id"], uuid4().hex, - { - "name": json_metarule["aggregation"], - "description": json_metarule["aggregation"], - }) + for _id, _value in self.configuration_api.driver.get_aggregation_algorithms_dict().iteritems(): + if _value["name"] == json_metarule["aggregation"]: + self.driver.set_aggregation_algorithm_id(intra_extension_dict["id"], _id) def __load_rule_file(self, intra_extension_dict, policy_dir): @@ -912,8 +920,7 @@ class IntraExtensionManager(manager.Manager): for rule_id in self.driver.get_rules_dict(intra_extension_id, sub_meta_rule_id): self.driver.del_rule(intra_extension_id, sub_meta_rule_id, rule_id) self.driver.del_sub_meta_rule(intra_extension_id, sub_meta_rule_id) - for aggregation_algorithm_id in self.driver.get_aggregation_algorithm_dict(intra_extension_id): - self.driver.del_aggregation_algorithm(intra_extension_id, aggregation_algorithm_id) + self.driver.del_aggregation_algorithm(intra_extension_id) for subject_id in self.driver.get_subjects_dict(intra_extension_id): for subject_category_id in self.driver.get_subject_categories_dict(intra_extension_id): self.driver.del_subject_scope(intra_extension_id, None, None) @@ -1608,7 +1615,7 @@ class IntraExtensionManager(manager.Manager): @filter_input @enforce("read", "aggregation_algorithm") - def get_aggregation_algorithm_dict(self, user_id, intra_extension_id): + def get_aggregation_algorithm_id(self, user_id, intra_extension_id): """ :param user_id: :param intra_extension_id: @@ -1616,20 +1623,19 @@ class IntraExtensionManager(manager.Manager): aggregation_algorithm_id: {name: xxx, description: yyy} } """ - aggregation_algorithm_dict = self.driver.get_aggregation_algorithm_dict(intra_extension_id) - if not aggregation_algorithm_dict: + aggregation_algorithm_id = self.driver.get_aggregation_algorithm_id(intra_extension_id) + if not aggregation_algorithm_id: raise AggregationAlgorithmNotExisting() - return aggregation_algorithm_dict + return aggregation_algorithm_id @filter_input @enforce(("read", "write"), "aggregation_algorithm") - def set_aggregation_algorithm_dict(self, user_id, intra_extension_id, aggregation_algorithm_id, aggregation_algorithm_dict): + def set_aggregation_algorithm_id(self, user_id, intra_extension_id, aggregation_algorithm_id): if aggregation_algorithm_id: - if aggregation_algorithm_id not in self.configuration_api.get_aggregation_algorithms_dict(self.root_api.get_root_admin_id()): + if aggregation_algorithm_id not in self.configuration_api.get_aggregation_algorithms_dict( + self.root_api.get_root_admin_id()): raise AggregationAlgorithmUnknown() - else: - aggregation_algorithm_id = uuid4().hex - return self.driver.set_aggregation_algorithm_dict(intra_extension_id, aggregation_algorithm_id, aggregation_algorithm_dict) + return self.driver.set_aggregation_algorithm_id(intra_extension_id, aggregation_algorithm_id) @filter_input @enforce("read", "sub_meta_rules") @@ -1756,6 +1762,7 @@ class IntraExtensionManager(manager.Manager): @dependency.provider('authz_api') +#@dependency.requires('resource_api') class IntraExtensionAuthzManager(IntraExtensionManager): def __init__(self): @@ -1940,10 +1947,10 @@ class IntraExtensionAuthzManager(IntraExtensionManager): def del_action_assignment(self, user_id, intra_extension_id, action_id, action_category_id, action_scope_id): raise AuthzException() - def set_aggregation_algorithm_dict(self, user_id, intra_extension_id, aggregation_algorithm_id, aggregation_algorithm_dict): + def set_aggregation_algorithm_id(self, user_id, intra_extension_id, aggregation_algorithm_id): raise AuthzException() - def del_aggregation_algorithm_dict(self, user_id, intra_extension_id, aggregation_algorithm_id): + def del_aggregation_algorithm_(self, user_id, intra_extension_id): raise AuthzException() def add_sub_meta_rule_dict(self, user_id, intra_extension_id, sub_meta_rule_dict): @@ -1966,6 +1973,7 @@ class IntraExtensionAuthzManager(IntraExtensionManager): @dependency.provider('admin_api') +#@dependency.requires('resource_api') class IntraExtensionAdminManager(IntraExtensionManager): def __init__(self): @@ -2051,7 +2059,7 @@ class IntraExtensionAdminManager(IntraExtensionManager): @dependency.provider('root_api') -@dependency.requires('moonlog_api', 'admin_api', 'tenant_api') +#@dependency.requires('admin_api') class IntraExtensionRootManager(IntraExtensionManager): def __init__(self): @@ -2098,7 +2106,7 @@ class IntraExtensionRootManager(IntraExtensionManager): @dependency.provider('moonlog_api') # Next line is mandatory in order to force keystone to process dependencies. -@dependency.requires('identity_api', 'tenant_api', 'configuration_api', 'authz_api', 'admin_api', 'root_api') +#@dependency.requires('identity_api', 'tenant_api', 'configuration_api', 'authz_api', 'admin_api', 'root_api') class LogManager(manager.Manager): driver_namespace = 'keystone.moon.log' @@ -2180,7 +2188,7 @@ class ConfigurationDriver(object): def get_policy_templates_dict(self): raise exception.NotImplemented() # pragma: no cover - def get_aggregation_algorithm_dict(self): + def get_aggregation_algorithm_id(self): raise exception.NotImplemented() # pragma: no cover def get_sub_meta_rule_algorithms_dict(self): @@ -2464,13 +2472,13 @@ class IntraExtensionDriver(object): # Meta_rule functions - def set_aggregation_algorithm_dict(self, intra_extension_id, aggregation_algorithm_id, aggregation_algorithm_dict): + def set_aggregation_algorithm_id(self, intra_extension_id, aggregation_algorithm_id): raise exception.NotImplemented() # pragma: no cover - def get_aggregation_algorithm_dict(self, intra_extension_id): + def get_aggregation_algorithm_id(self, intra_extension_id): raise exception.NotImplemented() # pragma: no cover - def del_aggregation_algorithm(self, intra_extension_id, aggregation_algorithm_id): + def del_aggregation_algorithm(self, intra_extension_id): raise exception.NotImplemented() # pragma: no cover def get_sub_meta_rules_dict(self, intra_extension_id): diff --git a/keystone-moon/keystone/contrib/moon/routers.py b/keystone-moon/keystone/contrib/moon/routers.py index 340bd194..4da672cf 100644 --- a/keystone-moon/keystone/contrib/moon/routers.py +++ b/keystone-moon/keystone/contrib/moon/routers.py @@ -366,13 +366,6 @@ class Routers(wsgi.V3ExtensionRouter): mapper, intra_ext_controller, path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/aggregation_algorithm', post_action='set_aggregation_algorithm', - rel=self._get_rel('aggregation_algorithms'), - path_vars={ - 'intra_extension_id': self._get_path('intra_extensions'), - }) - self._add_resource( - mapper, intra_ext_controller, - path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/aggregation_algorithm/{aggregation_algorithm_id}', get_action='get_aggregation_algorithm', rel=self._get_rel('aggregation_algorithms'), path_vars={ diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_configuration.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_configuration.py index 83606ff3..efc5acd2 100644 --- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_configuration.py +++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_configuration.py @@ -15,6 +15,8 @@ from keystone.tests.unit import default_fixtures from keystone.contrib.moon.core import LogManager from keystone.contrib.moon.core import IntraExtensionAdminManager from keystone.contrib.moon.core import IntraExtensionRootManager +from keystone.contrib.moon.core import ConfigurationManager +from keystone.contrib.moon.core import IntraExtensionAuthzManager from keystone.tests.moon.unit import * CONF = cfg.CONF @@ -43,7 +45,9 @@ class TestConfigurationManager(tests.TestCase): return { "moonlog_api": LogManager(), "admin_api": IntraExtensionAdminManager(), - "root_api": IntraExtensionRootManager() + "configuration_api": ConfigurationManager(), + "root_api": IntraExtensionRootManager(), + "authz_api": IntraExtensionAuthzManager() } def config_overrides(self): diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py index e76173e7..c97776d3 100644 --- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py +++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py @@ -11,6 +11,7 @@ import uuid from oslo_config import cfg from keystone.tests import unit as tests from keystone.contrib.moon.core import IntraExtensionAdminManager, IntraExtensionAuthzManager +from keystone.contrib.moon.core import IntraExtensionRootManager, ConfigurationManager from keystone.tests.unit.ksfixtures import database from keystone import resource from keystone.contrib.moon.exception import * @@ -61,6 +62,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): "tenant_api": TenantManager(), "admin_api": IntraExtensionAdminManager(), "authz_api": IntraExtensionAuthzManager(), + "configuration_api": ConfigurationManager(), # "resource_api": resource.Manager(), } @@ -852,11 +854,8 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): demo_subject_id, demo_subject_dict = \ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() - aggregation_algorithms = self.admin_manager.get_aggregation_algorithm_dict(admin_subject_id, authz_ie_dict["id"]) - for key, value in aggregation_algorithms.iteritems(): - self.assertIsInstance(value, dict) - self.assertIn("name", value) - self.assertIn("description", value) + aggregation_algorithm = self.admin_manager.get_aggregation_algorithm_id(admin_subject_id, authz_ie_dict["id"]) + self.assertIsInstance(aggregation_algorithm, basestring) # TODO: need more tests on aggregation_algorithms (set and del) @@ -988,6 +987,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): "tenant_api": TenantManager(), "admin_api": IntraExtensionAdminManager(), "authz_api": IntraExtensionAuthzManager(), + "configuration_api": ConfigurationManager(), # "resource_api": resource.Manager(), } @@ -2004,11 +2004,8 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): demo_subject_id, demo_subject_dict = \ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() - aggregation_algorithms = self.admin_manager.get_aggregation_algorithm_dict(admin_subject_id, authz_ie_dict["id"]) - for key, value in aggregation_algorithms.iteritems(): - self.assertIsInstance(value, dict) - self.assertIn("name", value) - self.assertIn("description", value) + aggregation_algorithm = self.admin_manager.get_aggregation_algorithm_id(admin_subject_id, authz_ie_dict["id"]) + self.assertIsInstance(aggregation_algorithm, basestring) # TODO: need more tests on aggregation_algorithms (set and del) @@ -2032,7 +2029,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): self.assertIn(object_category_id, categories["object_categories"]) for subject_category_id in value["subject_categories"]: self.assertIn(subject_category_id, categories["subject_categories"]) - # TODO: need more tests (set and del) + # TODO: need more tests (set and del) def test_sub_rules(self): authz_ie_dict = create_intra_extension(self, "policy_authz") @@ -2052,15 +2049,15 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): for relation_id in sub_meta_rules: rules = self.admin_manager.get_rules_dict(admin_subject_id, authz_ie_dict["id"], relation_id) rule_length = len(sub_meta_rules[relation_id]["subject_categories"]) + \ - len(sub_meta_rules[relation_id]["object_categories"]) + \ - len(sub_meta_rules[relation_id]["action_categories"]) + 1 + len(sub_meta_rules[relation_id]["object_categories"]) + \ + len(sub_meta_rules[relation_id]["action_categories"]) + 1 for rule_id in rules: self.assertEqual(rule_length, len(rules[rule_id])) rule = list(rules[rule_id]) for cat, cat_func, func_name in ( - ("subject_categories", self.admin_manager.get_subject_scopes_dict, "subject_scope"), - ("action_categories", self.admin_manager.get_action_scopes_dict, "action_scope"), - ("object_categories", self.admin_manager.get_object_scopes_dict, "object_scope"), + ("subject_categories", self.admin_manager.get_subject_scopes_dict, "subject_scope"), + ("action_categories", self.admin_manager.get_action_scopes_dict, "action_scope"), + ("object_categories", self.admin_manager.get_object_scopes_dict, "object_scope"), ): for cat_value in sub_meta_rules[relation_id][cat]: scope = cat_func( @@ -2076,9 +2073,9 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): sub_rule = [] for cat, cat_func, func_name in ( - ("subject_categories", self.admin_manager.get_subject_scopes_dict, "subject_scope"), - ("action_categories", self.admin_manager.get_action_scopes_dict, "action_scope"), - ("object_categories", self.admin_manager.get_object_scopes_dict, "object_scope"), + ("subject_categories", self.admin_manager.get_subject_scopes_dict, "subject_scope"), + ("action_categories", self.admin_manager.get_action_scopes_dict, "action_scope"), + ("object_categories", self.admin_manager.get_object_scopes_dict, "object_scope"), ): for cat_value in sub_meta_rules[relation_id][cat]: scope = cat_func( @@ -2101,9 +2098,9 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): for rule_id, rule_value in sub_rules.iteritems(): for cat, cat_func, func_name in ( - ("subject_categories", self.admin_manager.get_subject_scopes_dict, "subject_category_scope"), - ("action_categories", self.admin_manager.get_action_scopes_dict, "action_category_scope"), - ("object_categories", self.admin_manager.get_object_scopes_dict, "object_category_scope"), + ("subject_categories", self.admin_manager.get_subject_scopes_dict, "subject_category_scope"), + ("action_categories", self.admin_manager.get_action_scopes_dict, "action_category_scope"), + ("object_categories", self.admin_manager.get_object_scopes_dict, "object_category_scope"), ): for cat_value in sub_meta_rules[relation_id][cat]: scope = cat_func( @@ -2114,4 +2111,4 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): a_scope = rule_value.pop(0) self.assertIn(a_scope, scope.keys()) - # TODO: add test for the delete function + # TODO: add test for the delete function diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py index c96c00b5..8efa4ab8 100644 --- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py +++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py @@ -11,6 +11,7 @@ import uuid from oslo_config import cfg from keystone.tests import unit as tests from keystone.contrib.moon.core import IntraExtensionAdminManager, IntraExtensionAuthzManager, IntraExtensionRootManager +from keystone.contrib.moon.core import ConfigurationManager from keystone.tests.unit.ksfixtures import database from keystone import resource from keystone.contrib.moon.exception import * @@ -32,7 +33,7 @@ IE = { "description": "a simple description." } -@dependency.requires('admin_api', 'authz_api', 'tenant_api', 'configuration_api', 'moonlog_api') +#@dependency.requires('admin_api', 'authz_api', 'tenant_api', 'configuration_api', 'moonlog_api') class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase): def setUp(self): @@ -59,6 +60,7 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase): "tenant_api": TenantManager(), "admin_api": IntraExtensionAdminManager(), "authz_api": IntraExtensionAuthzManager(), + "configuration_api": ConfigurationManager(), # "resource_api": resource.Manager(), } @@ -836,11 +838,8 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase): demo_subject_id, demo_subject_dict = \ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() - aggregation_algorithms = self.admin_manager.get_aggregation_algorithm_dict(admin_subject_id, authz_ie_dict["id"]) - for key, value in aggregation_algorithms.iteritems(): - self.assertIsInstance(value, dict) - self.assertIn("name", value) - self.assertIn("description", value) + aggregation_algorithm = self.admin_manager.get_aggregation_algorithm_id(admin_subject_id, authz_ie_dict["id"]) + self.assertIsInstance(aggregation_algorithm, basestring) # TODO: need more tests on aggregation_algorithms (set and del) @@ -942,7 +941,7 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase): # TODO: add test for the delete function -@dependency.requires('admin_api', 'authz_api', 'tenant_api', 'configuration_api', 'moonlog_api', 'identity_api', 'root_api') +#@dependency.requires('admin_api', 'authz_api', 'tenant_api', 'configuration_api', 'moonlog_api', 'identity_api', 'root_api') class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): def setUp(self): @@ -971,6 +970,7 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): return { "moonlog_api": LogManager(), "tenant_api": TenantManager(), + "configuration_api": ConfigurationManager(), "admin_api": IntraExtensionAdminManager(), "authz_api": IntraExtensionAuthzManager(), "root_api": IntraExtensionRootManager(), @@ -1231,9 +1231,7 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): aggregation_algorithms = self.configuration_api.get_aggregation_algorithms_dict(admin_subject_id) for _id in aggregation_algorithms: if aggregation_algorithms[_id]["name"] == "one_true": - agg = self.admin_manager.set_aggregation_algorithm_dict(admin_subject_id, authz_ie_dict["id"], - _id, - aggregation_algorithms[_id]) + agg = self.admin_manager.set_aggregation_algorithm_id(admin_subject_id, authz_ie_dict["id"], _id) rule = self.admin_manager.add_rule_dict( admin_subject_id, @@ -2228,11 +2226,8 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): demo_subject_id, demo_subject_dict = \ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() - aggregation_algorithms = self.admin_manager.get_aggregation_algorithm_dict(admin_subject_id, authz_ie_dict["id"]) - for key, value in aggregation_algorithms.iteritems(): - self.assertIsInstance(value, dict) - self.assertIn("name", value) - self.assertIn("description", value) + aggregation_algorithm = self.admin_manager.get_aggregation_algorithm_id(admin_subject_id, authz_ie_dict["id"]) + self.assertIsInstance(aggregation_algorithm, basestring) # TODO: need more tests on aggregation_algorithms (set and del) @@ -2256,7 +2251,7 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): self.assertIn(object_category_id, categories["object_categories"]) for subject_category_id in value["subject_categories"]: self.assertIn(subject_category_id, categories["subject_categories"]) - # TODO: need more tests (set and del) + # TODO: need more tests (set and del) def test_sub_rules(self): authz_ie_dict = create_intra_extension(self, "policy_authz") @@ -2274,15 +2269,15 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): for relation_id in sub_meta_rules: rules = self.admin_manager.get_rules_dict(admin_subject_id, authz_ie_dict["id"], relation_id) rule_length = len(sub_meta_rules[relation_id]["subject_categories"]) + \ - len(sub_meta_rules[relation_id]["object_categories"]) + \ - len(sub_meta_rules[relation_id]["action_categories"]) + 1 + len(sub_meta_rules[relation_id]["object_categories"]) + \ + len(sub_meta_rules[relation_id]["action_categories"]) + 1 for rule_id in rules: self.assertEqual(rule_length, len(rules[rule_id])) rule = list(rules[rule_id]) for cat, cat_func, func_name in ( - ("subject_categories", self.admin_manager.get_subject_scopes_dict, "subject_scope"), - ("action_categories", self.admin_manager.get_action_scopes_dict, "action_scope"), - ("object_categories", self.admin_manager.get_object_scopes_dict, "object_scope"), + ("subject_categories", self.admin_manager.get_subject_scopes_dict, "subject_scope"), + ("action_categories", self.admin_manager.get_action_scopes_dict, "action_scope"), + ("object_categories", self.admin_manager.get_object_scopes_dict, "object_scope"), ): for cat_value in sub_meta_rules[relation_id][cat]: scope = cat_func( @@ -2298,9 +2293,9 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): sub_rule = [] for cat, cat_func, func_name in ( - ("subject_categories", self.admin_manager.get_subject_scopes_dict, "subject_scope"), - ("action_categories", self.admin_manager.get_action_scopes_dict, "action_scope"), - ("object_categories", self.admin_manager.get_object_scopes_dict, "object_scope"), + ("subject_categories", self.admin_manager.get_subject_scopes_dict, "subject_scope"), + ("action_categories", self.admin_manager.get_action_scopes_dict, "action_scope"), + ("object_categories", self.admin_manager.get_object_scopes_dict, "object_scope"), ): for cat_value in sub_meta_rules[relation_id][cat]: scope = cat_func( @@ -2323,9 +2318,9 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): for rule_id, rule_value in sub_rules.iteritems(): for cat, cat_func, func_name in ( - ("subject_categories", self.admin_manager.get_subject_scopes_dict, "subject_category_scope"), - ("action_categories", self.admin_manager.get_action_scopes_dict, "action_category_scope"), - ("object_categories", self.admin_manager.get_object_scopes_dict, "object_category_scope"), + ("subject_categories", self.admin_manager.get_subject_scopes_dict, "subject_category_scope"), + ("action_categories", self.admin_manager.get_action_scopes_dict, "action_category_scope"), + ("object_categories", self.admin_manager.get_object_scopes_dict, "object_category_scope"), ): for cat_value in sub_meta_rules[relation_id][cat]: scope = cat_func( @@ -2336,4 +2331,4 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): a_scope = rule_value.pop(0) self.assertIn(a_scope, scope.keys()) - # TODO: add test for the delete function + # TODO: add test for the delete function diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_log.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_log.py index 37d210aa..06864cc5 100644 --- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_log.py +++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_log.py @@ -11,7 +11,8 @@ import uuid import time from oslo_config import cfg from keystone.tests import unit as tests -from keystone.contrib.moon.core import IntraExtensionAdminManager +from keystone.contrib.moon.core import ConfigurationManager +from keystone.contrib.moon.core import IntraExtensionAuthzManager from keystone.tests.unit.ksfixtures import database from keystone import resource from keystone.contrib.moon.exception import * @@ -60,7 +61,9 @@ class TestIntraExtensionAdminManager(tests.TestCase): def load_extra_backends(self): return { "moonlog_api": LogManager(), + "authz_api": IntraExtensionAuthzManager(), "tenant_api": TenantManager(), + "configuration_api": ConfigurationManager(), # "resource_api": resource.Manager(), } diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py index f8b2f4d5..794ececc 100644 --- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py +++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py @@ -8,12 +8,13 @@ import uuid from oslo_config import cfg from keystone.tests import unit as tests -from keystone.contrib.moon.core import TenantManager +from keystone.contrib.moon.core import ConfigurationManager from keystone.tests.unit.ksfixtures import database from keystone.contrib.moon.exception import * from keystone.tests.unit import default_fixtures from keystone.contrib.moon.core import LogManager -from keystone.contrib.moon.core import ConfigurationManager +from keystone.contrib.moon.core import IntraExtensionRootManager +from keystone.contrib.moon.core import IntraExtensionAdminManager from keystone.common import dependency from keystone.tests.moon.unit import * @@ -52,7 +53,10 @@ class TestTenantManager(tests.TestCase): def load_extra_backends(self): return { - "moonlog_api": LogManager() + "moonlog_api": LogManager(), + "admin_api": IntraExtensionAdminManager(), + "configuration_api": ConfigurationManager(), + "root_api": IntraExtensionRootManager(), } def config_overrides(self): |