aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--keystone-moon/keystone/contrib/moon/backends/sql.py12
-rw-r--r--keystone-moon/keystone/contrib/moon/core.py98
-rw-r--r--keystone-moon/keystone/contrib/moon/exception.py371
-rw-r--r--keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py80
-rw-r--r--keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py8
5 files changed, 427 insertions, 142 deletions
diff --git a/keystone-moon/keystone/contrib/moon/backends/sql.py b/keystone-moon/keystone/contrib/moon/backends/sql.py
index 5f76e235..1b164dec 100644
--- a/keystone-moon/keystone/contrib/moon/backends/sql.py
+++ b/keystone-moon/keystone/contrib/moon/backends/sql.py
@@ -17,7 +17,7 @@ from keystone.contrib.moon import IntraExtensionDriver
from keystone.contrib.moon import TenantDriver
# from keystone.contrib.moon import InterExtensionDriver
-from keystone.contrib.moon.exception import TenantError, TenantListEmptyError
+from keystone.contrib.moon.exception import TenantException, TenantListEmpty
CONF = config.CONF
LOG = log.getLogger(__name__)
@@ -862,7 +862,7 @@ class IntraExtensionConnector(IntraExtensionDriver):
raise IntraExtensionNotFound()
result = copy.deepcopy(ref.to_dict())
if subject_category not in result["subject_category_scope"].keys():
- raise CategoryNotFound()
+ raise AuthzMetadata()
result["subject_category_scope"] = {subject_category: result["subject_category_scope"][subject_category]}
return result
@@ -942,7 +942,7 @@ class IntraExtensionConnector(IntraExtensionDriver):
raise IntraExtensionNotFound()
result = copy.deepcopy(ref.to_dict())
if object_category not in result["object_category_scope"].keys():
- raise CategoryNotFound()
+ raise AuthzMetadata()
result["object_category_scope"] = {object_category: result["object_category_scope"][object_category]}
return result
@@ -1022,7 +1022,7 @@ class IntraExtensionConnector(IntraExtensionDriver):
raise IntraExtensionNotFound()
result = copy.deepcopy(ref.to_dict())
if action_category not in result["action_category_scope"].keys():
- raise CategoryNotFound("Unknown category id {}/{}".format(action_category, result["action_category_scope"].keys()))
+ raise AuthzMetadata("Unknown category id {}/{}".format(action_category, result["action_category_scope"].keys()))
result["action_category_scope"] = {action_category: result["action_category_scope"][action_category]}
return result
@@ -1442,7 +1442,7 @@ class TenantConnector(TenantDriver):
# ref = query.first().to_dict()
tenants = query.all()
if not tenants:
- raise TenantListEmptyError()
+ raise TenantListEmpty()
return {tenant.id: Tenant.to_dict(tenant) for tenant in tenants}
# return [Tenant.to_dict(tenant) for tenant in tenants]
@@ -1474,7 +1474,7 @@ class TenantConnector(TenantDriver):
if attr != 'id':
setattr(ref, attr, getattr(new_tenant, attr))
return Tenant.to_dict(ref)
- raise TenantError()
+ raise TenantException()
# class InterExtension(sql.ModelBase, sql.DictBase):
diff --git a/keystone-moon/keystone/contrib/moon/core.py b/keystone-moon/keystone/contrib/moon/core.py
index 1dc23c4a..aa7fd884 100644
--- a/keystone-moon/keystone/contrib/moon/core.py
+++ b/keystone-moon/keystone/contrib/moon/core.py
@@ -150,20 +150,20 @@ class TenantManager(manager.Manager):
"""
try:
return self.driver.get_tenant_dict()
- except TenantListEmptyError:
+ except TenantListEmpty:
self.moonlog_api.error(_("Tenant Mapping list is empty."))
return {}
def get_tenant_name(self, tenant_uuid):
_tenant_dict = self.get_tenant_dict()
if tenant_uuid not in _tenant_dict:
- raise TenantNotFoundError(_("Tenant UUID ({}) was not found.".format(tenant_uuid)))
+ raise TenantNotFound(_("Tenant UUID ({}) was not found.".format(tenant_uuid)))
return _tenant_dict[tenant_uuid]["name"]
def set_tenant_name(self, tenant_uuid, tenant_name):
_tenant_dict = self.get_tenant_dict()
if tenant_uuid not in _tenant_dict:
- raise TenantNotFoundError(_("Tenant UUID ({}) was not found.".format(tenant_uuid)))
+ raise TenantNotFound(_("Tenant UUID ({}) was not found.".format(tenant_uuid)))
_tenant_dict[tenant_uuid]['name'] = tenant_name
return self.driver.set_tenant_dict(_tenant_dict)
@@ -177,7 +177,7 @@ class TenantManager(manager.Manager):
# 1 tenant only with 1 authz extension and 1 admin extension
_tenant_dict = self.get_tenant_dict()
if tenant_uuid not in _tenant_dict:
- raise TenantNotFoundError(_("Tenant UUID ({}) was not found.".format(tenant_uuid)))
+ raise TenantNotFound(_("Tenant UUID ({}) was not found.".format(tenant_uuid)))
if not _tenant_dict[tenant_uuid][scope]:
raise IntraExtensionNotFound(_("No IntraExtension found for Tenant {}.".format(tenant_uuid)))
return _tenant_dict[tenant_uuid][scope]
@@ -186,7 +186,7 @@ class TenantManager(manager.Manager):
for _tenant_uuid, _tenant_value in six.iteritems(self.get_tenant_dict()):
if extension_uuid == _tenant_value["authz"] or extension_uuid == _tenant_value["admin"]:
return _tenant_uuid
- raise TenantNotFoundError()
+ raise TenantNotFound()
def get_admin_extension_uuid(self, authz_extension_uuid):
_tenants = self.get_tenant_dict()
@@ -702,7 +702,7 @@ class IntraExtensionManager(manager.Manager):
for _cat in subject_category.keys():
try:
_ = self.driver.get_subject_category_scope_dict(intra_extension_uuid, _cat)
- except CategoryNotFound:
+ except AuthzMetadata:
self.driver.set_subject_category_scope_dict(intra_extension_uuid, _cat, {})
return subject_category_dict
@@ -733,7 +733,7 @@ class IntraExtensionManager(manager.Manager):
for _cat in object_category.keys():
try:
_ = self.driver.get_object_category_scope_dict(intra_extension_uuid, _cat)
- except CategoryNotFound:
+ except AuthzMetadata:
self.driver.set_object_category_scope_dict(intra_extension_uuid, _cat, {})
return object_category_dict
@@ -764,7 +764,7 @@ class IntraExtensionManager(manager.Manager):
for _cat in action_category.keys():
try:
_ = self.driver.get_action_category_scope_dict(intra_extension_uuid, _cat)
- except CategoryNotFound:
+ except AuthzMetadata:
self.driver.set_action_category_scope_dict(intra_extension_uuid, _cat, {})
return action_category_dict
@@ -1241,127 +1241,127 @@ class IntraExtensionAuthzManager(IntraExtensionManager):
return super(IntraExtensionAuthzManager, self).authz(_uuid, sub, obj, act)
def delete_intra_extension(self, intra_extension_id):
- raise AuthIntraExtensionModificationNotAuthorized()
+ raise AdminException()
def set_subject_dict(self, user_name, intra_extension_uuid, subject_dict):
- raise AuthIntraExtensionModificationNotAuthorized()
+ raise AdminException()
def add_subject_dict(self, user_name, intra_extension_uuid, subject_uuid):
- raise AuthIntraExtensionModificationNotAuthorized()
+ raise AdminException()
def del_subject(self, user_name, intra_extension_uuid, subject_uuid):
- raise AuthIntraExtensionModificationNotAuthorized()
+ raise AdminException()
def set_object_dict(self, user_name, intra_extension_uuid, object_dict):
- raise AuthIntraExtensionModificationNotAuthorized()
+ raise AdminException()
def add_object_dict(self, user_name, intra_extension_uuid, object_name):
- raise AuthIntraExtensionModificationNotAuthorized()
+ raise AdminException()
def del_object(self, user_name, intra_extension_uuid, object_uuid):
- raise AuthIntraExtensionModificationNotAuthorized()
+ raise AdminException()
def set_action_dict(self, user_name, intra_extension_uuid, action_dict):
- raise AuthIntraExtensionModificationNotAuthorized()
+ raise AdminException()
def add_action_dict(self, user_name, intra_extension_uuid, action_name):
- raise AuthIntraExtensionModificationNotAuthorized()
+ raise AdminException()
def del_action(self, user_name, intra_extension_uuid, action_uuid):
- raise AuthIntraExtensionModificationNotAuthorized()
+ raise AdminException()
def set_subject_category_dict(self, user_name, intra_extension_uuid, subject_category):
- raise AuthIntraExtensionModificationNotAuthorized()
+ raise AdminException()
def add_subject_category_dict(self, user_name, intra_extension_uuid, subject_category_name):
- raise AuthIntraExtensionModificationNotAuthorized()
+ raise AdminException()
def del_subject_category(self, user_name, intra_extension_uuid, subject_uuid):
- raise AuthIntraExtensionModificationNotAuthorized()
+ raise AdminException()
def set_object_category_dict(self, user_name, intra_extension_uuid, object_category):
- raise AuthIntraExtensionModificationNotAuthorized()
+ raise AdminException()
def add_object_category_dict(self, user_name, intra_extension_uuid, object_category_name):
- raise AuthIntraExtensionModificationNotAuthorized()
+ raise AdminException()
def del_object_category(self, user_name, intra_extension_uuid, object_uuid):
- raise AuthIntraExtensionModificationNotAuthorized()
+ raise AdminException()
def set_action_category_dict(self, user_name, intra_extension_uuid, action_category):
- raise AuthIntraExtensionModificationNotAuthorized()
+ raise AdminException()
def add_action_category_dict(self, user_name, intra_extension_uuid, action_category_name):
- raise AuthIntraExtensionModificationNotAuthorized()
+ raise AdminException()
def del_action_category(self, user_name, intra_extension_uuid, action_uuid):
- raise AuthIntraExtensionModificationNotAuthorized()
+ raise AdminException()
def set_subject_category_scope_dict(self, user_name, intra_extension_uuid, category, scope):
- raise AuthIntraExtensionModificationNotAuthorized()
+ raise AdminException()
def add_subject_category_scope_dict(self, user_name, intra_extension_uuid, subject_category, scope_name):
- raise AuthIntraExtensionModificationNotAuthorized()
+ raise AdminException()
def del_subject_category_scope(self, user_name, intra_extension_uuid, subject_category, subject_category_scope):
- raise AuthIntraExtensionModificationNotAuthorized()
+ raise AdminException()
def set_object_category_scope_dict(self, user_name, intra_extension_uuid, category, scope):
- raise AuthIntraExtensionModificationNotAuthorized()
+ raise AdminException()
def add_object_category_scope_dict(self, user_name, intra_extension_uuid, object_category, scope_name):
- raise AuthIntraExtensionModificationNotAuthorized()
+ raise AdminException()
def del_object_category_scope(self, user_name, intra_extension_uuid, object_category, object_category_scope):
- raise AuthIntraExtensionModificationNotAuthorized()
+ raise AdminException()
def set_action_category_scope_dict(self, user_name, intra_extension_uuid, category, scope):
- raise AuthIntraExtensionModificationNotAuthorized()
+ raise AdminException()
def add_action_category_scope_dict(self, user_name, intra_extension_uuid, action_category, scope_name):
- raise AuthIntraExtensionModificationNotAuthorized()
+ raise AdminException()
def del_action_category_scope(self, user_name, intra_extension_uuid, action_category, action_category_scope):
- raise AuthIntraExtensionModificationNotAuthorized()
+ raise AdminException()
def set_subject_category_assignment_dict(self, user_name, intra_extension_uuid, subject_uuid, assignment_dict):
- raise AuthIntraExtensionModificationNotAuthorized()
+ raise AdminException()
def del_subject_category_assignment(self, user_name, intra_extension_uuid, subject_uuid, category_uuid, scope_uuid):
- raise AuthIntraExtensionModificationNotAuthorized()
+ raise AdminException()
def add_subject_category_assignment_dict(self, user_name, intra_extension_uuid, subject_uuid, category_uuid, scope_uuid):
- raise AuthIntraExtensionModificationNotAuthorized()
+ raise AdminException()
def set_object_category_assignment_dict(self, user_name, intra_extension_uuid, object_uuid, assignment_dict):
- raise AuthIntraExtensionModificationNotAuthorized()
+ raise AdminException()
def del_object_category_assignment(self, user_name, intra_extension_uuid, object_uuid, category_uuid, scope_uuid):
- raise AuthIntraExtensionModificationNotAuthorized()
+ raise AdminException()
def add_object_category_assignment_dict(self, user_name, intra_extension_uuid, object_uuid, category_uuid, scope_uuid):
- raise AuthIntraExtensionModificationNotAuthorized()
+ raise AdminException()
def set_action_category_assignment_dict(self, user_name, intra_extension_uuid, action_uuid, assignment_dict):
- raise AuthIntraExtensionModificationNotAuthorized()
+ raise AdminException()
def del_action_category_assignment(self, user_name, intra_extension_uuid, action_uuid, category_uuid, scope_uuid):
- raise AuthIntraExtensionModificationNotAuthorized()
+ raise AdminException()
def add_action_category_assignment_dict(self, user_name, intra_extension_uuid, action_uuid, category_uuid, scope_uuid):
- raise AuthIntraExtensionModificationNotAuthorized()
+ raise AdminException()
def set_aggregation_algorithm(self, user_name, intra_extension_uuid, aggregation_algorithm):
- raise AuthIntraExtensionModificationNotAuthorized()
+ raise AdminException()
def set_sub_meta_rule(self, user_name, intra_extension_uuid, sub_meta_rules):
- raise AuthIntraExtensionModificationNotAuthorized()
+ raise AdminException()
def set_sub_rule(self, user_name, intra_extension_uuid, relation, sub_rule):
- raise AuthIntraExtensionModificationNotAuthorized()
+ raise AdminException()
def del_sub_rule(self, user_name, intra_extension_uuid, relation_name, rule):
- raise AuthIntraExtensionModificationNotAuthorized()
+ raise AdminException()
@dependency.provider('admin_api')
@dependency.requires('identity_api', 'moonlog_api', 'tenant_api')
diff --git a/keystone-moon/keystone/contrib/moon/exception.py b/keystone-moon/keystone/contrib/moon/exception.py
index 20a7d737..b0ec740b 100644
--- a/keystone-moon/keystone/contrib/moon/exception.py
+++ b/keystone-moon/keystone/contrib/moon/exception.py
@@ -7,106 +7,391 @@ from keystone.common import dependency
from keystone.exception import Error
from keystone.i18n import _, _LW
+
+class MoonErrorMetaClass(type):
+
+ def __init__(cls, name, bases, dct):
+ super(MoonErrorMetaClass, cls).__init__(name, bases, dct)
+ cls.hierarchy += "/"+str(name)
+
+
@dependency.requires('moonlog_api')
-class TenantError(Error):
- message_format = _("There is an error requesting this tenant"
- " the server could not comply with the request"
- " since it is either malformed or otherwise"
- " incorrect. The client is assumed to be in error.")
+class MoonError(Error):
+ __metaclass__ = MoonErrorMetaClass
+ hierarchy = ""
+ message_format = _("There is an error requesting the Moon platform.")
code = 400
- title = 'Tenant Error'
+ title = 'Moon Error'
logger = "ERROR"
def __del__(self):
+ message = "{} ({})".format(self.hierarchy, self.message_format)
if self.logger == "ERROR":
- self.moonlog_api.error(self.message_format)
+ self.moonlog_api.error(message)
elif self.logger == "WARNING":
- self.moonlog_api.warning(self.message_format)
+ self.moonlog_api.warning(message)
elif self.logger == "CRITICAL":
- self.moonlog_api.critical(self.message_format)
+ self.moonlog_api.critical(message)
elif self.logger == "AUTHZ":
- self.moonlog_api.authz(self.message_format)
- self.moonlog_api.error(self.message_format)
+ self.moonlog_api.authz(self.hierarchy)
+ self.moonlog_api.error(message)
else:
- self.moonlog_api.info(self.message_format)
+ self.moonlog_api.info(message)
+
+# Exceptions for Tenant
+
+
+class TenantException(MoonError):
+ message_format = _("There is an error requesting this tenant.")
+ code = 400
+ title = 'Tenant Error'
+ logger = "ERROR"
-class TenantListEmptyError(TenantError):
+class TenantListEmpty(TenantException):
message_format = _("The tenant list mapping is empty, you must set the mapping first.")
code = 400
title = 'Tenant List Empty Error'
+ logger = "WARNING"
-class TenantNotFoundError(TenantError):
+class TenantNotFound(TenantException):
message_format = _("The tenant UUID was not found.")
code = 400
title = 'Tenant UUID Not Found Error'
-class IntraExtensionError(TenantError):
- message_format = _("There is an error requesting this IntraExtension.")
- code = 400
- title = 'Extension Error'
+# Exceptions for IntraExtension
-class CategoryNotFound(IntraExtensionError):
- message_format = _("The category is unknown.")
+class IntraExtensionException(MoonError):
+ message_format = _("There is an error requesting this IntraExtension.")
code = 400
title = 'Extension Error'
- logger = "WARNING"
-class IntraExtensionUnMapped(TenantError):
+class IntraExtensionUnMapped(IntraExtensionException):
message_format = _("The Extension is not mapped to a tenant.")
code = 400
title = 'Extension UUID Not Found Error'
logger = "WARNING"
-class IntraExtensionNotFound(IntraExtensionError):
+class IntraExtensionNotFound(IntraExtensionException):
message_format = _("The Extension for that tenant is unknown.")
code = 400
title = 'Extension UUID Not Found Error'
logger = "WARNING"
-class IntraExtensionNotAuthorized(IntraExtensionError):
- message_format = _("User has no authorization for that action.")
+class IntraExtensionCreationError(IntraExtensionException):
+ message_format = _("The arguments for the creation of this Extension were malformed.")
code = 400
- title = 'Authorization Error'
+ title = 'Intra Extension Creation Error'
+
+
+# Authz exceptions
+
+
+class AuthzException(MoonError):
+ message_format = _("There is an error requesting this Authz IntraExtension.")
+ code = 400
+ title = 'Authz Exception'
logger = "AUTHZ"
-class AdminIntraExtensionNotFound(IntraExtensionNotFound):
- message_format = _("The admin Extension for that tenant is unknown.")
+class AuthzPerimeter(AuthzException):
+ code = 400
+ title = 'Perimeter Exception'
+
+
+class AuthzScope(AuthzException):
+ code = 400
+ title = 'Scope Exception'
+
+
+class AuthzMetadata(AuthzException):
+ code = 400
+ title = 'Metadata Exception'
+
+
+class AuthzAssignment(AuthzException):
+ code = 400
+ title = 'Assignment Exception'
+
+
+class AuthzRule(AuthzException):
+ code = 400
+ title = 'Rule Exception'
+
+
+class SubjectUnknown(AuthzPerimeter):
+ message_format = _("The given subject is unknown.")
+ code = 400
+ title = 'Subject Unknown'
+ logger = "ERROR"
+
+
+class ObjectUnknown(AuthzPerimeter):
+ message_format = _("The given object is unknown.")
code = 400
- title = 'Admin Extension UUID Not Found Error'
+ title = 'Object Unknown'
+ logger = "ERROR"
+
+
+class ActionUnknown(AuthzPerimeter):
+ message_format = _("The given action is unknown.")
+ code = 400
+ title = 'Action Unknown'
+ logger = "ERROR"
+
+
+class SubjectCategoryAssignmentOutOfScope(AuthzScope):
+ message_format = _("The given subject category scope value is out of scope.")
+ code = 400
+ title = 'Subject Category Assignment Out Of Scope'
logger = "WARNING"
-class AdminIntraExtensionCreationError(IntraExtensionError):
- message_format = _("The arguments for the creation of this admin Extension were malformed.")
+class ActionCategoryAssignmentOutOfScope(AuthzScope):
+ message_format = _("The given action category scope value is out of scope.")
code = 400
- title = 'Admin Extension Creation Error'
+ title = 'Action Category Assignment Out Of Scope'
+ logger = "WARNING"
-class AdminIntraExtensionModificationNotAuthorized(IntraExtensionError):
- message_format = _("The modification of this admin Extension is not authorizaed.")
+class ObjectCategoryAssignmentOutOfScope(AuthzScope):
+ message_format = _("The given object category scope value is out of scope.")
code = 400
- title = 'Admin Extension Creation Error'
- logger = "AUTHZ"
+ title = 'Object Category Assignment Out Of Scope'
+ logger = "WARNING"
-class AuthIntraExtensionModificationNotAuthorized(IntraExtensionError):
- message_format = _("The modification of this authz Extension is not authorizaed.")
+
+class SubjectCategoryAssignmentUnknown(AuthzAssignment):
+ message_format = _("The given subject category assignment value is unknown.")
code = 400
- title = 'Authz Extension Creation Error'
- logger = "AUTHZ"
+ title = 'Subject Category Assignment Unknown'
+ logger = "ERROR"
+
+
+class ObjectCategoryAssignmentUnknown(AuthzAssignment):
+ message_format = _("The given object category assignment value is unknown.")
+ code = 400
+ title = 'Object Category Assignment Unknown'
+ logger = "ERROR"
-class AuthzIntraExtensionNotFound(IntraExtensionNotFound):
- message_format = _("The authz Extension for that tenant is unknown.")
+class ActionCategoryAssignmentUnknown(AuthzAssignment):
+ message_format = _("The given action category assignment value is unknown.")
code = 400
- title = 'Authz Extension UUID Not Found Error'
+ title = 'Action Category Assignment Unknown'
+ logger = "ERROR"
+
+
+class RuleOKNotExisting(AuthzRule):
+ message_format = _("The positive rule for that request doen't exist.")
+ code = 400
+ title = 'Rule OK Not Existing'
logger = "WARNING"
+
+class RuleKOExisting(AuthzRule):
+ message_format = _("The request match a negative rule.")
+ code = 400
+ title = 'Rule KO Existing'
+ logger = "ERROR"
+
+
+class RuleUnknown(AuthzRule):
+ message_format = _("The rule for that request doesn't exist.")
+ code = 400
+ title = 'Rule Unknown'
+ logger = "ERROR"
+
+
+# Admin exceptions
+
+
+class AdminException(MoonError):
+ message_format = _("There is an authorization error requesting this IntraExtension.")
+ code = 403
+ title = 'Admin Exception'
+ logger = "AUTHZ"
+
+
+class AdminPerimeter(AuthzException):
+ title = 'Perimeter Exception'
+
+
+class AdminScope(AuthzException):
+ title = 'Scope Exception'
+
+
+class AdminMetadata(AuthzException):
+ title = 'Metadata Exception'
+
+
+class AdminAssignment(AuthzException):
+ title = 'Assignment Exception'
+
+
+class AdminRule(AuthzException):
+ title = 'Rule Exception'
+
+
+class SubjectReadNotAuthorized(AdminPerimeter):
+ title = 'Subject Read Not Authorized'
+
+
+class SubjectAddNotAuthorized(AdminPerimeter):
+ title = 'Subject Add Not Authorized'
+
+
+class SubjectDelNotAuthorized(AdminPerimeter):
+ title = 'Subject Del Not Authorized'
+
+
+class ObjectReadNotAuthorized(AdminPerimeter):
+ title = 'Object Read Not Authorized'
+
+
+class ObjectAddNotAuthorized(AdminPerimeter):
+ title = 'Object Add Not Authorized'
+
+
+class ObjectDelNotAuthorized(AdminPerimeter):
+ title = 'Object Del Not Authorized'
+
+
+class ActionReadNotAuthorized(AdminPerimeter):
+ title = 'Action Read Not Authorized'
+
+
+class ActionAddNotAuthorized(AdminPerimeter):
+ title = 'Action Add Not Authorized'
+
+
+class ActionDelNotAuthorized(AdminPerimeter):
+ title = 'Action Del Not Authorized'
+
+
+class SubjectCategoryScopeReadNotAuthorized(AuthzException):
+ title = 'Subject Category Scope Read Not Authorized'
+
+
+class SubjectCategoryScopeAddNotAuthorized(AuthzException):
+ title = 'Subject Category Scope Add Not Authorized'
+
+
+class SubjectCategoryScopeDelNotAuthorized(AuthzException):
+ title = 'Subject Category Scope Del Not Authorized'
+
+
+class ObjectCategoryScopeReadNotAuthorized(AuthzException):
+ title = 'Object Category Scope Read Not Authorized'
+
+
+class ObjectCategoryScopeAddNotAuthorized(AuthzException):
+ title = 'Object Category Scope Add Not Authorized'
+
+
+class ObjectCategoryScopeDelNotAuthorized(AuthzException):
+ title = 'Object Category Scope Del Not Authorized'
+
+
+class ActionCategoryScopeReadNotAuthorized(AuthzException):
+ title = 'Action Category Scope Read Not Authorized'
+
+
+class ActionCategoryScopeAddNotAuthorized(AuthzException):
+ title = 'Action Category Scope Add Not Authorized'
+
+
+class ActionCategoryScopeDelNotAuthorized(AuthzException):
+ title = 'Action Category Scope Del Not Authorized'
+
+
+class SubjectCategoryReadNotAuthorized(AdminMetadata):
+ title = 'Subject Category Read Not Authorized'
+ logger = "AUTHZ"
+
+
+class SubjectCategoryAddNotAuthorized(AdminMetadata):
+ title = 'Subject Category Add Not Authorized'
+
+
+class SubjectCategoryDelNotAuthorized(AdminMetadata):
+ title = 'Subject Category Del Not Authorized'
+
+
+class ObjectCategoryReadNotAuthorized(AdminMetadata):
+ title = 'Object Category Read Not Authorized'
+
+
+class ObjectCategoryAddNotAuthorized(AdminMetadata):
+ title = 'Object Category Add Not Authorized'
+
+
+class ObjectCategoryDelNotAuthorized(AdminMetadata):
+ title = 'Object Category Del Not Authorized'
+
+
+class ActionCategoryReadNotAuthorized(AdminMetadata):
+ title = 'Action Category Read Not Authorized'
+
+
+class ActionCategoryAddNotAuthorized(AdminMetadata):
+ title = 'Action Category Add Not Authorized'
+
+
+class ActionCategoryDelNotAuthorized(AdminMetadata):
+ title = 'Action Category Del Not Authorized'
+
+
+class SubjectCategoryAssignmentReadNotAuthorized(AdminAssignment):
+ title = 'Subject Category Assignment Read Not Authorized'
+
+
+class SubjectCategoryAssignmentAddNotAuthorized(AdminAssignment):
+ title = 'Subject Category Assignment Add Not Authorized'
+
+
+class SubjectCategoryAssignmentDelNotAuthorized(AdminAssignment):
+ title = 'Subject Category Assignment Del Not Authorized'
+
+
+class ObjectCategoryAssignmentReadNotAuthorized(AdminAssignment):
+ title = 'Object Category Assignment Read Not Authorized'
+
+
+class ObjectCategoryAssignmentAddNotAuthorized(AdminAssignment):
+ title = 'Object Category Assignment Add Not Authorized'
+
+
+class ObjectCategoryAssignmentDelNotAuthorized(AdminAssignment):
+ title = 'Object Category Assignment Del Not Authorized'
+
+
+class ActionCategoryAssignmentReadNotAuthorized(AdminAssignment):
+ title = 'Action Category Assignment Read Not Authorized'
+
+
+class ActionCategoryAssignmentAddNotAuthorized(AdminAssignment):
+ title = 'Action Category Assignment Add Not Authorized'
+
+
+class ActionCategoryAssignmentDelNotAuthorized(AdminAssignment):
+ title = 'Action Category Assignment Del Not Authorized'
+
+
+class RuleReadNotAuthorized(AdminRule):
+ title = 'Rule Read Not Authorized'
+
+
+class RuleAddNotAuthorized(AdminRule):
+ title = 'Rule Add Not Authorized'
+
+
+class RuleDelNotAuthorized(AdminRule):
+ title = 'Rule Del Not Authorized'
diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py
index 98233189..6d852780 100644
--- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py
+++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py
@@ -128,7 +128,7 @@ class TestIntraExtensionAuthzManager(tests.TestCase):
def delete_admin_intra_extension(self):
self.assertRaises(
- AuthIntraExtensionModificationNotAuthorized,
+ AdminException,
self.manager.delete_intra_extension,
self.ref["id"])
@@ -147,19 +147,19 @@ class TestIntraExtensionAuthzManager(tests.TestCase):
new_subjects = dict()
new_subjects[new_subject["id"]] = new_subject["name"]
self.assertRaises(
- AuthIntraExtensionModificationNotAuthorized,
+ AdminException,
self.manager.set_subject_dict,
"admin", self.ref["id"], new_subjects)
# Delete the new subject
self.assertRaises(
- AuthIntraExtensionModificationNotAuthorized,
+ AdminException,
self.manager.del_subject,
"admin", self.ref["id"], new_subject["id"])
# Add a particular subject
self.assertRaises(
- AuthIntraExtensionModificationNotAuthorized,
+ AdminException,
self.manager.add_subject_dict,
"admin", self.ref["id"], new_subject["id"])
@@ -178,19 +178,19 @@ class TestIntraExtensionAuthzManager(tests.TestCase):
new_objects = dict()
new_objects[new_object["id"]] = new_object["name"]
self.assertRaises(
- AuthIntraExtensionModificationNotAuthorized,
+ AdminException,
self.manager.set_object_dict,
"admin", self.ref["id"], new_object["id"])
# Delete the new object
self.assertRaises(
- AuthIntraExtensionModificationNotAuthorized,
+ AdminException,
self.manager.del_object,
"admin", self.ref["id"], new_object["id"])
# Add a particular object
self.assertRaises(
- AuthIntraExtensionModificationNotAuthorized,
+ AdminException,
self.manager.add_object_dict,
"admin", self.ref["id"], new_object["name"])
@@ -209,19 +209,19 @@ class TestIntraExtensionAuthzManager(tests.TestCase):
new_actions = dict()
new_actions[new_action["id"]] = new_action["name"]
self.assertRaises(
- AuthIntraExtensionModificationNotAuthorized,
+ AdminException,
self.manager.set_action_dict,
"admin", self.ref["id"], new_actions)
# Delete the new action
self.assertRaises(
- AuthIntraExtensionModificationNotAuthorized,
+ AdminException,
self.manager.del_action,
"admin", self.ref["id"], new_action["id"])
# Add a particular action
self.assertRaises(
- AuthIntraExtensionModificationNotAuthorized,
+ AdminException,
self.manager.add_action_dict,
"admin", self.ref["id"], new_action["id"])
@@ -240,19 +240,19 @@ class TestIntraExtensionAuthzManager(tests.TestCase):
new_subject_categories = dict()
new_subject_categories[new_subject_category["id"]] = new_subject_category["name"]
self.assertRaises(
- AuthIntraExtensionModificationNotAuthorized,
+ AdminException,
self.manager.set_subject_category_dict,
"admin", self.ref["id"], new_subject_categories)
# Delete the new subject_category
self.assertRaises(
- AuthIntraExtensionModificationNotAuthorized,
+ AdminException,
self.manager.del_subject_category,
"admin", self.ref["id"], new_subject_category["id"])
# Add a particular subject_category
self.assertRaises(
- AuthIntraExtensionModificationNotAuthorized,
+ AdminException,
self.manager.add_subject_category_dict,
"admin", self.ref["id"], new_subject_category["name"])
@@ -271,19 +271,19 @@ class TestIntraExtensionAuthzManager(tests.TestCase):
new_object_categories = dict()
new_object_categories[new_object_category["id"]] = new_object_category["name"]
self.assertRaises(
- AuthIntraExtensionModificationNotAuthorized,
+ AdminException,
self.manager.set_object_category_dict,
"admin", self.ref["id"], new_object_categories)
# Delete the new object_category
self.assertRaises(
- AuthIntraExtensionModificationNotAuthorized,
+ AdminException,
self.manager.del_object_category,
"admin", self.ref["id"], new_object_category["id"])
# Add a particular object_category
self.assertRaises(
- AuthIntraExtensionModificationNotAuthorized,
+ AdminException,
self.manager.add_object_category_dict,
"admin", self.ref["id"], new_object_category["name"])
@@ -302,19 +302,19 @@ class TestIntraExtensionAuthzManager(tests.TestCase):
new_action_categories = dict()
new_action_categories[new_action_category["id"]] = new_action_category["name"]
self.assertRaises(
- AuthIntraExtensionModificationNotAuthorized,
+ AdminException,
self.manager.set_action_category_dict,
"admin", self.ref["id"], new_action_categories)
# Delete the new action_category
self.assertRaises(
- AuthIntraExtensionModificationNotAuthorized,
+ AdminException,
self.manager.del_action_category,
"admin", self.ref["id"], new_action_category["id"])
# Add a particular action_category
self.assertRaises(
- AuthIntraExtensionModificationNotAuthorized,
+ AdminException,
self.manager.add_action_category_dict,
"admin", self.ref["id"], new_action_category["name"])
@@ -346,19 +346,19 @@ class TestIntraExtensionAuthzManager(tests.TestCase):
new_subject_category_scope_uuid = uuid.uuid4().hex
new_subject_category_scope[new_subject_category_scope_uuid] = "new_subject_category_scope"
self.assertRaises(
- AuthIntraExtensionModificationNotAuthorized,
+ AdminException,
self.manager.set_subject_category_scope_dict,
"admin", self.ref["id"], subject_category, new_subject_category_scope)
# Delete the new subject_category_scope
self.assertRaises(
- AuthIntraExtensionModificationNotAuthorized,
+ AdminException,
self.manager.del_subject_category_scope,
"admin", self.ref["id"], subject_category, new_subject_category_scope_uuid)
# Add a particular subject_category_scope
self.assertRaises(
- AuthIntraExtensionModificationNotAuthorized,
+ AdminException,
self.manager.add_subject_category_scope_dict,
"admin", self.ref["id"], subject_category, new_subject_category_scope[new_subject_category_scope_uuid])
@@ -390,19 +390,19 @@ class TestIntraExtensionAuthzManager(tests.TestCase):
new_object_category_scope_uuid = uuid.uuid4().hex
new_object_category_scope[new_object_category_scope_uuid] = "new_object_category_scope"
self.assertRaises(
- AuthIntraExtensionModificationNotAuthorized,
+ AdminException,
self.manager.set_object_category_scope_dict,
"admin", self.ref["id"], object_category, new_object_category_scope)
# Delete the new object_category_scope
self.assertRaises(
- AuthIntraExtensionModificationNotAuthorized,
+ AdminException,
self.manager.del_object_category_scope,
"admin", self.ref["id"], object_category, new_object_category_scope_uuid)
# Add a particular object_category_scope
self.assertRaises(
- AuthIntraExtensionModificationNotAuthorized,
+ AdminException,
self.manager.add_object_category_scope_dict,
"admin", self.ref["id"], object_category, new_object_category_scope[new_object_category_scope_uuid])
@@ -434,19 +434,19 @@ class TestIntraExtensionAuthzManager(tests.TestCase):
new_action_category_scope_uuid = uuid.uuid4().hex
new_action_category_scope[new_action_category_scope_uuid] = "new_action_category_scope"
self.assertRaises(
- AuthIntraExtensionModificationNotAuthorized,
+ AdminException,
self.manager.set_action_category_scope_dict,
"admin", self.ref["id"], action_category, new_action_category_scope)
# Delete the new action_category_scope
self.assertRaises(
- AuthIntraExtensionModificationNotAuthorized,
+ AdminException,
self.manager.del_action_category_scope,
"admin", self.ref["id"], action_category, new_action_category_scope_uuid)
# Add a particular action_category_scope
self.assertRaises(
- AuthIntraExtensionModificationNotAuthorized,
+ AdminException,
self.manager.add_action_category_scope_dict,
"admin", self.ref["id"], action_category, new_action_category_scope[new_action_category_scope_uuid])
@@ -525,7 +525,7 @@ class TestIntraExtensionAuthzManager(tests.TestCase):
self.assertEqual({}, subject_category_assignments["subject_category_assignments"][new_subject["id"]])
self.assertRaises(
- AuthIntraExtensionModificationNotAuthorized,
+ AdminException,
self.manager.set_subject_category_assignment_dict,
"admin", self.ref["id"], new_subject["id"],
{
@@ -533,14 +533,14 @@ class TestIntraExtensionAuthzManager(tests.TestCase):
})
self.assertRaises(
- AuthIntraExtensionModificationNotAuthorized,
+ AdminException,
self.manager.del_subject_category_assignment,
"admin", self.ref["id"], new_subject["id"],
new_subject_category_uuid,
new_subject_category_scope_uuid)
self.assertRaises(
- AuthIntraExtensionModificationNotAuthorized,
+ AdminException,
self.manager.add_subject_category_assignment_dict,
"admin", self.ref["id"], new_subject["id"],
new_subject_category_uuid,
@@ -621,7 +621,7 @@ class TestIntraExtensionAuthzManager(tests.TestCase):
self.assertEqual({}, object_category_assignments["object_category_assignments"][new_object["id"]])
self.assertRaises(
- AuthIntraExtensionModificationNotAuthorized,
+ AdminException,
self.manager.set_object_category_assignment_dict,
"admin", self.ref["id"], new_object["id"],
{
@@ -629,14 +629,14 @@ class TestIntraExtensionAuthzManager(tests.TestCase):
})
self.assertRaises(
- AuthIntraExtensionModificationNotAuthorized,
+ AdminException,
self.manager.del_object_category_assignment,
"admin", self.ref["id"], new_object["id"],
new_object_category_uuid,
new_object_category_scope_uuid)
self.assertRaises(
- AuthIntraExtensionModificationNotAuthorized,
+ AdminException,
self.manager.add_object_category_assignment_dict,
"admin", self.ref["id"], new_object["id"],
new_object_category_uuid,
@@ -717,7 +717,7 @@ class TestIntraExtensionAuthzManager(tests.TestCase):
self.assertEqual({}, action_category_assignments["action_category_assignments"][new_action["id"]])
self.assertRaises(
- AuthIntraExtensionModificationNotAuthorized,
+ AdminException,
self.manager.set_action_category_assignment_dict,
"admin", self.ref["id"], new_action["id"],
{
@@ -725,14 +725,14 @@ class TestIntraExtensionAuthzManager(tests.TestCase):
})
self.assertRaises(
- AuthIntraExtensionModificationNotAuthorized,
+ AdminException,
self.manager.del_action_category_assignment,
"admin", self.ref["id"], new_action["id"],
new_action_category_uuid,
new_action_category_scope_uuid)
self.assertRaises(
- AuthIntraExtensionModificationNotAuthorized,
+ AdminException,
self.manager.add_action_category_assignment_dict,
"admin", self.ref["id"], new_action["id"],
new_action_category_uuid,
@@ -755,7 +755,7 @@ class TestIntraExtensionAuthzManager(tests.TestCase):
_aggregation_algorithm = list(aggregation_algorithms["aggregation_algorithms"])
_aggregation_algorithm.remove(aggregation_algorithm["aggregation"])
self.assertRaises(
- AuthIntraExtensionModificationNotAuthorized,
+ AdminException,
self.manager.set_aggregation_algorithm,
"admin", self.ref["id"], _aggregation_algorithm[0])
@@ -805,7 +805,7 @@ class TestIntraExtensionAuthzManager(tests.TestCase):
self.assertIn(new_subject_category["id"], subject_categories["subject_categories"])
metarule[relation]["subject_categories"].append(new_subject_category["id"])
self.assertRaises(
- AuthIntraExtensionModificationNotAuthorized,
+ AdminException,
self.manager.set_sub_meta_rule,
"admin", self.ref["id"], metarule)
@@ -856,6 +856,6 @@ class TestIntraExtensionAuthzManager(tests.TestCase):
sub_rule.append(scope[func_name][cat_value].keys()[0])
self.assertRaises(
- AuthIntraExtensionModificationNotAuthorized,
+ AdminException,
self.manager.set_sub_rule,
"admin", self.ref["id"], relation, sub_rule)
diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py
index d9c17bd5..0762f37a 100644
--- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py
+++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py
@@ -139,9 +139,9 @@ class TestTenantManager(tests.TestCase):
self.assertEqual(data, new_mapping[_uuid]["admin"])
def test_unkown_tenant_uuid(self):
- self.assertRaises(TenantNotFoundError, self.manager.get_tenant_name, uuid.uuid4().hex)
- self.assertRaises(TenantNotFoundError, self.manager.set_tenant_name, uuid.uuid4().hex, "new name")
- self.assertRaises(TenantNotFoundError, self.manager.get_extension_uuid, uuid.uuid4().hex)
+ self.assertRaises(TenantNotFound, self.manager.get_tenant_name, uuid.uuid4().hex)
+ self.assertRaises(TenantNotFound, self.manager.set_tenant_name, uuid.uuid4().hex, "new name")
+ self.assertRaises(TenantNotFound, self.manager.get_extension_uuid, uuid.uuid4().hex)
_uuid = uuid.uuid4().hex
new_mapping = {
_uuid: {
@@ -158,5 +158,5 @@ class TestTenantManager(tests.TestCase):
)
self.assertEquals(_uuid, data["id"])
self.assertRaises(IntraExtensionNotFound, self.manager.get_extension_uuid, _uuid, "admin")
- self.assertRaises(TenantNotFoundError, self.manager.get_tenant_uuid, uuid.uuid4().hex)
+ self.assertRaises(TenantNotFound, self.manager.get_tenant_uuid, uuid.uuid4().hex)
# self.assertRaises(AdminIntraExtensionNotFound, self.manager.get_admin_extension_uuid, uuid.uuid4().hex)