summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--keystone-moon/keystone/contrib/moon/controllers.py7
-rw-r--r--keystone-moon/keystone/contrib/moon/core.py300
-rw-r--r--keystone-moon/keystone/tests/moon/unit/__init__.py21
-rw-r--r--keystone-moon/keystone/tests/moon/unit/test_unit_core_configuration.py19
-rw-r--r--keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py13
-rw-r--r--keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py13
-rw-r--r--keystone-moon/keystone/tests/moon/unit/test_unit_core_log.py10
-rw-r--r--keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py9
8 files changed, 171 insertions, 221 deletions
diff --git a/keystone-moon/keystone/contrib/moon/controllers.py b/keystone-moon/keystone/contrib/moon/controllers.py
index 1d9b2725..8541b477 100644
--- a/keystone-moon/keystone/contrib/moon/controllers.py
+++ b/keystone-moon/keystone/contrib/moon/controllers.py
@@ -15,7 +15,7 @@ CONF = config.CONF
LOG = log.getLogger(__name__)
-@dependency.requires('configuration_api', 'root_api', 'moonlog_api')
+@dependency.requires('configuration_api')
class Configuration(controller.V3Controller):
collection_name = 'configurations'
member_name = 'configuration'
@@ -141,7 +141,7 @@ class Authz_v3(controller.V3Controller):
return {'authz': False, 'comment': unicode(e)}
-@dependency.requires('admin_api', 'authz_api')
+@dependency.requires('admin_api', 'root_api')
class IntraExtensions(controller.V3Controller):
collection_name = 'intra_extensions'
member_name = 'intra_extension'
@@ -210,7 +210,7 @@ class IntraExtensions(controller.V3Controller):
@controller.protected()
def load_root_intra_extension(self, context, **kw):
- self.admin_api.load_root_intra_extension_dict()
+ self.root_api.load_root_intra_extension_dict()
# Metadata functions
@controller.protected()
@@ -346,7 +346,6 @@ class IntraExtensions(controller.V3Controller):
subject_dict['description'] = kw.get('subject_description', None)
subject_dict['password'] = kw.get('subject_password', None)
subject_dict['email'] = kw.get('subject_email', None)
- LOG.debug("controllers.add_subject {}".format(subject_dict))
return self.admin_api.add_subject_dict(user_id, intra_extension_id, subject_dict)
@controller.protected()
diff --git a/keystone-moon/keystone/contrib/moon/core.py b/keystone-moon/keystone/contrib/moon/core.py
index 586356bf..7d3c8ce9 100644
--- a/keystone-moon/keystone/contrib/moon/core.py
+++ b/keystone-moon/keystone/contrib/moon/core.py
@@ -42,34 +42,6 @@ EXTENSION_DATA = {
extension.register_admin_extension(EXTENSION_DATA['alias'], EXTENSION_DATA)
extension.register_public_extension(EXTENSION_DATA['alias'], EXTENSION_DATA)
-# _OPTS = [
-# cfg.StrOpt('configuration_driver',
-# default='keystone.contrib.moon.backends.memory.ConfigurationConnector',
-# help='Configuration backend driver.'),
-# cfg.StrOpt('tenant_driver',
-# default='keystone.contrib.moon.backends.sql.TenantConnector',
-# help='Tenant backend driver.'),
-# cfg.StrOpt('authz_driver',
-# default='keystone.contrib.moon.backends.flat.SuperExtensionConnector',
-# help='Authorisation backend driver.'),
-# cfg.StrOpt('intraextension_driver',
-# default='keystone.contrib.moon.backends.sql.IntraExtensionConnector',
-# help='IntraExtension backend driver.'),
-# cfg.StrOpt('interextension_driver',
-# default='keystone.contrib.moon.backends.sql.InterExtensionConnector',
-# help='InterExtension backend driver.'),
-# cfg.StrOpt('log_driver',
-# default='keystone.contrib.moon.backends.flat.LogConnector',
-# help='Logs backend driver.'),
-# cfg.StrOpt('policy_directory',
-# default='/etc/keystone/policies',
-# help='Local directory where all policies are stored.'),
-# cfg.StrOpt('root_policy_directory',
-# default='policy_root',
-# help='Local directory where Root IntraExtension configuration is stored.'),
-# ]
-# CONF.register_opts(_OPTS, group='moon')
-
def filter_input(func_or_str):
@@ -133,33 +105,18 @@ def filter_input(func_or_str):
def enforce(action_names, object_name, **extra):
- _action_name_list = action_names
- _object_name = object_name
-
- # def get_root_extension(self, args, kwargs):
- # if not ROOT_EXTENSION_ID:
- # global ROOT_EXTENSION_MODEL, ROOT_EXTENSION_ID, ADMIN_ID
- # try:
- # # if it is the first time we passed here, the root extension may be not initialized
- # # specially during unittest. So we raise RootExtensionNotInitialized to authorize the
- # # current creation process
- # if 'intra_extension_dict' in kwargs:
- # intra_extension_dict = kwargs['intra_extension_dict']
- # else:
- # intra_extension_dict = args[2]
- # if isinstance(intra_extension_dict, dict) and \
- # "model" in intra_extension_dict and \
- # intra_extension_dict["model"] == "policy_root":
- # raise RootExtensionNotInitialized()
- # except KeyError:
- # pass
- # return ROOT_EXTENSION_ID
def wrap(func):
+ _action_name_list = action_names
+ _object_name = object_name
+ dependency.resolve_future_dependencies()
def wrapped(*args, **kwargs):
+ root_api = dependency._REGISTRY["root_api"][0]
+ admin_api = dependency._REGISTRY["admin_api"][0]
+ moonlog_api = dependency._REGISTRY["moonlog_api"][0]
+ tenant_api = dependency._REGISTRY["tenant_api"][0]
returned_value_for_func = None
- self = args[0]
try:
user_id = args[1]
except IndexError:
@@ -167,7 +124,7 @@ def enforce(action_names, object_name, **extra):
intra_extension_id = None
intra_admin_extension_id = None
- intra_root_extension_id = self.root_api.get_root_extension_id()
+ intra_root_extension_id = root_api.root_extension_id
try:
intra_extension_id = args[2]
except IndexError:
@@ -176,16 +133,13 @@ def enforce(action_names, object_name, **extra):
else:
intra_extension_id = intra_root_extension_id
- try:
- tenants_dict = self.tenant_api.driver.get_tenants_dict()
- except AttributeError:
- tenants_dict = self.driver.get_tenants_dict()
- if self.root_api.is_admin_subject(user_id):
+ tenants_dict = tenant_api.driver.get_tenants_dict()
+ if root_api.is_admin_subject(user_id):
# TODO: check if there is no security hole here
- self.moonlog_api.driver.info("Authorizing because it is the user admin of the root intra-extension")
+ moonlog_api.driver.info("Authorizing because it is the user admin of the root intra-extension")
returned_value_for_func = func(*args, **kwargs)
else:
- intra_extensions_dict = self.admin_api.driver.get_intra_extensions_dict()
+ intra_extensions_dict = admin_api.driver.get_intra_extensions_dict()
if intra_extension_id not in intra_extensions_dict:
# if id is not an intra_extension, maybe it is a tenant id
intra_extension_id = intra_root_extension_id
@@ -196,19 +150,17 @@ def enforce(action_names, object_name, **extra):
else:
# id is not a known tenant ID, so we must check against the Root intra_extension
intra_extension_id = intra_root_extension_id
- LOG.warning("Cannot enforce because the intra-extension is unknown (fallback to the root intraextension)")
+ LOG.warning("Cannot emanager because the intra-extension is unknown (fallback to the root intraextension)")
for _tenant_id in tenants_dict:
if tenants_dict[_tenant_id]['intra_authz_extension_id'] == intra_extension_id or \
tenants_dict[_tenant_id]['intra_admin_extension_id'] == intra_extension_id:
intra_admin_extension_id = tenants_dict[_tenant_id]['intra_admin_extension_id']
break
if not intra_admin_extension_id:
- self.moonlog_api.driver.warning("No Intra_Admin_Extension found, authorization granted by default.")
+ moonlog_api.driver.warning("No Intra_Admin_Extension found, authorization granted by default.")
returned_value_for_func = func(*args, **kwargs)
else:
- # subjects_dict = self.admin_api.driver.get_subjects_dict(intra_admin_extension_id)
- # keystone_user_id = subjects_dict[subject_id]["keystone_id"]
- objects_dict = self.admin_api.driver.get_objects_dict(intra_admin_extension_id)
+ objects_dict = admin_api.driver.get_objects_dict(intra_admin_extension_id)
object_name = intra_extensions_dict[intra_extension_id]['genre'] + '.' + _object_name
object_id = None
for _object_id in objects_dict:
@@ -216,7 +168,7 @@ def enforce(action_names, object_name, **extra):
object_id = _object_id
break
if not object_id:
- objects_dict = self.admin_api.driver.get_objects_dict(intra_root_extension_id)
+ objects_dict = admin_api.driver.get_objects_dict(intra_root_extension_id)
object_name = object_name.split(".")[-1]
for _object_id in objects_dict:
if objects_dict[_object_id]['name'] == object_name:
@@ -226,7 +178,7 @@ def enforce(action_names, object_name, **extra):
raise ObjectUnknown("Unknown object name: {}".format(object_name))
# if we found the object in intra_root_extension_id, so we change the intra_admin_extension_id
# into intra_root_extension_id and we modify the ID of the subject
- subjects_dict = self.admin_api.driver.get_subjects_dict(intra_admin_extension_id)
+ subjects_dict = admin_api.driver.get_subjects_dict(intra_admin_extension_id)
try:
subject_name = subjects_dict[user_id]["name"]
except KeyError:
@@ -239,7 +191,7 @@ def enforce(action_names, object_name, **extra):
except KeyError:
raise SubjectUnknown()
intra_admin_extension_id = intra_root_extension_id
- subjects_dict = self.admin_api.driver.get_subjects_dict(intra_admin_extension_id)
+ subjects_dict = admin_api.driver.get_subjects_dict(intra_admin_extension_id)
user_id = None
for _subject_id in subjects_dict:
if subjects_dict[_subject_id]["name"] == subject_name:
@@ -250,7 +202,7 @@ def enforce(action_names, object_name, **extra):
action_name_list = (_action_name_list, )
else:
action_name_list = _action_name_list
- actions_dict = self.admin_api.driver.get_actions_dict(intra_admin_extension_id)
+ actions_dict = admin_api.driver.get_actions_dict(intra_admin_extension_id)
action_id_list = list()
for _action_name in action_name_list:
for _action_id in actions_dict:
@@ -260,12 +212,12 @@ def enforce(action_names, object_name, **extra):
authz_result = False
for action_id in action_id_list:
- res = self.admin_api.authz(intra_admin_extension_id, user_id, object_id, action_id)
- self.moonlog_api.info("res={}".format(res))
+ res = admin_api.authz(intra_admin_extension_id, user_id, object_id, action_id)
+ moonlog_api.info("res={}".format(res))
if res:
authz_result = True
else:
- self.moonlog_api.authz("No authorization for ({} {}-{}-{})".format(
+ moonlog_api.authz("No authorization for ({} {}-{}-{})".format(
intra_admin_extension_id,
user_id,
object_name,
@@ -282,7 +234,6 @@ def enforce(action_names, object_name, **extra):
@dependency.provider('configuration_api')
-@dependency.requires('moonlog_api', 'admin_api', 'tenant_api', 'root_api')
class ConfigurationManager(manager.Manager):
driver_namespace = 'keystone.moon.configuration'
@@ -352,7 +303,7 @@ class ConfigurationManager(manager.Manager):
@dependency.provider('tenant_api')
-@dependency.requires('moonlog_api', 'admin_api', 'configuration_api', 'root_api', 'resource_api')
+@dependency.requires('moonlog_api', 'admin_api', 'root_api', 'resource_api', 'admin_api')
class TenantManager(manager.Manager):
driver_namespace = 'keystone.moon.tenant'
@@ -430,16 +381,16 @@ class TenantManager(manager.Manager):
# TODO (ateroide): check whether we can replace the below code by the above one
# NOTE (ateroide): at a first glance: no, subject_id changes depending on which intra_extesion is used
# we must use name which is constant.
- authz_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id'])
+ authz_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.root_admin_id, tenant_dict['intra_authz_extension_id'])
authz_subject_names_list = [authz_subjects_dict[subject_id]["name"] for subject_id in authz_subjects_dict]
- admin_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id'])
+ admin_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.root_admin_id, tenant_dict['intra_admin_extension_id'])
admin_subject_names_list = [admin_subjects_dict[subject_id]["name"] for subject_id in admin_subjects_dict]
for _subject_id in authz_subjects_dict:
if authz_subjects_dict[_subject_id]["name"] not in admin_subject_names_list:
- self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id'], authz_subjects_dict[_subject_id])
+ self.admin_api.add_subject_dict(self.root_api.root_admin_id, tenant_dict['intra_admin_extension_id'], authz_subjects_dict[_subject_id])
for _subject_id in admin_subjects_dict:
if admin_subjects_dict[_subject_id]["name"] not in authz_subject_names_list:
- self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id'], admin_subjects_dict[_subject_id])
+ self.admin_api.add_subject_dict(self.root_api.root_admin_id, tenant_dict['intra_authz_extension_id'], admin_subjects_dict[_subject_id])
return self.driver.add_tenant_dict(tenant_dict['id'], tenant_dict)
@@ -468,37 +419,102 @@ class TenantManager(manager.Manager):
# Sync users between intra_authz_extension and intra_admin_extension
if 'intra_admin_extension_id' in tenant_dict:
if 'intra_authz_extension_id' in tenant_dict:
- authz_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id'])
+ authz_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.root_admin_id, tenant_dict['intra_authz_extension_id'])
authz_subject_names_list = [authz_subjects_dict[subject_id]["name"] for subject_id in authz_subjects_dict]
- admin_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id'])
+ admin_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.root_admin_id, tenant_dict['intra_admin_extension_id'])
admin_subject_names_list = [admin_subjects_dict[subject_id]["name"] for subject_id in admin_subjects_dict]
for _subject_id in authz_subjects_dict:
if authz_subjects_dict[_subject_id]["name"] not in admin_subject_names_list:
- self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id'], authz_subjects_dict[_subject_id])
+ self.admin_api.add_subject_dict(self.root_api.root_admin_id, tenant_dict['intra_admin_extension_id'], authz_subjects_dict[_subject_id])
for _subject_id in admin_subjects_dict:
if admin_subjects_dict[_subject_id]["name"] not in authz_subject_names_list:
- self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id'], admin_subjects_dict[_subject_id])
+ self.admin_api.add_subject_dict(self.root_api.root_admin_id, tenant_dict['intra_authz_extension_id'], admin_subjects_dict[_subject_id])
return self.driver.set_tenant_dict(tenant_id, tenant_dict)
-@dependency.requires('identity_api', 'tenant_api', 'configuration_api', 'authz_api', 'admin_api', 'moonlog_api', 'root_api')
+@dependency.requires('identity_api', 'tenant_api', 'configuration_api', 'moonlog_api')
class IntraExtensionManager(manager.Manager):
driver_namespace = 'keystone.moon.intraextension'
def __init__(self):
super(IntraExtensionManager, self).__init__(CONF.moon.intraextension_driver)
- self.__init_aggregation_algorithm()
+ # self.root_admin_id = self.__compute_admin_id_for_root_extension()
+ self._root_admin_id = None
+ self._root_extension_id = None
+ # self.__init_aggregation_algorithm()
+
+ def __init_root(self, root_extension_id=None):
+ LOG.debug("__init_root {}".format(root_extension_id))
+ LOG.debug(dependency._REGISTRY)
+ if root_extension_id:
+ self._root_extension_id = root_extension_id
+ else:
+ try:
+ self._root_extension_id = self.get_root_extension_id()
+ self.aggregation_algorithm_dict = self.configuration_api.driver.get_aggregation_algorithms_dict()
+ except AttributeError as e:
+ LOG.warning("Error on root intraextension initialization ({})".format(e))
+ self._root_extension_id = None
+ self.aggregation_algorithm_dict = {}
+ if self._root_extension_id:
+ for subject_id, subject_dict in self.driver.get_subjects_dict(self.root_extension_id).iteritems():
+ if subject_dict["name"] == "admin":
+ self._root_admin_id = subject_id
+ return
+ raise RootExtensionNotInitialized()
+
+ @property
+ def root_extension_id(self):
+ if not self._root_extension_id:
+ self.__init_root()
+ return self._root_extension_id
+
+ @root_extension_id.setter
+ def root_extension_id(self, value):
+ self._root_extension_id = value
+ LOG.info("set root_extension_id={}".format(self._root_extension_id))
+
+ @property
+ def root_admin_id(self):
+ if not self._root_admin_id:
+ self.__init_root()
+ return self._root_admin_id
- def __init_aggregation_algorithm(self):
- try:
- self.root_extension_id = self.root_api.get_root_extension_id()
- self.aggregation_algorithm_dict = self.configuration_api.get_aggregation_algorithms_dict(self.root_extension_id)
- except AttributeError as e:
- LOG.warning("Error on init_aggregation_algorithm ({})".format(e))
- self.root_extension_id = None
- self.aggregation_algorithm_dict = {}
+ def get_root_extension_dict(self):
+ """
+
+ :return: {id: {"name": "xxx"}}
+ """
+ LOG.debug("self.driver.get_intra_extensions_dict()={}".format(self.driver.get_intra_extensions_dict()))
+ return {self.root_extension_id: self.driver.get_intra_extensions_dict()[self.root_extension_id]}
+
+ # def __compute_admin_id_for_root_extension(self):
+ # for subject_id, subject_dict in self.driver.get_subjects_dict(self.root_extension_id).iteritems():
+ # if subject_dict["name"] == "admin":
+ # return subject_id
+ # raise RootExtensionNotInitialized()
+
+ def get_root_extension_id(self):
+ extensions = self.driver.get_intra_extensions_dict()
+ for extension_id, extension_dict in extensions.iteritems():
+ if extension_dict["name"] == CONF.moon.root_policy_directory:
+ return extension_id
+ else:
+ extension = self.load_root_intra_extension_dict(CONF.moon.root_policy_directory)
+ if not extension:
+ raise IntraExtensionCreationError("The root extension is not created.")
+ return extension['id']
+
+ # def __init_aggregation_algorithm(self):
+ # try:
+ # self._root_extension_id = self.get_root_extension_id()
+ # self.aggregation_algorithm_dict = self.configuration_api.get_aggregation_algorithms_dict(self.root_extension_id)
+ # except AttributeError as e:
+ # LOG.warning("Error on init_aggregation_algorithm ({})".format(e))
+ # self._root_extension_id = None
+ # self.aggregation_algorithm_dict = {}
def __get_authz_buffer(self, intra_extension_id, subject_id, object_id, action_id):
"""
@@ -586,8 +602,8 @@ class IntraExtensionManager(manager.Manager):
meta_rule_dict[sub_meta_rule_id],
self.driver.get_rules_dict(intra_extension_id, sub_meta_rule_id).values())
- if not self.root_extension_id:
- self.__init_aggregation_algorithm()
+ # if not self.root_extension_id:
+ # self.__init_aggregation_algorithm()
aggregation_algorithm_id = self.driver.get_aggregation_algorithm_id(intra_extension_id)['aggregation_algorithm']
if self.aggregation_algorithm_dict[aggregation_algorithm_id]['name'] == 'all_true':
decision = all_true(decision_buffer)
@@ -662,7 +678,8 @@ class IntraExtensionManager(manager.Manager):
except exception.UserNotFound:
# TODO (asteroide): must add a configuration option to allow that exception
# maybe a debug option for unittest
- keystone_user = {'id': "", 'name': _subject}
+ keystone_user = {'id': uuid4().hex, 'name': _subject}
+ self.moonlog_api.error("Keystone user not found ({})".format(_subject))
subject_id = uuid4().hex
subject_dict[subject_id] = keystone_user
subject_dict[subject_id]['keystone_id'] = keystone_user["id"]
@@ -897,10 +914,15 @@ class IntraExtensionManager(manager.Manager):
# Note (asteroide): Only one root Extension is authorized
# and this extension is created at the very beginning of the server
# so we don't need to use enforce here
- for key in self.driver.get_intra_extensions_dict():
- # Note (asteroide): if there is at least one Intra Extension, it implies that
- # the Root Intra Extension had already been created...
- return
+ # if self.get_root_extension_id():
+ # # for ext in self.driver.get_intra_extensions_dict():
+ # # Note (asteroide): if there is at least one Intra Extension, it implies that
+ # # the Root Intra Extension had already been created...
+ # return
+ extensions = self.driver.get_intra_extensions_dict()
+ for extension_id, extension_dict in extensions.iteritems():
+ if extension_dict["name"] == CONF.moon.root_policy_directory:
+ return {'id': extension_id}
ie_dict = dict()
ie_dict['id'] = uuid4().hex
ie_dict["name"] = "policy_root"
@@ -908,10 +930,10 @@ class IntraExtensionManager(manager.Manager):
ie_dict["genre"] = "admin"
ie_dict["description"] = "policy_root"
ref = self.driver.set_intra_extension_dict(ie_dict['id'], ie_dict)
- try:
- self.moonlog_api.debug("Creation of root IE: {}".format(ref))
- except AttributeError:
- LOG.debug("Creation of root IE: {}".format(ref))
+ # try:
+ self.moonlog_api.debug("Creation of root IE: {}".format(ref))
+ # except AttributeError:
+ # LOG.debug("Creation of root IE: {}".format(ref))
# read the template given by "model" and populate default variables
template_dir = os.path.join(CONF.moon.policy_directory, ie_dict["model"])
@@ -921,6 +943,7 @@ class IntraExtensionManager(manager.Manager):
self.__load_assignment_file(ie_dict, template_dir)
self.__load_metarule_file(ie_dict, template_dir)
self.__load_rule_file(ie_dict, template_dir)
+ self.__init_root(root_extension_id=ie_dict['id'])
return ref
@enforce("read", "intra_extensions")
@@ -1209,9 +1232,9 @@ class IntraExtensionManager(manager.Manager):
if intra_extension_id not in (tenants_dict[tenant_id]['intra_authz_extension_id'],
tenants_dict[tenant_id]['intra_admin_extension_id'], ):
raise IntraExtensionUnknown()
- # Note (asteroide): We used self.root_api.get_root_admin_id() because the user requesting this information
+ # Note (asteroide): We used self.root_admin_id because the user requesting this information
# may only know his keystone_id and not the subject ID in the requested intra_extension.
- subjects_dict = self.get_subjects_dict(self.root_api.get_root_admin_id(), intra_extension_id)
+ subjects_dict = self.get_subjects_dict(self.root_admin_id, intra_extension_id)
for subject_id in subjects_dict:
if keystone_id == subjects_dict[subject_id]['keystone_id']:
return {subject_id: subjects_dict[subject_id]}
@@ -1224,9 +1247,9 @@ class IntraExtensionManager(manager.Manager):
if intra_extension_id not in (tenants_dict[tenant_id]['intra_authz_extension_id'],
tenants_dict[tenant_id]['intra_admin_extension_id'], ):
raise IntraExtensionUnknown()
- # Note (asteroide): We used self.root_api.get_root_admin_id() because the user requesting this information
+ # Note (asteroide): We used self.root_admin_id because the user requesting this information
# may only know his keystone_name and not the subject ID in the requested intra_extension.
- subjects_dict = self.get_subjects_dict(self.root_api.get_root_admin_id(), intra_extension_id)
+ subjects_dict = self.get_subjects_dict(self.root_admin_id, intra_extension_id)
for subject_id in subjects_dict:
if keystone_name == subjects_dict[subject_id]['keystone_name']:
return {subject_id: subjects_dict[subject_id]}
@@ -1682,7 +1705,7 @@ class IntraExtensionManager(manager.Manager):
def set_aggregation_algorithm_id(self, user_id, intra_extension_id, aggregation_algorithm_id):
if aggregation_algorithm_id:
if aggregation_algorithm_id not in self.configuration_api.get_aggregation_algorithms_dict(
- self.root_api.get_root_admin_id()):
+ self.root_admin_id):
raise AggregationAlgorithmUnknown()
return self.driver.set_aggregation_algorithm_id(intra_extension_id, aggregation_algorithm_id)
@@ -1814,7 +1837,6 @@ class IntraExtensionManager(manager.Manager):
@dependency.provider('authz_api')
-#@dependency.requires('resource_api')
class IntraExtensionAuthzManager(IntraExtensionManager):
def __init__(self):
@@ -1829,7 +1851,7 @@ class IntraExtensionAuthzManager(IntraExtensionManager):
elif genre == "admin":
genre = "intra_admin_extension_id"
- tenants_dict = self.tenant_api.get_tenants_dict(self.root_api.get_root_admin_id())
+ tenants_dict = self.tenant_api.get_tenants_dict(self.root_admin_id)
if tenant_id not in tenants_dict:
# raise TenantUnknown("Cannot authz because Tenant is unknown {}".format(tenant_id))
@@ -1868,7 +1890,7 @@ class IntraExtensionAuthzManager(IntraExtensionManager):
def add_subject_dict(self, user_id, intra_extension_id, subject_dict):
subject = super(IntraExtensionAuthzManager, self).add_subject_dict(user_id, intra_extension_id, subject_dict)
subject_id, subject_value = subject.iteritems().next()
- tenants_dict = self.tenant_api.get_tenants_dict(self.root_api.get_root_admin_id())
+ tenants_dict = self.tenant_api.get_tenants_dict(self.root_admin_id)
for tenant_id in tenants_dict:
if tenants_dict[tenant_id]["intra_admin_extension_id"] and \
tenants_dict[tenant_id]["intra_authz_extension_id"] == intra_extension_id:
@@ -1887,7 +1909,7 @@ class IntraExtensionAuthzManager(IntraExtensionManager):
def del_subject(self, user_id, intra_extension_id, subject_id):
subject_name = self.driver.get_subjects_dict(intra_extension_id)[subject_id]["name"]
super(IntraExtensionAuthzManager, self).del_subject(user_id, intra_extension_id, subject_id)
- tenants_dict = self.tenant_api.get_tenants_dict(self.root_api.get_root_admin_id())
+ tenants_dict = self.tenant_api.get_tenants_dict(self.root_admin_id)
for tenant_id in tenants_dict:
if tenants_dict[tenant_id]["intra_authz_extension_id"] == intra_extension_id and \
tenants_dict[tenant_id]["intra_admin_extension_id"]:
@@ -1907,7 +1929,7 @@ class IntraExtensionAuthzManager(IntraExtensionManager):
def set_subject_dict(self, user_id, intra_extension_id, subject_id, subject_dict):
subject = super(IntraExtensionAuthzManager, self).set_subject_dict(user_id, intra_extension_id, subject_dict)
subject_id, subject_value = subject.iteritems().next()
- tenants_dict = self.tenant_api.get_tenants_dict(self.root_api.get_root_admin_id())
+ tenants_dict = self.tenant_api.get_tenants_dict(self.root_admin_id)
for tenant_id in tenants_dict:
if tenants_dict[tenant_id]["intra_authz_extension_id"] == intra_extension_id:
self.driver.set_subject_dict(tenants_dict[tenant_id]["intra_admin_extension_id"], uuid4().hex, subject_value)
@@ -2024,7 +2046,6 @@ class IntraExtensionAuthzManager(IntraExtensionManager):
@dependency.provider('admin_api')
-#@dependency.requires('resource_api')
class IntraExtensionAdminManager(IntraExtensionManager):
def __init__(self):
@@ -2033,7 +2054,7 @@ class IntraExtensionAdminManager(IntraExtensionManager):
def add_subject_dict(self, user_id, intra_extension_id, subject_dict):
subject = super(IntraExtensionAdminManager, self).add_subject_dict(user_id, intra_extension_id, subject_dict)
subject_id, subject_value = subject.iteritems().next()
- tenants_dict = self.tenant_api.get_tenants_dict(self.root_api.get_root_admin_id())
+ tenants_dict = self.tenant_api.get_tenants_dict(self.root_admin_id)
for tenant_id in tenants_dict:
if tenants_dict[tenant_id]["intra_admin_extension_id"] and \
tenants_dict[tenant_id]["intra_authz_extension_id"] == intra_extension_id:
@@ -2052,7 +2073,7 @@ class IntraExtensionAdminManager(IntraExtensionManager):
def del_subject(self, user_id, intra_extension_id, subject_id):
subject_name = self.driver.get_subjects_dict(intra_extension_id)[subject_id]["name"]
super(IntraExtensionAdminManager, self).del_subject(user_id, intra_extension_id, subject_id)
- tenants_dict = self.tenant_api.get_tenants_dict(self.root_api.get_root_admin_id())
+ tenants_dict = self.tenant_api.get_tenants_dict(self.root_admin_id)
for tenant_id in tenants_dict:
if tenants_dict[tenant_id]["intra_authz_extension_id"] == intra_extension_id and \
tenants_dict[tenant_id]["intra_admin_extension_id"]:
@@ -2072,7 +2093,7 @@ class IntraExtensionAdminManager(IntraExtensionManager):
def set_subject_dict(self, user_id, intra_extension_id, subject_id, subject_dict):
subject = super(IntraExtensionAdminManager, self).set_subject_dict(user_id, intra_extension_id, subject_dict)
subject_id, subject_value = subject.iteritems().next()
- tenants_dict = self.tenant_api.get_tenants_dict(self.root_api.get_root_admin_id())
+ tenants_dict = self.tenant_api.get_tenants_dict(self.root_admin_id)
for tenant_id in tenants_dict:
if tenants_dict[tenant_id]["intra_authz_extension_id"] == intra_extension_id:
self.driver.set_subject_dict(tenants_dict[tenant_id]["intra_admin_extension_id"], uuid4().hex, subject_value)
@@ -2083,75 +2104,45 @@ class IntraExtensionAdminManager(IntraExtensionManager):
return subject
def add_object_dict(self, user_id, intra_extension_id, object_name):
- if "admin" == self.get_intra_extension_dict(self.root_api.get_root_admin_id(), intra_extension_id)['genre']:
+ if "admin" == self.get_intra_extension_dict(self.root_admin_id, intra_extension_id)['genre']:
raise ObjectsWriteNoAuthorized()
return super(IntraExtensionAdminManager, self).add_object_dict(user_id, intra_extension_id, object_name)
def set_object_dict(self, user_id, intra_extension_id, object_id, object_dict):
- if "admin" == self.get_intra_extension_dict(self.root_api.get_root_admin_id(), intra_extension_id)['genre']:
+ if "admin" == self.get_intra_extension_dict(self.root_admin_id, intra_extension_id)['genre']:
raise ObjectsWriteNoAuthorized()
return super(IntraExtensionAdminManager, self).set_object_dict(user_id, intra_extension_id, object_id, object_dict)
def del_object(self, user_id, intra_extension_id, object_id):
- if "admin" == self.get_intra_extension_dict(self.root_api.get_root_admin_id(), intra_extension_id)['genre']:
+ if "admin" == self.get_intra_extension_dict(self.root_admin_id, intra_extension_id)['genre']:
raise ObjectsWriteNoAuthorized()
return super(IntraExtensionAdminManager, self).del_object(user_id, intra_extension_id, object_id)
def add_action_dict(self, user_id, intra_extension_id, action_name):
- if "admin" == self.get_intra_extension_dict(self.root_api.get_root_admin_id(), intra_extension_id)['genre']:
+ if "admin" == self.get_intra_extension_dict(self.root_admin_id, intra_extension_id)['genre']:
raise ActionsWriteNoAuthorized()
return super(IntraExtensionAdminManager, self).add_action_dict(user_id, intra_extension_id, action_name)
def set_action_dict(self, user_id, intra_extension_id, action_id, action_dict):
- if "admin" == self.get_intra_extension_dict(self.root_api.get_root_admin_id(), intra_extension_id)['genre']:
+ if "admin" == self.get_intra_extension_dict(self.root_admin_id, intra_extension_id)['genre']:
raise ActionsWriteNoAuthorized()
return super(IntraExtensionAdminManager, self).set_action_dict(user_id, intra_extension_id, action_id, action_dict)
def del_action(self, user_id, intra_extension_id, action_id):
- if "admin" == self.get_intra_extension_dict(self.root_api.get_root_admin_id(), intra_extension_id)['genre']:
+ if "admin" == self.get_intra_extension_dict(self.root_admin_id, intra_extension_id)['genre']:
raise ActionsWriteNoAuthorized()
return super(IntraExtensionAdminManager, self).del_action(user_id, intra_extension_id, action_id)
@dependency.provider('root_api')
-@dependency.requires('admin_api', 'moonlog_api')
+@dependency.requires('identity_api')
class IntraExtensionRootManager(IntraExtensionManager):
def __init__(self):
super(IntraExtensionRootManager, self).__init__()
- extensions = self.admin_api.driver.get_intra_extensions_dict()
- for extension_id, extension_dict in extensions.iteritems():
- if extension_dict["name"] == CONF.moon.root_policy_directory:
- self.root_extension_id = extension_id
- break
- else:
- extension = self.admin_api.load_root_intra_extension_dict(CONF.moon.root_policy_directory)
- if not extension:
- raise IntraExtensionCreationError("The root extension is not created.")
- self.root_extension_id = extension['id']
- self.root_admin_id = self.__compute_admin_id_for_root_extension()
-
- def get_root_extension_dict(self):
- """
-
- :return: {id: {"name": "xxx"}}
- """
- return {self.root_extension_id: self.admin_api.driver.get_intra_extensions_dict()[self.root_extension_id]}
-
- def __compute_admin_id_for_root_extension(self):
- for subject_id, subject_dict in self.admin_api.driver.get_subjects_dict(self.root_extension_id).iteritems():
- if subject_dict["name"] == "admin":
- return subject_id
- raise RootExtensionNotInitialized()
-
- def get_root_extension_id(self):
- return self.root_extension_id
-
- def get_root_admin_id(self):
- return self.root_admin_id
def is_admin_subject(self, keystone_id):
- for subject_id, subject_dict in self.admin_api.driver.get_subjects_dict(self.root_extension_id).iteritems():
+ for subject_id, subject_dict in self.driver.get_subjects_dict(self.root_extension_id).iteritems():
if subject_id == keystone_id:
# subject_id may be a true id from an intra_extension
return True
@@ -2159,9 +2150,8 @@ class IntraExtensionRootManager(IntraExtensionManager):
return True
return False
+
@dependency.provider('moonlog_api')
-# Next line is mandatory in order to force keystone to process dependencies.
-#@dependency.requires('identity_api', 'tenant_api', 'configuration_api', 'authz_api', 'admin_api', 'root_api')
class LogManager(manager.Manager):
driver_namespace = 'keystone.moon.log'
diff --git a/keystone-moon/keystone/tests/moon/unit/__init__.py b/keystone-moon/keystone/tests/moon/unit/__init__.py
index 149585cd..bf3c1d1e 100644
--- a/keystone-moon/keystone/tests/moon/unit/__init__.py
+++ b/keystone-moon/keystone/tests/moon/unit/__init__.py
@@ -24,28 +24,12 @@ def create_intra_extension(self, policy_model="policy_authz"):
if "authz" in policy_model:
genre = "authz"
IE["genre"] = genre
- ref = self.admin_api.load_intra_extension_dict(self.root_api.get_root_admin_id(),
+ ref = self.admin_api.load_intra_extension_dict(self.root_api.root_admin_id,
intra_extension_dict=IE)
self.assertIsInstance(ref, dict)
return ref
-# def create_tenant(self, authz_uuid):
-# tenant = {
-# "id": uuid.uuid4().hex,
-# "name": "TestAuthzIntraExtensionManager",
-# "enabled": True,
-# "description": "",
-# "domain_id": "default"
-# }
-# project = self.resource_api.create_project(tenant["id"], tenant)
-# mapping = self.tenant_api.set_tenant_dict(project["id"], project["name"], authz_uuid, None)
-# self.assertIsInstance(mapping, dict)
-# self.assertIn("authz", mapping)
-# self.assertEqual(mapping["authz"], authz_uuid)
-# return mapping
-
-
def create_user(self, username="TestAdminIntraExtensionManagerUser"):
user = {
"id": uuid.uuid4().hex,
@@ -57,6 +41,7 @@ def create_user(self, username="TestAdminIntraExtensionManagerUser"):
_user = self.identity_api.create_user(user)
return _user
+
def create_mapping(self, tenant_name=None, authz_id=None, admin_id=None):
if not tenant_name:
@@ -72,7 +57,7 @@ def create_mapping(self, tenant_name=None, authz_id=None, admin_id=None):
"domain_id": "default"
}
keystone_tenant = self.resource_api.create_project(tenant["id"], tenant)
- mapping = self.tenant_api.add_tenant_dict(self.root_api.get_root_admin_id(), tenant["id"], tenant)
+ mapping = self.tenant_api.add_tenant_dict(self.root_api.root_admin_id, tenant["id"], tenant)
self.assertIsInstance(mapping, dict)
self.assertIn("intra_authz_extension_id", mapping[tenant["id"]])
self.assertIn("intra_admin_extension_id", mapping[tenant["id"]])
diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_configuration.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_configuration.py
index 8aa8bcd9..8bd6cb4f 100644
--- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_configuration.py
+++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_configuration.py
@@ -5,12 +5,9 @@
"""Unit tests for core configuration."""
-import uuid
from oslo_config import cfg
from keystone.tests import unit as tests
-from keystone.contrib.moon.core import ConfigurationManager
from keystone.tests.unit.ksfixtures import database
-from keystone.contrib.moon.exception import *
from keystone.tests.unit import default_fixtures
from keystone.contrib.moon.core import LogManager
from keystone.contrib.moon.core import IntraExtensionAdminManager
@@ -22,7 +19,6 @@ from keystone.tests.moon.unit import *
CONF = cfg.CONF
-# @dependency.requires('admin_api', 'authz_api', 'tenant_api', 'configuration_api', 'moonlog_api')
class TestConfigurationManager(tests.TestCase):
def setUp(self):
@@ -34,9 +30,10 @@ class TestConfigurationManager(tests.TestCase):
self.resource_api.create_domain(domain['id'], domain)
self.admin = create_user(self, username="admin")
self.demo = create_user(self, username="demo")
+ self.root_api.load_root_intra_extension_dict()
self.root_intra_extension = self.root_api.get_root_extension_dict()
self.root_intra_extension_id = self.root_intra_extension.keys()[0]
- self.ADMIN_ID = self.root_api.get_root_admin_id()
+ self.ADMIN_ID = self.root_api.root_admin_id
self.authz_manager = self.authz_api
self.admin_manager = self.admin_api
self.configuration_manager = self.configuration_api
@@ -72,15 +69,3 @@ class TestConfigurationManager(tests.TestCase):
self.assertIsInstance(data, dict)
self.assertIn("policy_root", data)
- # def test_get_aggregation_algorithm_dict(self):
- # admin_intra_extension = create_intra_extension(self, policy_model="policy_rbac_admin")
- # print(admin_intra_extension)
- # data = self.manager.get_aggregation_algorithm_dict(self.ADMIN_ID, admin_intra_extension['id'])
- # print(data)
-
- # def test_get_sub_meta_rule_algorithm_dict(self):
- # data = self.manager.get_sub_meta_rule_algorithm_dict(self.ADMIN_ID)
- # print(data)
- #
- # self.assertEqual("", "ee")
-
diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py
index 424e4cbb..d3f088c0 100644
--- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py
+++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py
@@ -5,15 +5,11 @@
"""Unit tests for core IntraExtensionAdminManager"""
-import json
-import os
-import uuid
from oslo_config import cfg
from keystone.tests import unit as tests
from keystone.contrib.moon.core import IntraExtensionAdminManager, IntraExtensionAuthzManager
-from keystone.contrib.moon.core import IntraExtensionRootManager, ConfigurationManager
+from keystone.contrib.moon.core import ConfigurationManager
from keystone.tests.unit.ksfixtures import database
-from keystone import resource
from keystone.contrib.moon.exception import *
from keystone.tests.unit import default_fixtures
from keystone.contrib.moon.core import LogManager, TenantManager
@@ -47,9 +43,10 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
self.resource_api.create_domain(domain['id'], domain)
self.admin = create_user(self, username="admin")
self.demo = create_user(self, username="demo")
+ self.root_api.load_root_intra_extension_dict()
self.root_intra_extension = self.root_api.get_root_extension_dict()
self.root_intra_extension_id = self.root_intra_extension.keys()[0]
- self.ADMIN_ID = self.root_api.get_root_admin_id()
+ self.ADMIN_ID = self.root_api.root_admin_id
self.authz_manager = self.authz_api
self.admin_manager = self.admin_api
@@ -63,7 +60,6 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
"admin_api": IntraExtensionAdminManager(),
"authz_api": IntraExtensionAuthzManager(),
"configuration_api": ConfigurationManager(),
- # "resource_api": resource.Manager(),
}
def config_overrides(self):
@@ -969,9 +965,10 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
self.resource_api.create_domain(domain['id'], domain)
self.admin = create_user(self, username="admin")
self.demo = create_user(self, username="demo")
+ self.root_api.load_root_intra_extension_dict()
self.root_intra_extension = self.root_api.get_root_extension_dict()
self.root_intra_extension_id = self.root_intra_extension.keys()[0]
- self.ADMIN_ID = self.root_api.get_root_admin_id()
+ self.ADMIN_ID = self.root_api.root_admin_id
self.authz_manager = self.authz_api
self.admin_manager = self.admin_api
diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py
index afe0e7f2..172c6b6d 100644
--- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py
+++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py
@@ -5,15 +5,11 @@
"""Unit tests for core IntraExtensionAuthzManager"""
-import json
-import os
-import uuid
from oslo_config import cfg
from keystone.tests import unit as tests
from keystone.contrib.moon.core import IntraExtensionAdminManager, IntraExtensionAuthzManager, IntraExtensionRootManager
from keystone.contrib.moon.core import ConfigurationManager
from keystone.tests.unit.ksfixtures import database
-from keystone import resource
from keystone.contrib.moon.exception import *
from keystone.tests.unit import default_fixtures
from keystone.contrib.moon.core import LogManager, TenantManager
@@ -33,7 +29,7 @@ IE = {
"description": "a simple description."
}
-#@dependency.requires('admin_api', 'authz_api', 'tenant_api', 'configuration_api', 'moonlog_api')
+
class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase):
def setUp(self):
@@ -45,9 +41,10 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase):
self.resource_api.create_domain(domain['id'], domain)
self.admin = create_user(self, username="admin")
self.demo = create_user(self, username="demo")
+ self.root_api.load_root_intra_extension_dict()
self.root_intra_extension = self.root_api.get_root_extension_dict()
self.root_intra_extension_id = self.root_intra_extension.keys()[0]
- self.ADMIN_ID = self.root_api.get_root_admin_id()
+ self.ADMIN_ID = self.root_api.root_admin_id
self.authz_manager = self.authz_api
self.admin_manager = self.admin_api
@@ -938,7 +935,6 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase):
# TODO: add test for the delete function
-#@dependency.requires('admin_api', 'authz_api', 'tenant_api', 'configuration_api', 'moonlog_api', 'identity_api', 'root_api')
class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
def setUp(self):
@@ -950,9 +946,10 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
self.resource_api.create_domain(domain['id'], domain)
self.admin = create_user(self, username="admin")
self.demo = create_user(self, username="demo")
+ self.root_api.load_root_intra_extension_dict()
self.root_intra_extension = self.root_api.get_root_extension_dict()
self.root_intra_extension_id = self.root_intra_extension.keys()[0]
- self.ADMIN_ID = self.root_api.get_root_admin_id()
+ self.ADMIN_ID = self.root_api.root_admin_id
self.authz_manager = self.authz_api
self.admin_manager = self.admin_api
diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_log.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_log.py
index 06864cc5..7d205bc9 100644
--- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_log.py
+++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_log.py
@@ -5,16 +5,12 @@
"""Unit tests for LogManager"""
-import json
-import os
-import uuid
import time
from oslo_config import cfg
from keystone.tests import unit as tests
from keystone.contrib.moon.core import ConfigurationManager
from keystone.contrib.moon.core import IntraExtensionAuthzManager
from keystone.tests.unit.ksfixtures import database
-from keystone import resource
from keystone.contrib.moon.exception import *
from keystone.tests.unit import default_fixtures
from keystone.contrib.moon.core import LogManager, TenantManager
@@ -36,7 +32,7 @@ IE = {
TIME_FORMAT = '%Y-%m-%d-%H:%M:%S'
-@dependency.requires('admin_api', 'tenant_api', 'configuration_api')
+
class TestIntraExtensionAdminManager(tests.TestCase):
def setUp(self):
@@ -48,9 +44,10 @@ class TestIntraExtensionAdminManager(tests.TestCase):
self.resource_api.create_domain(domain['id'], domain)
self.admin = create_user(self, username="admin")
self.demo = create_user(self, username="demo")
+ self.root_api.load_root_intra_extension_dict()
self.root_intra_extension = self.root_api.get_root_extension_dict()
self.root_intra_extension_id = self.root_intra_extension.keys()[0]
- self.ADMIN_ID = self.root_api.get_root_admin_id()
+ self.ADMIN_ID = self.root_api.root_admin_id
self.authz_manager = self.authz_api
self.admin_manager = self.admin_api
self.tenant_manager = self.tenant_api
@@ -64,7 +61,6 @@ class TestIntraExtensionAdminManager(tests.TestCase):
"authz_api": IntraExtensionAuthzManager(),
"tenant_api": TenantManager(),
"configuration_api": ConfigurationManager(),
- # "resource_api": resource.Manager(),
}
def config_overrides(self):
diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py
index 99fb5965..a74bc240 100644
--- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py
+++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py
@@ -5,7 +5,6 @@
"""Unit tests for core tenant."""
-import uuid
from oslo_config import cfg
from keystone.tests import unit as tests
from keystone.contrib.moon.core import ConfigurationManager
@@ -15,7 +14,7 @@ from keystone.tests.unit import default_fixtures
from keystone.contrib.moon.core import LogManager
from keystone.contrib.moon.core import IntraExtensionRootManager
from keystone.contrib.moon.core import IntraExtensionAdminManager
-from keystone.common import dependency
+from keystone.contrib.moon.core import IntraExtensionAuthzManager
from keystone.tests.moon.unit import *
@@ -31,7 +30,7 @@ IE = {
"description": "a simple description."
}
-@dependency.requires('admin_api', 'tenant_api', 'configuration_api')
+
class TestTenantManager(tests.TestCase):
ADMIN_ID = None
@@ -44,9 +43,10 @@ class TestTenantManager(tests.TestCase):
self.resource_api.create_domain(domain['id'], domain)
self.admin = create_user(self, username="admin")
self.demo = create_user(self, username="demo")
+ self.root_api.load_root_intra_extension_dict()
self.root_intra_extension = self.root_api.get_root_extension_dict()
self.root_intra_extension_id = self.root_intra_extension.keys()[0]
- self.ADMIN_ID = self.root_api.get_root_admin_id()
+ self.ADMIN_ID = self.root_api.root_admin_id
self.authz_manager = self.authz_api
self.admin_manager = self.admin_api
self.tenant_manager = self.tenant_api
@@ -55,6 +55,7 @@ class TestTenantManager(tests.TestCase):
return {
"moonlog_api": LogManager(),
"admin_api": IntraExtensionAdminManager(),
+ "authz_api": IntraExtensionAuthzManager(),
"configuration_api": ConfigurationManager(),
"root_api": IntraExtensionRootManager(),
}