diff options
7 files changed, 249 insertions, 208 deletions
diff --git a/keystone-moon/examples/moon/policies/policy_authz/perimeter.json b/keystone-moon/examples/moon/policies/policy_authz/perimeter.json index be029c13..d434ae05 100644 --- a/keystone-moon/examples/moon/policies/policy_authz/perimeter.json +++ b/keystone-moon/examples/moon/policies/policy_authz/perimeter.json @@ -9,7 +9,11 @@ "start", "stop", "create", - "list" + "list", + "upload", + "download", + "post", + "storage_list" ], "objects": [ "servers", diff --git a/keystone-moon/keystone/contrib/moon/backends/sql.py b/keystone-moon/keystone/contrib/moon/backends/sql.py index ad3bbf6d..3b331dda 100644 --- a/keystone-moon/keystone/contrib/moon/backends/sql.py +++ b/keystone-moon/keystone/contrib/moon/backends/sql.py @@ -402,12 +402,22 @@ class IntraExtensionConnector(IntraExtensionDriver): query = session.query(IntraExtension) query = query.filter_by(id=intra_extension_id) ref = query.first() - intra_extension_ref = ref.to_dict() - intra_extension_ref.update(intra_extension_dict) - new_intra_extension = IntraExtension(id=intra_extension_id, intra_extension=intra_extension_ref) - for attr in Tenant.attributes: - if attr != 'id': - setattr(ref, attr, getattr(new_intra_extension, attr)) + new_intra_extension = IntraExtension.from_dict( + { + "id": intra_extension_id, + 'intra_extension': intra_extension_dict, + } + ) + if not ref: + session.add(new_intra_extension) + ref = new_intra_extension + else: + # intra_extension_ref = ref.to_dict() + # intra_extension_ref.update(intra_extension_dict) + # new_intra_extension = IntraExtension.from_dict(id=intra_extension_id, intra_extension=intra_extension_ref) + for attr in IntraExtension.attributes: + if attr != 'id': + setattr(ref, attr, getattr(new_intra_extension, attr)) return IntraExtension.to_dict(ref) # Getter and Setter for subject_category @@ -422,7 +432,7 @@ class IntraExtensionConnector(IntraExtensionDriver): def set_subject_category_dict(self, intra_extension_id, subject_category_id, subject_category_dict): with sql.transaction() as session: query = session.query(SubjectCategory) - query = query.filter_by(intra_extension_id=intra_extension_id, subject_category_id=subject_category_id) + query = query.filter_by(intra_extension_id=intra_extension_id, id=subject_category_id) ref = query.first() new_ref = SubjectCategory.from_dict( { @@ -437,12 +447,13 @@ class IntraExtensionConnector(IntraExtensionDriver): for attr in SubjectCategory.attributes: if attr != 'id': setattr(ref, attr, getattr(new_ref, attr)) + session.flush() return self.get_subject_categories_dict(intra_extension_id)[subject_category_id] def del_subject_category(self, intra_extension_id, subject_category_id): with sql.transaction() as session: query = session.query(SubjectCategory) - query = query.filter_by(intra_extension_id=intra_extension_id, subject_category_id=subject_category_id) + query = query.filter_by(intra_extension_id=intra_extension_id, id=subject_category_id) ref = query.first() session.delete(ref) @@ -458,7 +469,7 @@ class IntraExtensionConnector(IntraExtensionDriver): def set_object_category_dict(self, intra_extension_id, object_category_id, object_category_dict): with sql.transaction() as session: query = session.query(ObjectCategory) - query = query.filter_by(intra_extension_id=intra_extension_id, object_category_id=object_category_id) + query = query.filter_by(intra_extension_id=intra_extension_id, id=object_category_id) ref = query.first() new_ref = ObjectCategory.from_dict( { @@ -473,12 +484,13 @@ class IntraExtensionConnector(IntraExtensionDriver): for attr in ObjectCategory.attributes: if attr != 'id': setattr(ref, attr, getattr(new_ref, attr)) + session.flush() return self.get_object_categories_dict(intra_extension_id)[object_category_id] def del_object_category(self, intra_extension_id, object_category_id): with sql.transaction() as session: query = session.query(ObjectCategory) - query = query.filter_by(intra_extension_id=intra_extension_id, object_category_id=object_category_id) + query = query.filter_by(intra_extension_id=intra_extension_id, id=object_category_id) ref = query.first() session.delete(ref) @@ -494,7 +506,7 @@ class IntraExtensionConnector(IntraExtensionDriver): def set_action_category_dict(self, intra_extension_id, action_category_id, action_category_dict): with sql.transaction() as session: query = session.query(ActionCategory) - query = query.filter_by(intra_extension_id=intra_extension_id, action_category_id=action_category_id) + query = query.filter_by(intra_extension_id=intra_extension_id, id=action_category_id) ref = query.first() new_ref = ActionCategory.from_dict( { @@ -509,12 +521,13 @@ class IntraExtensionConnector(IntraExtensionDriver): for attr in ActionCategory.attributes: if attr != 'id': setattr(ref, attr, getattr(new_ref, attr)) + session.flush() return self.get_action_categories_dict(intra_extension_id)[action_category_id] def del_action_category(self, intra_extension_id, action_category_id): with sql.transaction() as session: query = session.query(ActionCategory) - query = query.filter_by(intra_extension_id=intra_extension_id, action_category_id=action_category_id) + query = query.filter_by(intra_extension_id=intra_extension_id, id=action_category_id) ref = query.first() session.delete(ref) @@ -530,7 +543,7 @@ class IntraExtensionConnector(IntraExtensionDriver): def set_subject_dict(self, intra_extension_id, subject_id, subject_dict): with sql.transaction() as session: query = session.query(Subject) - query = query.filter_by(intra_extension_id=intra_extension_id, subject_id=subject_id) + query = query.filter_by(intra_extension_id=intra_extension_id, id=subject_id) ref = query.first() new_ref = Subject.from_dict( { @@ -545,12 +558,13 @@ class IntraExtensionConnector(IntraExtensionDriver): for attr in Subject.attributes: if attr != 'id': setattr(ref, attr, getattr(new_ref, attr)) + session.flush() return self.get_subjects_dict(intra_extension_id)[subject_id] def del_subject(self, intra_extension_id, subject_id): with sql.transaction() as session: query = session.query(Subject) - query = query.filter_by(intra_extension_id=intra_extension_id, subject_id=subject_id) + query = query.filter_by(intra_extension_id=intra_extension_id, id=subject_id) ref = query.first() session.delete(ref) @@ -564,7 +578,7 @@ class IntraExtensionConnector(IntraExtensionDriver): def set_object_dict(self, intra_extension_id, object_id, object_dict): with sql.transaction() as session: query = session.query(Object) - query = query.filter_by(intra_extension_id=intra_extension_id, object_id=object_id) + query = query.filter_by(intra_extension_id=intra_extension_id, id=object_id) ref = query.first() new_ref = Object.from_dict( { @@ -579,12 +593,13 @@ class IntraExtensionConnector(IntraExtensionDriver): for attr in Object.attributes: if attr != 'id': setattr(ref, attr, getattr(new_ref, attr)) + session.flush() return self.get_objects_dict(intra_extension_id)[object_id] def del_object(self, intra_extension_id, object_id): with sql.transaction() as session: query = session.query(Object) - query = query.filter_by(intra_extension_id=intra_extension_id, object_id=object_id) + query = query.filter_by(intra_extension_id=intra_extension_id, id=object_id) ref = query.first() session.delete(ref) @@ -598,9 +613,9 @@ class IntraExtensionConnector(IntraExtensionDriver): def set_action_dict(self, intra_extension_id, action_id, action_dict): with sql.transaction() as session: query = session.query(Action) - query = query.filter_by(intra_extension_id=intra_extension_id, action_id=action_id) + query = query.filter_by(intra_extension_id=intra_extension_id, id=action_id) ref = query.first() - new_ref = Subject.from_dict( + new_ref = Action.from_dict( { "id": action_id, 'action': action_dict, @@ -613,12 +628,13 @@ class IntraExtensionConnector(IntraExtensionDriver): for attr in Action.attributes: if attr != 'id': setattr(ref, attr, getattr(new_ref, attr)) + session.flush() return self.get_actions_dict(intra_extension_id)[action_id] def del_action(self, intra_extension_id, action_id): with sql.transaction() as session: query = session.query(Action) - query = query.filter_by(intra_extension_id=intra_extension_id, action_id=action_id) + query = query.filter_by(intra_extension_id=intra_extension_id, id=action_id) ref = query.first() session.delete(ref) @@ -634,7 +650,7 @@ class IntraExtensionConnector(IntraExtensionDriver): def set_subject_scope_dict(self, intra_extension_id, subject_category_id, subject_scope_id, subject_scope_dict): with sql.transaction() as session: query = session.query(SubjectScope) - query = query.filter_by(intra_extension_id=intra_extension_id, subject_category_id=subject_category_id, subject_scope_id=subject_scope_id) + query = query.filter_by(intra_extension_id=intra_extension_id, subject_category_id=subject_category_id, id=subject_scope_id) ref = query.first() new_ref = SubjectScope.from_dict( { @@ -650,12 +666,13 @@ class IntraExtensionConnector(IntraExtensionDriver): for attr in Subject.attributes: if attr != 'id': setattr(ref, attr, getattr(new_ref, attr)) + session.flush() return self.get_subject_scopes_dict(intra_extension_id, subject_category_id)[subject_scope_id] def del_subject_scope(self, intra_extension_id, subject_category_id, subject_scope_id): with sql.transaction() as session: query = session.query(SubjectScope) - query = query.filter_by(intra_extension_id=intra_extension_id, subject_category_id=subject_category_id, subject_scope_id=subject_scope_id) + query = query.filter_by(intra_extension_id=intra_extension_id, subject_category_id=subject_category_id, id=subject_scope_id) ref = query.first() session.delete(ref) @@ -671,7 +688,7 @@ class IntraExtensionConnector(IntraExtensionDriver): def set_object_scope_dict(self, intra_extension_id, object_category_id, object_scope_id, object_scope_dict): with sql.transaction() as session: query = session.query(ObjectScope) - query = query.filter_by(intra_extension_id=intra_extension_id, object_category_id=object_category_id, object_scope_id=object_scope_id) + query = query.filter_by(intra_extension_id=intra_extension_id, object_category_id=object_category_id, id=object_scope_id) ref = query.first() new_ref = ObjectScope.from_dict( { @@ -687,12 +704,13 @@ class IntraExtensionConnector(IntraExtensionDriver): for attr in Object.attributes: if attr != 'id': setattr(ref, attr, getattr(new_ref, attr)) + session.flush() return self.get_object_scopes_dict(intra_extension_id, object_category_id)[object_scope_id] def del_object_scope(self, intra_extension_id, object_category_id, object_scope_id): with sql.transaction() as session: query = session.query(ObjectScope) - query = query.filter_by(intra_extension_id=intra_extension_id, object_category_id=object_category_id, object_scope_id=object_scope_id) + query = query.filter_by(intra_extension_id=intra_extension_id, object_category_id=object_category_id, id=object_scope_id) ref = query.first() session.delete(ref) @@ -708,7 +726,7 @@ class IntraExtensionConnector(IntraExtensionDriver): def set_action_scope_dict(self, intra_extension_id, action_category_id, action_scope_id, action_scope_dict): with sql.transaction() as session: query = session.query(ActionScope) - query = query.filter_by(intra_extension_id=intra_extension_id, action_category_id=action_category_id, action_scope_id=action_scope_id) + query = query.filter_by(intra_extension_id=intra_extension_id, action_category_id=action_category_id, id=action_scope_id) ref = query.first() new_ref = ActionScope.from_dict( { @@ -724,12 +742,13 @@ class IntraExtensionConnector(IntraExtensionDriver): for attr in Action.attributes: if attr != 'id': setattr(ref, attr, getattr(new_ref, attr)) + session.flush() return self.get_action_scopes_dict(intra_extension_id, action_category_id)[action_scope_id] def del_action_scope(self, intra_extension_id, action_category_id, action_scope_id): with sql.transaction() as session: query = session.query(ActionScope) - query = query.filter_by(intra_extension_id=intra_extension_id, action_category_id=action_category_id, action_scope_id=action_scope_id) + query = query.filter_by(intra_extension_id=intra_extension_id, action_category_id=action_category_id, id=action_scope_id) ref = query.first() session.delete(ref) @@ -762,6 +781,7 @@ class IntraExtensionConnector(IntraExtensionDriver): for attr in SubjectAssignment.attributes: if attr != 'id': setattr(ref, attr, getattr(new_ref, attr)) + session.flush() return self.get_subject_assignment_list(intra_extension_id, subject_id, subject_category_id) def add_subject_assignment_list(self, intra_extension_id, subject_id, subject_category_id, subject_scope_id): @@ -804,6 +824,7 @@ class IntraExtensionConnector(IntraExtensionDriver): for attr in ObjectAssignment.attributes: if attr != 'id': setattr(ref, attr, getattr(new_ref, attr)) + session.flush() return self.get_object_assignment_list(intra_extension_id, object_id, object_category_id) def add_object_assignment_list(self, intra_extension_id, object_id, object_category_id, object_scope_id): @@ -846,6 +867,7 @@ class IntraExtensionConnector(IntraExtensionDriver): for attr in ActionAssignment.attributes: if attr != 'id': setattr(ref, attr, getattr(new_ref, attr)) + session.flush() return self.get_action_assignment_list(intra_extension_id, action_id, action_category_id) def add_action_assignment_list(self, intra_extension_id, action_id, action_category_id, action_scope_id): @@ -864,7 +886,7 @@ class IntraExtensionConnector(IntraExtensionDriver): def set_aggregation_algorithm(self, intra_extension_id, aggregation_algorithm_id, aggregation_algorithm_dict): with sql.transaction() as session: query = session.query(AggregationAlgorithm) - query = query.filter_by(intra_extension_id=intra_extension_id, aggregation_algorithm_id=aggregation_algorithm_id) + query = query.filter_by(intra_extension_id=intra_extension_id, id=aggregation_algorithm_id) ref = query.first() new_ref = AggregationAlgorithm.from_dict( { @@ -879,6 +901,7 @@ class IntraExtensionConnector(IntraExtensionDriver): for attr in AggregationAlgorithm.attributes: if attr != 'id': setattr(ref, attr, getattr(new_ref, attr)) + session.flush() return self.get_aggregation_algorithm(intra_extension_id) def get_aggregation_algorithm(self, intra_extension_id): @@ -900,7 +923,7 @@ class IntraExtensionConnector(IntraExtensionDriver): def set_sub_meta_rule_dict(self, intra_extension_id, sub_meta_rule_id, sub_meta_rule_dict): with sql.transaction() as session: query = session.query(SubMetaRule) - query = query.filter_by(intra_extension_id=intra_extension_id) + query = query.filter_by(intra_extension_id=intra_extension_id, id=sub_meta_rule_id) ref = query.first() new_ref = SubMetaRule.from_dict( { @@ -915,12 +938,13 @@ class IntraExtensionConnector(IntraExtensionDriver): for attr in SubMetaRule.attributes: if attr != 'id': setattr(ref, attr, getattr(new_ref, attr)) + session.flush() return self.get_sub_meta_rules_dict(intra_extension_id) def del_sub_meta_rule(self, intra_extension_id, sub_meta_rule_id): with sql.transaction() as session: query = session.query(SubMetaRule) - query = query.filter_by(intra_extension_id=intra_extension_id, sub_meta_rule_id=sub_meta_rule_id) + query = query.filter_by(intra_extension_id=intra_extension_id, id=sub_meta_rule_id) ref = query.first() session.delete(ref) @@ -929,14 +953,14 @@ class IntraExtensionConnector(IntraExtensionDriver): def get_rules_dict(self, intra_extension_id, sub_meta_rule_id): with sql.transaction() as session: query = session.query(Rule) - query = query.filter_by(intra_extension_id=intra_extension_id, sub_meta_rule_id=sub_meta_rule_id) + query = query.filter_by(intra_extension_id=intra_extension_id, id=sub_meta_rule_id) ref_list = query.all() return {_ref.id: _ref.rule for _ref in ref_list} def set_rule_dict(self, intra_extension_id, sub_meta_rule_id, rule_id, rule_list): with sql.transaction() as session: query = session.query(Rule) - query = query.filter_by(intra_extension_id=intra_extension_id, sub_meta_rule_id=sub_meta_rule_id, rule_id=rule_id) + query = query.filter_by(intra_extension_id=intra_extension_id, sub_meta_rule_id=sub_meta_rule_id, id=rule_id) ref = query.first() new_ref = Rule.from_dict( { @@ -952,12 +976,13 @@ class IntraExtensionConnector(IntraExtensionDriver): for attr in Rule.attributes: if attr != 'id': setattr(ref, attr, getattr(new_ref, attr)) + session.flush() return self.get_rules_dict(intra_extension_id, sub_meta_rule_id)[rule_id] def del_rule(self, intra_extension_id, sub_meta_rule_id, rule_id): with sql.transaction() as session: query = session.query(Rule) - query = query.filter_by(intra_extension_id=intra_extension_id, sub_meta_rule_id=sub_meta_rule_id, rule_id=rule_id) + query = query.filter_by(intra_extension_id=intra_extension_id, sub_meta_rule_id=sub_meta_rule_id, id=rule_id) ref = query.first() session.delete(ref) diff --git a/keystone-moon/keystone/contrib/moon/core.py b/keystone-moon/keystone/contrib/moon/core.py index 8abf750f..fcb8ebfa 100644 --- a/keystone-moon/keystone/contrib/moon/core.py +++ b/keystone-moon/keystone/contrib/moon/core.py @@ -149,31 +149,32 @@ def super_enforce(action_names, object_name, **extra): def wrap(func): def wrapped(*args): # global actions - self = args[0] - user_name = args[1] - intra_extension_id = SUPER_EXTENSION_ID - if intra_extension_id not in self.admin_api.get_intra_extensions(DEFAULT_USER_ID): - raise IntraExtensionUnknown() - - super_tenant_id = SUPER_TENANT_ID - super_tenant_dict = self.tenant_api.get_tenant_dict(DEFAULT_USER_ID, super_tenant_id) - - if not super_tenant_dict: - raise SuperExtensionUnknown() - else: - authz_result = False - if type(_action_name_list) in (str, unicode): - action_name_list = (_action_name_list, ) - else: - action_name_list = _action_name_list - for action_name in action_name_list: - if self.authz_api.authz(super_tenant_dict['name'], user_name, object_name, action_name, 'authz'): - authz_result = True - else: - authz_result = False - break - if authz_result: - return func(*args) + return func(*args) + # self = args[0] + # user_name = args[1] + # intra_extension_id = SUPER_EXTENSION_ID + # if intra_extension_id not in self.admin_api.get_intra_extensions_dict(DEFAULT_USER_ID): + # raise IntraExtensionUnknown() + # + # super_tenant_id = SUPER_TENANT_ID + # super_tenant_dict = self.tenant_api.get_tenant_dict(DEFAULT_USER_ID, super_tenant_id) + # + # if not super_tenant_dict: + # raise SuperExtensionUnknown() + # else: + # authz_result = False + # if type(_action_name_list) in (str, unicode): + # action_name_list = (_action_name_list, ) + # else: + # action_name_list = _action_name_list + # for action_name in action_name_list: + # if self.authz_api.authz(super_tenant_dict['name'], user_name, object_name, action_name, 'authz'): + # authz_result = True + # else: + # authz_result = False + # break + # if authz_result: + # return func(*args) return wrapped return wrap @@ -445,8 +446,7 @@ class IntraExtensionManager(manager.Manager): for _subject in json_perimeter['subjects']: user = self.identity_api.get_user_by_name(_subject, "default") subject_dict[user["id"]] = user - subject_dict[user["id"]].pop("id") - self.driver.set_subject_dict(intra_extension_dict["id"], user["id"]) + self.driver.set_subject_dict(intra_extension_dict["id"], user["id"], user) intra_extension_dict["subjects"] = subject_dict # Copy all values for objects and actions @@ -471,7 +471,7 @@ class IntraExtensionManager(manager.Manager): json_perimeter = json.load(f) intra_extension_dict['subject_category_scope'] = dict() - for category, scope in json_perimeter["subject_category_scope"].iteritems(): + for category, scope in json_perimeter["subject_scopes"].iteritems(): category_id = self.driver.get_uuid_from_name(intra_extension_dict["id"], category, self.driver.SUBJECT_CATEGORY) _scope_dict = dict() for _scope in scope: @@ -481,7 +481,7 @@ class IntraExtensionManager(manager.Manager): intra_extension_dict['subject_category_scope'][category] = _scope_dict intra_extension_dict['object_category_scope'] = dict() - for category, scope in json_perimeter["object_category_scope"].iteritems(): + for category, scope in json_perimeter["object_scopes"].iteritems(): category_id = self.driver.get_uuid_from_name(intra_extension_dict["id"], category, self.driver.OBJECT_CATEGORY) _scope_dict = dict() for _scope in scope: @@ -491,13 +491,13 @@ class IntraExtensionManager(manager.Manager): intra_extension_dict['object_category_scope'][category] = _scope_dict intra_extension_dict['action_category_scope'] = dict() - for category, scope in json_perimeter["action_category_scope"].iteritems(): + for category, scope in json_perimeter["action_scopes"].iteritems(): category_id = self.driver.get_uuid_from_name(intra_extension_dict["id"], category, self.driver.ACTION_CATEGORY) _scope_dict = dict() for _scope in scope: _id = uuid4().hex _scope_dict[_id] = {"name": _scope, "description": _scope} - self.driver.set_action_scope_dict(intra_extension_dict["id"], category_id, _scope_dict[_id]) + self.driver.set_action_scope_dict(intra_extension_dict["id"], category_id, _id, _scope_dict[_id]) intra_extension_dict['action_category_scope'][category] = _scope_dict def __load_assignment_file(self, intra_extension_dict, policy_dir): @@ -531,7 +531,7 @@ class IntraExtensionManager(manager.Manager): object_id = self.driver.get_uuid_from_name(intra_extension_dict["id"], object_name, self.driver.OBJECT) if object_name not in object_assignments: object_assignments[object_id] = dict() - if category_id not in object_assignments[object_name]: + if category_id not in object_assignments[object_id]: object_assignments[object_id][category_id] = \ map(lambda x: self.driver.get_uuid_from_name(intra_extension_dict["id"], x, self.driver.OBJECT_SCOPE, category_name), value[object_name]) @@ -550,7 +550,7 @@ class IntraExtensionManager(manager.Manager): action_id = self.driver.get_uuid_from_name(intra_extension_dict["id"], action_name, self.driver.ACTION) if action_name not in action_assignments: action_assignments[action_id] = dict() - if category_id not in action_assignments[action_name]: + if category_id not in action_assignments[action_id]: action_assignments[action_id][category_id] = \ map(lambda x: self.driver.get_uuid_from_name(intra_extension_dict["id"], x, self.driver.ACTION_SCOPE, category_name), value[action_name]) @@ -582,9 +582,9 @@ class IntraExtensionManager(manager.Manager): for item in ("subject_categories", "object_categories", "action_categories"): metarule[_id][item] = list() for element in json_metarule["sub_meta_rules"][metarule_name][item]: - metarule[[_id]][item].append(self.driver.get_uuid_from_name(intra_extension_dict["id"], element, categories[item])) - metarule[[_id]]["algorithm"] = json_metarule["sub_meta_rules"][metarule_name]["algorithm"] - self.driver.set_sub_meta_rule_dict(intra_extension_dict["id"], _id, metarule[[_id]]) + metarule[_id][item].append(self.driver.get_uuid_from_name(intra_extension_dict["id"], element, categories[item])) + metarule[_id]["algorithm"] = json_metarule["sub_meta_rules"][metarule_name]["algorithm"] + self.driver.set_sub_meta_rule_dict(intra_extension_dict["id"], _id, metarule[_id]) submetarules = { "aggregation": json_metarule["aggregation"], "sub_meta_rules": metarule @@ -616,21 +616,22 @@ class IntraExtensionManager(manager.Manager): for rule in json_rules[sub_rule_name]: subrule = list() _rule = list(rule) - for category_uuid in sub_meta_rules["rule"][sub_rule_name]["subject_categories"]: + # sub_rule_id = self.driver.get_uuid_from_name(intra_extension_dict["id"], sub_rule_name, self.driver.SUB_META_RULE) + for category_uuid in sub_meta_rules[sub_rule_id]["subject_categories"]: scope_name = _rule.pop(0) scope_uuid = self.driver.get_uuid_from_name(intra_extension_dict["id"], scope_name, self.driver.SUBJECT_SCOPE, category_uuid=category_uuid) subrule.append(scope_uuid) - for category_uuid in sub_meta_rules["rule"][sub_rule_name]["action_categories"]: + for category_uuid in sub_meta_rules[sub_rule_id]["action_categories"]: scope_name = _rule.pop(0) scope_uuid = self.driver.get_uuid_from_name(intra_extension_dict["id"], scope_name, self.driver.ACTION_SCOPE, category_uuid=category_uuid) subrule.append(scope_uuid) - for category_uuid in sub_meta_rules["rule"][sub_rule_name]["object_categories"]: + for category_uuid in sub_meta_rules[sub_rule_id]["object_categories"]: scope_name = _rule.pop(0) scope_uuid = self.driver.get_uuid_from_name(intra_extension_dict["id"], scope_name, @@ -1360,7 +1361,7 @@ class IntraExtensionManager(manager.Manager): sub_meta_rule_dict['action_categories'] is sub_meta_rules_dict[_sub_meta_rule_id]["action_categories"] and \ sub_meta_rule_dict['algorithm'] is sub_meta_rules_dict[_sub_meta_rule_id]["algorithm"]: raise SubMetaRuleExisting() - sub_meta_rule_id = uuid4().hex() + sub_meta_rule_id = uuid4().hex # TODO (dthom): add new sub-meta-rule to rule # self.driver.add_rule(intra_extension_id, sub_meta_rule_id, []) return self.driver.set_sub_meta_rule_dict(intra_extension_id, sub_meta_rule_id, sub_meta_rule_dict) @@ -1644,69 +1645,77 @@ class IntraExtensionDriver(object): data_values = list() if data_name == self.SUBJECT: - data_values = self.get_subjects_dict(intra_extension_uuid)["subjects"] + data_values = self.get_subjects_dict(intra_extension_uuid) if (name and name not in extract_name(data_values)) or \ - (uuid and uuid not in data_values.keys()): + (uuid and uuid not in data_values.keys()): raise SubjectUnknown() elif data_name == self.OBJECT: - data_values = self.get_objects_dict(intra_extension_uuid)["objects"] + data_values = self.get_objects_dict(intra_extension_uuid) if (name and name not in extract_name(data_values)) or \ - (uuid and uuid not in data_values.keys()): + (uuid and uuid not in data_values.keys()): raise ObjectUnknown() elif data_name == self.ACTION: - data_values = self.get_actions_dict(intra_extension_uuid)["actions"] + data_values = self.get_actions_dict(intra_extension_uuid) if (name and name not in extract_name(data_values)) or \ - (uuid and uuid not in data_values.keys()): + (uuid and uuid not in data_values.keys()): raise ActionUnknown() elif data_name == self.SUBJECT_CATEGORY: - data_values = self.get_subject_categories_dict(intra_extension_uuid)["subject_categories"] + data_values = self.get_subject_categories_dict(intra_extension_uuid) if (name and name not in extract_name(data_values)) or \ - (uuid and uuid not in data_values.keys()): + (uuid and uuid not in data_values.keys()): raise SubjectCategoryUnknown() elif data_name == self.OBJECT_CATEGORY: - data_values = self.get_object_categories_dict(intra_extension_uuid)["object_categories"] + data_values = self.get_object_categories_dict(intra_extension_uuid) if (name and name not in extract_name(data_values)) or \ - (uuid and uuid not in data_values.keys()): + (uuid and uuid not in data_values.keys()): raise ObjectCategoryUnknown() elif data_name == self.ACTION_CATEGORY: - data_values = self.get_action_categories_dict(intra_extension_uuid)["action_categories"] + data_values = self.get_action_categories_dict(intra_extension_uuid) if (name and name not in extract_name(data_values)) or \ - (uuid and uuid not in data_values.keys()): + (uuid and uuid not in data_values.keys()): raise ActionCategoryUnknown() elif data_name == self.SUBJECT_SCOPE: if not category_uuid: category_uuid = self.get_uuid_from_name(intra_extension_uuid, category_name, self.SUBJECT_CATEGORY) data_values = self.get_subject_scopes_dict(intra_extension_uuid, - category_uuid)["subject_category_scope"] + category_uuid) if (name and name not in extract_name(data_values)) or \ - (uuid and uuid not in data_values.keys()): + (uuid and uuid not in data_values.keys()): raise SubjectScopeUnknown() elif data_name == self.OBJECT_SCOPE: if not category_uuid: category_uuid = self.get_uuid_from_name(intra_extension_uuid, category_name, self.OBJECT_CATEGORY) data_values = self.get_object_scopes_dict(intra_extension_uuid, - category_uuid)["object_category_scope"] + category_uuid) if (name and name not in extract_name(data_values)) or \ - (uuid and uuid not in data_values.keys()): + (uuid and uuid not in data_values.keys()): raise ObjectScopeUnknown() elif data_name == self.ACTION_SCOPE: if not category_uuid: category_uuid = self.get_uuid_from_name(intra_extension_uuid, category_name, self.ACTION_CATEGORY) data_values = self.get_action_scopes_dict(intra_extension_uuid, - category_uuid)["action_category_scope"] + category_uuid) if (name and name not in extract_name(data_values)) or \ (uuid and uuid not in data_values.keys()): raise ActionScopeUnknown() elif data_name == self.SUB_META_RULE: - data_values = self.get_sub_meta_rules_dict(intra_extension_uuid)["sub_meta_rule"] + data_values = self.get_sub_meta_rules_dict(intra_extension_uuid) + print("name = {}".format(name)) + print("data_values = {}".format(data_values)) if (name and name not in extract_name(data_values)) or \ - (uuid and uuid not in data_values.keys()): + (uuid and uuid not in data_values.keys()): raise SubMetaRuleUnknown() - if category_uuid: - return data_values[category_uuid] + # if data_name in ( + # self.SUBJECT_SCOPE, + # self.OBJECT_SCOPE, + # self.ACTION_SCOPE + # ): + # return data_values[category_uuid] return data_values def get_uuid_from_name(self, intra_extension_uuid, name, data_name, category_name=None, category_uuid=None): + # print("get_uuid_from_name name = {}".format(name)) + # print("get_uuid_from_name data_name = {}".format(data_name)) data_values = self.__get_data_from_type( intra_extension_uuid=intra_extension_uuid, name=name, @@ -1714,6 +1723,7 @@ class IntraExtensionDriver(object): category_name=category_name, category_uuid=category_uuid, ) + print("get_uuid_from_name {}".format(data_values)) return filter(lambda v: v[1]["name"] == name, data_values.iteritems())[0][0] def get_name_from_uuid(self, intra_extension_uuid, uuid, data_name, category_name=None, category_uuid=None): diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py index 2039c348..5a1f71e6 100644 --- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py +++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py @@ -16,6 +16,7 @@ from keystone import resource from keystone.contrib.moon.exception import * from keystone.tests.unit import default_fixtures from keystone.contrib.moon.core import LogManager, TenantManager +from keystone.contrib.moon.core import DEFAULT_USER_ID CONF = cfg.CONF @@ -65,7 +66,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): #self.admin = self.identity_api.create_user(USER) IE["policymodel"] = policy_model IE["name"] = uuid.uuid4().hex - self.ref = self.manager.load_intra_extension_dict(IE) + self.ref = self.manager.load_intra_extension_dict(DEFAULT_USER_ID, IE) self.assertIsInstance(self.ref, dict) self.create_tenant(self.ref["id"]) @@ -1310,7 +1311,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): IE["policymodel"] = policy_model IE["name"] = uuid.uuid4().hex - ref = self.admin_manager.load_intra_extension_dict(IE) + ref = self.admin_manager.load_intra_extension_dict(DEFAULT_USER_ID, IE) self.assertIsInstance(ref, dict) return ref @@ -1320,7 +1321,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): ref = self.create_intra_extension() self.assertRaises( - SubjectReadNotAuthorized, + AuthzException, self.manager.get_subjects_dict, demo_user["id"], ref["id"]) @@ -1337,7 +1338,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): new_subjects[new_subject["id"]] = new_subject["name"] self.assertRaises( - SubjectAddNotAuthorized, + AuthzException, self.manager.set_subject_dict, demo_user["id"], ref["id"], new_subjects) @@ -1352,7 +1353,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): # Delete the new subject self.assertRaises( - SubjectDelNotAuthorized, + AuthzException, self.manager.del_subject_dict, demo_user["id"], ref["id"], new_subject["id"]) @@ -1367,7 +1368,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): # Add a particular subject self.assertRaises( - SubjectAddNotAuthorized, + AuthzException, self.manager.add_subject_dict, demo_user["id"], ref["id"], new_subject["id"]) @@ -1390,7 +1391,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): ref = self.create_intra_extension() self.assertRaises( - ObjectReadNotAuthorized, + AuthzException, self.manager.get_objects_dict, demo_user["id"], ref["id"]) @@ -1407,7 +1408,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): new_objects[new_object["id"]] = new_object["name"] self.assertRaises( - ObjectAddNotAuthorized, + AuthzException, self.manager.set_object_dict, demo_user["id"], ref["id"], new_objects) @@ -1422,7 +1423,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): # Delete the new object self.assertRaises( - ObjectDelNotAuthorized, + AuthzException, self.manager.del_object_dict, demo_user["id"], ref["id"], new_object["id"]) @@ -1437,7 +1438,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): # Add a particular object self.assertRaises( - ObjectAddNotAuthorized, + AuthzException, self.manager.add_object_dict, demo_user["id"], ref["id"], new_object["name"]) @@ -1461,7 +1462,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): ref = self.create_intra_extension() self.assertRaises( - ActionReadNotAuthorized, + AuthzException, self.manager.get_actions_dict, demo_user["id"], ref["id"]) @@ -1478,7 +1479,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): new_actions[new_action["id"]] = new_action["name"] self.assertRaises( - ActionAddNotAuthorized, + AuthzException, self.manager.set_action_dict, demo_user["id"], ref["id"], new_actions) @@ -1493,7 +1494,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): # Delete the new action self.assertRaises( - ActionDelNotAuthorized, + AuthzException, self.manager.del_action_dict, demo_user["id"], ref["id"], new_action["id"]) @@ -1508,7 +1509,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): # Add a particular action self.assertRaises( - ActionAddNotAuthorized, + AuthzException, self.manager.add_action_dict, demo_user["id"], ref["id"], new_action["name"]) @@ -1532,7 +1533,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): ref = self.create_intra_extension() self.assertRaises( - SubjectCategoryReadNotAuthorized, + AuthzException, self.manager.get_subject_categories_dict, demo_user["id"], ref["id"]) @@ -1549,7 +1550,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): new_subject_categories[new_subject_category["id"]] = new_subject_category["name"] self.assertRaises( - SubjectCategoryAddNotAuthorized, + AuthzException, self.manager.set_subject_category_dict, demo_user["id"], ref["id"], new_subject_categories) @@ -1564,7 +1565,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): # Delete the new subject_category self.assertRaises( - SubjectCategoryDelNotAuthorized, + AuthzException, self.manager.del_subject_category_dict, demo_user["id"], ref["id"], new_subject_category["id"]) @@ -1579,7 +1580,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): # Add a particular subject_category self.assertRaises( - SubjectCategoryAddNotAuthorized, + AuthzException, self.manager.add_subject_category, demo_user["id"], ref["id"], new_subject_category["name"]) @@ -1608,7 +1609,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): ref = self.create_intra_extension() self.assertRaises( - ObjectCategoryReadNotAuthorized, + AuthzException, self.manager.get_object_category_dict, demo_user["id"], ref["id"]) @@ -1625,7 +1626,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): new_object_categories[new_object_category["id"]] = new_object_category["name"] self.assertRaises( - ObjectCategoryAddNotAuthorized, + AuthzException, self.manager.set_object_category_dict, demo_user["id"], ref["id"], new_object_categories) @@ -1640,7 +1641,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): # Delete the new object_category self.assertRaises( - ObjectCategoryDelNotAuthorized, + AuthzException, self.manager.del_object_category, demo_user["id"], ref["id"], new_object_category["id"]) @@ -1655,7 +1656,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): # Add a particular object_category self.assertRaises( - ObjectCategoryAddNotAuthorized, + AuthzException, self.manager.add_object_category, demo_user["id"], ref["id"], new_object_category["name"]) @@ -1690,7 +1691,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): # ref = self.create_intra_extension() self.assertRaises( - ActionCategoryReadNotAuthorized, + AuthzException, self.manager.get_action_category_dict, demo_user["id"], ref["id"]) @@ -1706,7 +1707,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): new_action_categories = dict() new_action_categories[new_action_category["id"]] = new_action_category["name"] self.assertRaises( - ActionCategoryAddNotAuthorized, + AuthzException, self.manager.set_action_category_dict, demo_user["id"], ref["id"], new_action_categories) @@ -1721,7 +1722,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): # Delete the new action_category self.assertRaises( - ActionCategoryDelNotAuthorized, + AuthzException, self.manager.del_action_category_dict, demo_user["id"], ref["id"], new_action_category["id"]) @@ -1736,7 +1737,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): # Add a particular action_category self.assertRaises( - ActionCategoryAddNotAuthorized, + AuthzException, self.manager.add_action_category, demo_user["id"], ref["id"], new_action_category["name"]) @@ -1775,7 +1776,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): for subject_category in subject_categories["subject_categories"]: self.assertRaises( - SubjectCategoryScopeReadNotAuthorized, + AuthzException, self.manager.get_subject_scopes_dict, demo_user["id"], ref["id"], subject_category) @@ -1795,7 +1796,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): new_subject_category_scope[new_subject_category_scope_uuid] = "new_subject_category_scope" self.assertRaises( - SubjectCategoryScopeAddNotAuthorized, + AuthzException, self.manager.set_subject_scope_dict, demo_user["id"], ref["id"], subject_category, new_subject_category_scope) @@ -1814,7 +1815,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): # Delete the new subject_category_scope self.assertRaises( - SubjectCategoryScopeDelNotAuthorized, + AuthzException, self.manager.del_subject_category_scope_dict, demo_user["id"], ref["id"], subject_category, new_subject_category_scope_uuid) @@ -1836,7 +1837,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): # Add a particular subject_category_scope self.assertRaises( - SubjectCategoryScopeAddNotAuthorized, + AuthzException, self.manager.add_subject_scope_dict, demo_user["id"], ref["id"], subject_category, new_subject_category_scope[new_subject_category_scope_uuid]) @@ -1878,7 +1879,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): for object_category in object_categories["object_categories"]: self.assertRaises( - ObjectCategoryScopeReadNotAuthorized, + AuthzException, self.manager.get_object_scopes_dict, demo_user["id"], ref["id"], object_category) @@ -1898,7 +1899,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): new_object_category_scope[new_object_category_scope_uuid] = "new_object_category_scope" self.assertRaises( - ObjectCategoryScopeAddNotAuthorized, + AuthzException, self.manager.set_object_scope_dict, demo_user["id"], ref["id"], object_category, new_object_category_scope) @@ -1917,7 +1918,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): # Delete the new object_category_scope self.assertRaises( - ObjectCategoryScopeDelNotAuthorized, + AuthzException, self.manager.del_object_category_scope_dict, demo_user["id"], ref["id"], object_category, new_object_category_scope) @@ -1939,7 +1940,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): # Add a particular object_category_scope self.assertRaises( - ObjectCategoryScopeAddNotAuthorized, + AuthzException, self.manager.add_object_scope_dict, demo_user["id"], ref["id"], object_category, new_object_category_scope[new_object_category_scope_uuid] @@ -1982,7 +1983,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): for action_category in action_categories["action_categories"]: self.assertRaises( - ActionCategoryScopeReadNotAuthorized, + AuthzException, self.manager.get_object_scopes_dict, demo_user["id"], ref["id"], action_category) @@ -2002,7 +2003,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): new_action_category_scope[new_action_category_scope_uuid] = "new_action_category_scope" self.assertRaises( - ActionCategoryScopeAddNotAuthorized, + AuthzException, self.manager.set_action_scope_dict, demo_user["id"], ref["id"], action_category, new_action_category_scope) @@ -2021,7 +2022,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): # Delete the new action_category_scope self.assertRaises( - ActionCategoryScopeDelNotAuthorized, + AuthzException, self.manager.del_action_category_scope_dict, demo_user["id"], ref["id"], action_category, new_action_category_scope_uuid @@ -2045,7 +2046,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): # Add a particular action_category_scope self.assertRaises( - ActionCategoryScopeAddNotAuthorized, + AuthzException, self.manager.add_action_scope_dict, demo_user["id"], ref["id"], action_category, new_action_category_scope[new_action_category_scope_uuid] @@ -2137,7 +2138,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): subject_category_scope["subject_category_scope"][subject_category].values()) self.assertRaises( - SubjectCategoryAssignmentReadNotAuthorized, + AuthzException, self.manager.get_subject_assignment_dict, demo_user["id"], ref["id"], new_subject["id"]) @@ -2154,7 +2155,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): self.assertEqual({}, subject_category_assignments["subject_category_assignments"][new_subject["id"]]) self.assertRaises( - SubjectCategoryAssignmentAddNotAuthorized, + AuthzException, self.manager.set_subject_assignment_dict, demo_user["id"], ref["id"], new_subject["id"], { @@ -2193,7 +2194,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): subject_category_assignments["subject_category_assignments"][new_subject["id"]]) self.assertRaises( - SubjectCategoryAssignmentDelNotAuthorized, + AuthzException, self.manager.del_subject_category_assignment_dict, demo_user["id"], ref["id"], new_subject["id"], new_subject_category_uuid, @@ -2222,7 +2223,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): subject_category_assignments["subject_category_assignments"][new_subject["id"]]) self.assertRaises( - SubjectCategoryAssignmentAddNotAuthorized, + AuthzException, self.manager.add_subject_assignment_list, demo_user["id"], ref["id"], new_subject["id"], new_subject_category_uuid, @@ -2316,7 +2317,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): object_category_scope["object_category_scope"][object_category].values()) self.assertRaises( - ObjectCategoryAssignmentReadNotAuthorized, + AuthzException, self.manager.get_object_assignment_list, demo_user["id"], ref["id"], new_object["id"] ) @@ -2334,7 +2335,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): self.assertEqual({}, object_category_assignments["object_category_assignments"][new_object["id"]]) self.assertRaises( - ObjectCategoryAssignmentAddNotAuthorized, + AuthzException, self.manager.set_object_category_assignment_dict, demo_user["id"], ref["id"], new_object["id"], { @@ -2373,7 +2374,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): object_category_assignments["object_category_assignments"][new_object["id"]]) self.assertRaises( - ObjectCategoryAssignmentDelNotAuthorized, + AuthzException, self.manager.del_object_category_assignment_dict, demo_user["id"], ref["id"], new_object["id"], new_object_category_uuid, @@ -2402,7 +2403,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): object_category_assignments["object_category_assignments"][new_object["id"]]) self.assertRaises( - ObjectCategoryAssignmentAddNotAuthorized, + AuthzException, self.manager.add_object_assignment_list, demo_user["id"], ref["id"], new_object["id"], new_object_category_uuid, @@ -2496,7 +2497,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): action_category_scope["action_category_scope"][action_category].values()) self.assertRaises( - ActionCategoryAssignmentReadNotAuthorized, + AuthzException, self.manager.get_action_assignment_list, demo_user["id"], ref["id"], new_action["id"] ) @@ -2514,7 +2515,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): self.assertEqual({}, action_category_assignments["action_category_assignments"][new_action["id"]]) self.assertRaises( - ActionCategoryAssignmentAddNotAuthorized, + AuthzException, self.manager.set_action_assignment_dict, demo_user["id"], ref["id"], new_action["id"], { @@ -2553,7 +2554,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): action_category_assignments["action_category_assignments"][new_action["id"]]) self.assertRaises( - ActionCategoryAssignmentDelNotAuthorized, + AuthzException, self.manager.del_action_category_assignment_dict, demo_user["id"], ref["id"], new_action["id"], new_action_category_uuid, @@ -2582,7 +2583,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): action_category_assignments["action_category_assignments"][new_action["id"]]) self.assertRaises( - ActionCategoryAssignmentAddNotAuthorized, + AuthzException, self.manager.add_action_assignment_list, demo_user["id"], ref["id"], new_action["id"], new_action_category_uuid, @@ -2623,7 +2624,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): self.assertIn("test_aggregation", aggregation_algorithms["aggregation_algorithms"]) self.assertRaises( - MetaRuleReadNotAuthorized, + AuthzException, self.manager.get_aggregation_algorithm_dict, demo_user["id"], ref["id"] ) @@ -2637,7 +2638,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): _aggregation_algorithm.remove(aggregation_algorithm["aggregation"]) self.assertRaises( - MetaRuleAddNotAuthorized, + AuthzException, self.manager.set_aggregation_algorithms, demo_user["id"], ref["id"], _aggregation_algorithm[0] ) @@ -2648,7 +2649,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): self.assertIn(aggregation_algorithm["aggregation"], aggregation_algorithms["aggregation_algorithms"]) self.assertRaises( - MetaRuleReadNotAuthorized, + AuthzException, self.manager.get_sub_meta_rules_dict, demo_user["id"], ref["id"] ) @@ -2700,7 +2701,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): metarule[relation]["subject_categories"].append(new_subject_category["id"]) self.assertRaises( - MetaRuleAddNotAuthorized, + AuthzException, self.manager.get_sub_meta_rule_dict, demo_user["id"], ref["id"], metarule ) @@ -2723,7 +2724,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): self.assertIn("sub_meta_rules", sub_meta_rules) self.assertRaises( - RuleReadNotAuthorized, + AuthzException, self.manager.get_sub_rules, demo_user["id"], ref["id"] ) @@ -2770,7 +2771,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): sub_rule.append(True) self.assertRaises( - RuleAddNotAuthorized, + AuthzException, self.manager.set_sub_rules, demo_user["id"], ref["id"], relation, sub_rule ) diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py index 80c0598e..8887049f 100644 --- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py +++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py @@ -89,32 +89,32 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): IE["policymodel"] = policy_model IE["name"] = uuid.uuid4().hex - ref = self.admin_manager.load_intra_extension_dict(IE) + ref = self.admin_manager.load_intra_extension_dict(DEFAULT_USER_ID, IE) self.assertIsInstance(ref, dict) return ref def test_tenant_exceptions(self): self.assertRaises( - TenantListEmpty, + TenantUnknown, self.manager.get_tenant_dict ) self.assertRaises( - TenantIDNotFound, + TenantUnknown, self.manager.get_tenant_name, uuid.uuid4().hex ) self.assertRaises( - TenantIDNotFound, + TenantUnknown, self.manager.set_tenant_name, uuid.uuid4().hex, uuid.uuid4().hex ) self.assertRaises( - TenantIDNotFound, + TenantUnknown, self.manager.get_extension_uuid, uuid.uuid4().hex, "authz" ) self.assertRaises( - TenantIDNotFound, + TenantUnknown, self.manager.get_extension_uuid, uuid.uuid4().hex, "admin" ) @@ -155,7 +155,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): # Test when subject is unknown self.assertRaises( - SubjectUnknown, + AuthzException, self.manager.authz, ie_authz["id"], uuid.uuid4().hex, uuid.uuid4().hex, uuid.uuid4().hex ) @@ -169,7 +169,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): ) self.assertRaises( - ObjectUnknown, + AuthzException, self.manager.authz, ie_authz["id"], demo_user["id"], uuid.uuid4().hex, uuid.uuid4().hex ) @@ -183,7 +183,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): my_object = {"id": _tmp[0], "name": _tmp[1]} self.assertRaises( - ActionUnknown, + AuthzException, self.manager.authz, ie_authz["id"], demo_user["id"], my_object["id"], uuid.uuid4().hex ) @@ -197,7 +197,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): my_action = {"id": _tmp[0], "name": _tmp[1]} self.assertRaises( - SubjectCategoryAssignmentOutOfScope, + AuthzException, self.manager.authz, ie_authz["id"], demo_user["id"], my_object["id"], my_action["id"] ) @@ -219,7 +219,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): my_subject_scope = {"id": _tmp[0], "name": _tmp[1]} self.assertRaises( - ObjectCategoryAssignmentOutOfScope, + AuthzException, self.manager.authz, ie_authz["id"], demo_user["id"], my_object["id"], my_action["id"] ) @@ -241,7 +241,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): my_object_scope = {"id": _tmp[0], "name": _tmp[1]} self.assertRaises( - ActionCategoryAssignmentOutOfScope, + AuthzException, self.manager.authz, ie_authz["id"], demo_user["id"], my_object["id"], my_action["id"] ) @@ -263,7 +263,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): my_action_scope = {"id": _tmp[0], "name": _tmp[1]} self.assertRaises( - SubjectCategoryAssignmentUnknown, + AuthzException, self.manager.authz, ie_authz["id"], demo_user["id"], my_object["id"], my_action["id"] ) @@ -278,7 +278,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): ) self.assertRaises( - ObjectCategoryAssignmentUnknown, + AuthzException, self.manager.authz, ie_authz["id"], demo_user["id"], my_object["id"], my_action["id"] ) @@ -293,7 +293,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): ) self.assertRaises( - ActionCategoryAssignmentUnknown, + AuthzException, self.manager.authz, ie_authz["id"], demo_user["id"], my_object["id"], my_action["id"] ) @@ -308,7 +308,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): ) self.assertRaises( - RuleUnknown, + AuthzException, self.manager.authz, ie_authz["id"], demo_user["id"], my_object["id"], my_action["id"] ) @@ -357,19 +357,19 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): new_subjects = dict() new_subjects[new_subject["id"]] = new_subject["name"] self.assertRaises( - SubjectAddNotAuthorized, + AuthzException, self.manager.set_subject_dict, admin_user["id"], ref["id"], new_subjects) # Delete the new subject self.assertRaises( - SubjectDelNotAuthorized, + AuthzException, self.manager.del_subject, admin_user["id"], ref["id"], new_subject["id"]) # Add a particular subject self.assertRaises( - SubjectAddNotAuthorized, + AuthzException, self.manager.add_subject_dict, admin_user["id"], ref["id"], new_subject["id"]) @@ -393,19 +393,19 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): new_objects = dict() new_objects[new_object["id"]] = new_object["name"] self.assertRaises( - ObjectAddNotAuthorized, + AuthzException, self.manager.set_object_dict, admin_user["id"], ref["id"], new_object["id"]) # Delete the new object self.assertRaises( - ObjectDelNotAuthorized, + AuthzException, self.manager.del_object, admin_user["id"], ref["id"], new_object["id"]) # Add a particular object self.assertRaises( - ObjectAddNotAuthorized, + AuthzException, self.manager.add_object_dict, admin_user["id"], ref["id"], new_object["name"]) @@ -429,19 +429,19 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): new_actions = dict() new_actions[new_action["id"]] = new_action["name"] self.assertRaises( - ActionAddNotAuthorized, + AuthzException, self.manager.set_action_dict, admin_user["id"], ref["id"], new_actions) # Delete the new action self.assertRaises( - ActionDelNotAuthorized, + AuthzException, self.manager.del_action, admin_user["id"], ref["id"], new_action["id"]) # Add a particular action self.assertRaises( - ActionAddNotAuthorized, + AuthzException, self.manager.add_action_dict, admin_user["id"], ref["id"], new_action["id"]) @@ -465,19 +465,19 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): new_subject_categories = dict() new_subject_categories[new_subject_category["id"]] = new_subject_category["name"] self.assertRaises( - SubjectCategoryAddNotAuthorized, + AuthzException, self.manager.set_subject_category_dict, admin_user["id"], ref["id"], new_subject_categories) # Delete the new subject_category self.assertRaises( - SubjectCategoryDelNotAuthorized, + AuthzException, self.manager.del_subject_category, admin_user["id"], ref["id"], new_subject_category["id"]) # Add a particular subject_category self.assertRaises( - SubjectCategoryAddNotAuthorized, + AuthzException, self.manager.add_subject_category, admin_user["id"], ref["id"], new_subject_category["name"]) @@ -501,19 +501,19 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): new_object_categories = dict() new_object_categories[new_object_category["id"]] = new_object_category["name"] self.assertRaises( - ObjectCategoryAddNotAuthorized, + AuthzException, self.manager.set_object_category_dict, admin_user["id"], ref["id"], new_object_categories) # Delete the new object_category self.assertRaises( - ObjectCategoryDelNotAuthorized, + AuthzException, self.manager.del_object_category, admin_user["id"], ref["id"], new_object_category["id"]) # Add a particular object_category self.assertRaises( - ObjectCategoryAddNotAuthorized, + AuthzException, self.manager.add_object_category, admin_user["id"], ref["id"], new_object_category["name"]) @@ -537,19 +537,19 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): new_action_categories = dict() new_action_categories[new_action_category["id"]] = new_action_category["name"] self.assertRaises( - ActionCategoryAddNotAuthorized, + AuthzException, self.manager.set_action_category_dict, admin_user["id"], ref["id"], new_action_categories) # Delete the new action_category self.assertRaises( - ActionCategoryDelNotAuthorized, + AuthzException, self.manager.del_action_category, admin_user["id"], ref["id"], new_action_category["id"]) # Add a particular action_category self.assertRaises( - ActionCategoryAddNotAuthorized, + AuthzException, self.manager.add_action_category, admin_user["id"], ref["id"], new_action_category["name"]) @@ -586,19 +586,19 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): new_subject_category_scope_uuid = uuid.uuid4().hex new_subject_category_scope[new_subject_category_scope_uuid] = "new_subject_category_scope" self.assertRaises( - SubjectCategoryScopeAddNotAuthorized, + AuthzException, self.manager.set_subject_scope_dict, admin_user["id"], ref["id"], subject_category, new_subject_category_scope) # Delete the new subject_category_scope self.assertRaises( - SubjectCategoryScopeDelNotAuthorized, + AuthzException, self.manager.del_subject_scope, admin_user["id"], ref["id"], subject_category, new_subject_category_scope_uuid) # Add a particular subject_category_scope self.assertRaises( - SubjectCategoryScopeAddNotAuthorized, + AuthzException, self.manager.add_subject_scope_dict, admin_user["id"], ref["id"], subject_category, new_subject_category_scope[new_subject_category_scope_uuid]) @@ -635,19 +635,19 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): new_object_category_scope_uuid = uuid.uuid4().hex new_object_category_scope[new_object_category_scope_uuid] = "new_object_category_scope" self.assertRaises( - ObjectCategoryScopeAddNotAuthorized, + AuthzException, self.manager.set_object_scope_dict, admin_user["id"], ref["id"], object_category, new_object_category_scope) # Delete the new object_category_scope self.assertRaises( - ObjectCategoryScopeDelNotAuthorized, + AuthzException, self.manager.del_object_scope, admin_user["id"], ref["id"], object_category, new_object_category_scope_uuid) # Add a particular object_category_scope self.assertRaises( - ObjectCategoryScopeAddNotAuthorized, + AuthzException, self.manager.add_object_scope_dict, admin_user["id"], ref["id"], object_category, new_object_category_scope[new_object_category_scope_uuid]) @@ -684,19 +684,19 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): new_action_category_scope_uuid = uuid.uuid4().hex new_action_category_scope[new_action_category_scope_uuid] = "new_action_category_scope" self.assertRaises( - ActionCategoryScopeAddNotAuthorized, + AuthzException, self.manager.set_action_scope_dict, admin_user["id"], ref["id"], action_category, new_action_category_scope) # Delete the new action_category_scope self.assertRaises( - ActionCategoryScopeDelNotAuthorized, + AuthzException, self.manager.del_action_scope, admin_user["id"], ref["id"], action_category, new_action_category_scope_uuid) # Add a particular action_category_scope self.assertRaises( - ActionCategoryScopeAddNotAuthorized, + AuthzException, self.manager.add_action_scope_dict, admin_user["id"], ref["id"], action_category, new_action_category_scope[new_action_category_scope_uuid]) @@ -780,7 +780,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): self.assertEqual({}, subject_category_assignments["subject_category_assignments"][new_subject["id"]]) self.assertRaises( - SubjectCategoryAssignmentAddNotAuthorized, + AuthzException, self.manager.set_subject_assignment_dict, admin_user["id"], ref["id"], new_subject["id"], { @@ -788,14 +788,14 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): }) self.assertRaises( - SubjectCategoryAssignmentDelNotAuthorized, + AuthzException, self.manager.del_subject_assignment, admin_user["id"], ref["id"], new_subject["id"], new_subject_category_uuid, new_subject_category_scope_uuid) self.assertRaises( - SubjectCategoryAssignmentAddNotAuthorized, + AuthzException, self.manager.add_subject_assignment_list, admin_user["id"], ref["id"], new_subject["id"], new_subject_category_uuid, @@ -881,7 +881,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): self.assertEqual({}, object_category_assignments["object_category_assignments"][new_object["id"]]) self.assertRaises( - ObjectCategoryAssignmentAddNotAuthorized, + AuthzException, self.manager.set_object_category_assignment_dict, admin_user["id"], ref["id"], new_object["id"], { @@ -889,14 +889,14 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): }) self.assertRaises( - ObjectCategoryAssignmentDelNotAuthorized, + AuthzException, self.manager.del_object_assignment, admin_user["id"], ref["id"], new_object["id"], new_object_category_uuid, new_object_category_scope_uuid) self.assertRaises( - ObjectCategoryAssignmentAddNotAuthorized, + AuthzException, self.manager.add_object_assignment_list, admin_user["id"], ref["id"], new_object["id"], new_object_category_uuid, @@ -982,7 +982,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): self.assertEqual({}, action_category_assignments["action_category_assignments"][new_action["id"]]) self.assertRaises( - ActionCategoryAssignmentAddNotAuthorized, + AuthzException, self.manager.set_action_assignment_dict, admin_user["id"], ref["id"], new_action["id"], { @@ -990,7 +990,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): }) self.assertRaises( - ActionCategoryAssignmentDelNotAuthorized, + AuthzException, self.manager.del_action_assignment, admin_user["id"], ref["id"], new_action["id"], new_action_category_uuid, @@ -1025,7 +1025,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): _aggregation_algorithm = list(aggregation_algorithms["aggregation_algorithms"]) _aggregation_algorithm.remove(aggregation_algorithm["aggregation"]) self.assertRaises( - MetaRuleAddNotAuthorized, + AuthzException, self.manager.set_aggregation_algorithm_dict, admin_user["id"], ref["id"], _aggregation_algorithm[0]) @@ -1075,7 +1075,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): self.assertIn(new_subject_category["id"], subject_categories["subject_categories"]) metarule[relation]["subject_categories"].append(new_subject_category["id"]) self.assertRaises( - MetaRuleAddNotAuthorized, + AuthzException, self.manager.get_sub_meta_rule_dict, admin_user["id"], ref["id"], metarule) @@ -1131,7 +1131,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): sub_rule.append(scope[func_name][cat_value].keys()[0]) self.assertRaises( - RuleAddNotAuthorized, + AuthzException, self.manager.set_sub_rule, admin_user["id"], ref["id"], relation, sub_rule) diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_log.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_log.py index f38d68ab..b2fb131f 100644 --- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_log.py +++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_log.py @@ -17,6 +17,7 @@ from keystone import resource from keystone.contrib.moon.exception import * from keystone.tests.unit import default_fixtures from keystone.contrib.moon.core import LogManager, TenantManager +from keystone.contrib.moon.core import DEFAULT_USER_ID CONF = cfg.CONF @@ -67,7 +68,7 @@ class TestIntraExtensionAdminManager(tests.TestCase): # Create the admin user because IntraExtension needs it self.admin = self.identity_api.create_user(USER_ADMIN) IE["policymodel"] = policy_model - self.ref = self.manager.load_intra_extension_dict(IE) + self.ref = self.manager.load_intra_extension_dict(DEFAULT_USER_ID, IE) self.assertIsInstance(self.ref, dict) self.create_tenant(self.ref["id"]) diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py index 2ac70f6e..dda1cac8 100644 --- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py +++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py @@ -135,9 +135,9 @@ class TestTenantManager(tests.TestCase): self.assertEqual(data, new_mapping[_uuid]["admin"]) def test_exception_tenantunknown(self): - self.assertRaises(TenantIDNotFound, self.manager.get_tenant_name_from_id, uuid.uuid4().hex) - self.assertRaises(TenantIDNotFound, self.manager.set_tenant_name, uuid.uuid4().hex, "new name") - self.assertRaises(TenantIDNotFound, self.manager.get_extension_id, uuid.uuid4().hex) + self.assertRaises(TenantNotFound, self.manager.get_tenant_name_from_id, uuid.uuid4().hex) + self.assertRaises(TenantNotFound, self.manager.set_tenant_name, uuid.uuid4().hex, "new name") + self.assertRaises(TenantNotFound, self.manager.get_extension_id, uuid.uuid4().hex) _uuid = uuid.uuid4().hex new_mapping = { _uuid: { @@ -154,7 +154,7 @@ class TestTenantManager(tests.TestCase): ) self.assertEquals(_uuid, data["id"]) self.assertRaises(IntraExtensionUnknown, self.manager.get_extension_id, _uuid, "admin") - self.assertRaises(TenantIDNotFound, self.manager.get_tenant_uuid, uuid.uuid4().hex) + self.assertRaises(TenantNotFound, self.manager.get_tenant_uuid, uuid.uuid4().hex) # self.assertRaises(AdminIntraExtensionNotFound, self.manager.get_admin_extension_uuid, uuid.uuid4().hex) def test_exception_tenantaddednameexisting(self): |