diff options
5 files changed, 427 insertions, 142 deletions
diff --git a/keystone-moon/keystone/contrib/moon/backends/sql.py b/keystone-moon/keystone/contrib/moon/backends/sql.py index 5f76e235..1b164dec 100644 --- a/keystone-moon/keystone/contrib/moon/backends/sql.py +++ b/keystone-moon/keystone/contrib/moon/backends/sql.py @@ -17,7 +17,7 @@ from keystone.contrib.moon import IntraExtensionDriver from keystone.contrib.moon import TenantDriver # from keystone.contrib.moon import InterExtensionDriver -from keystone.contrib.moon.exception import TenantError, TenantListEmptyError +from keystone.contrib.moon.exception import TenantException, TenantListEmpty CONF = config.CONF LOG = log.getLogger(__name__) @@ -862,7 +862,7 @@ class IntraExtensionConnector(IntraExtensionDriver): raise IntraExtensionNotFound() result = copy.deepcopy(ref.to_dict()) if subject_category not in result["subject_category_scope"].keys(): - raise CategoryNotFound() + raise AuthzMetadata() result["subject_category_scope"] = {subject_category: result["subject_category_scope"][subject_category]} return result @@ -942,7 +942,7 @@ class IntraExtensionConnector(IntraExtensionDriver): raise IntraExtensionNotFound() result = copy.deepcopy(ref.to_dict()) if object_category not in result["object_category_scope"].keys(): - raise CategoryNotFound() + raise AuthzMetadata() result["object_category_scope"] = {object_category: result["object_category_scope"][object_category]} return result @@ -1022,7 +1022,7 @@ class IntraExtensionConnector(IntraExtensionDriver): raise IntraExtensionNotFound() result = copy.deepcopy(ref.to_dict()) if action_category not in result["action_category_scope"].keys(): - raise CategoryNotFound("Unknown category id {}/{}".format(action_category, result["action_category_scope"].keys())) + raise AuthzMetadata("Unknown category id {}/{}".format(action_category, result["action_category_scope"].keys())) result["action_category_scope"] = {action_category: result["action_category_scope"][action_category]} return result @@ -1442,7 +1442,7 @@ class TenantConnector(TenantDriver): # ref = query.first().to_dict() tenants = query.all() if not tenants: - raise TenantListEmptyError() + raise TenantListEmpty() return {tenant.id: Tenant.to_dict(tenant) for tenant in tenants} # return [Tenant.to_dict(tenant) for tenant in tenants] @@ -1474,7 +1474,7 @@ class TenantConnector(TenantDriver): if attr != 'id': setattr(ref, attr, getattr(new_tenant, attr)) return Tenant.to_dict(ref) - raise TenantError() + raise TenantException() # class InterExtension(sql.ModelBase, sql.DictBase): diff --git a/keystone-moon/keystone/contrib/moon/core.py b/keystone-moon/keystone/contrib/moon/core.py index 1dc23c4a..aa7fd884 100644 --- a/keystone-moon/keystone/contrib/moon/core.py +++ b/keystone-moon/keystone/contrib/moon/core.py @@ -150,20 +150,20 @@ class TenantManager(manager.Manager): """ try: return self.driver.get_tenant_dict() - except TenantListEmptyError: + except TenantListEmpty: self.moonlog_api.error(_("Tenant Mapping list is empty.")) return {} def get_tenant_name(self, tenant_uuid): _tenant_dict = self.get_tenant_dict() if tenant_uuid not in _tenant_dict: - raise TenantNotFoundError(_("Tenant UUID ({}) was not found.".format(tenant_uuid))) + raise TenantNotFound(_("Tenant UUID ({}) was not found.".format(tenant_uuid))) return _tenant_dict[tenant_uuid]["name"] def set_tenant_name(self, tenant_uuid, tenant_name): _tenant_dict = self.get_tenant_dict() if tenant_uuid not in _tenant_dict: - raise TenantNotFoundError(_("Tenant UUID ({}) was not found.".format(tenant_uuid))) + raise TenantNotFound(_("Tenant UUID ({}) was not found.".format(tenant_uuid))) _tenant_dict[tenant_uuid]['name'] = tenant_name return self.driver.set_tenant_dict(_tenant_dict) @@ -177,7 +177,7 @@ class TenantManager(manager.Manager): # 1 tenant only with 1 authz extension and 1 admin extension _tenant_dict = self.get_tenant_dict() if tenant_uuid not in _tenant_dict: - raise TenantNotFoundError(_("Tenant UUID ({}) was not found.".format(tenant_uuid))) + raise TenantNotFound(_("Tenant UUID ({}) was not found.".format(tenant_uuid))) if not _tenant_dict[tenant_uuid][scope]: raise IntraExtensionNotFound(_("No IntraExtension found for Tenant {}.".format(tenant_uuid))) return _tenant_dict[tenant_uuid][scope] @@ -186,7 +186,7 @@ class TenantManager(manager.Manager): for _tenant_uuid, _tenant_value in six.iteritems(self.get_tenant_dict()): if extension_uuid == _tenant_value["authz"] or extension_uuid == _tenant_value["admin"]: return _tenant_uuid - raise TenantNotFoundError() + raise TenantNotFound() def get_admin_extension_uuid(self, authz_extension_uuid): _tenants = self.get_tenant_dict() @@ -702,7 +702,7 @@ class IntraExtensionManager(manager.Manager): for _cat in subject_category.keys(): try: _ = self.driver.get_subject_category_scope_dict(intra_extension_uuid, _cat) - except CategoryNotFound: + except AuthzMetadata: self.driver.set_subject_category_scope_dict(intra_extension_uuid, _cat, {}) return subject_category_dict @@ -733,7 +733,7 @@ class IntraExtensionManager(manager.Manager): for _cat in object_category.keys(): try: _ = self.driver.get_object_category_scope_dict(intra_extension_uuid, _cat) - except CategoryNotFound: + except AuthzMetadata: self.driver.set_object_category_scope_dict(intra_extension_uuid, _cat, {}) return object_category_dict @@ -764,7 +764,7 @@ class IntraExtensionManager(manager.Manager): for _cat in action_category.keys(): try: _ = self.driver.get_action_category_scope_dict(intra_extension_uuid, _cat) - except CategoryNotFound: + except AuthzMetadata: self.driver.set_action_category_scope_dict(intra_extension_uuid, _cat, {}) return action_category_dict @@ -1241,127 +1241,127 @@ class IntraExtensionAuthzManager(IntraExtensionManager): return super(IntraExtensionAuthzManager, self).authz(_uuid, sub, obj, act) def delete_intra_extension(self, intra_extension_id): - raise AuthIntraExtensionModificationNotAuthorized() + raise AdminException() def set_subject_dict(self, user_name, intra_extension_uuid, subject_dict): - raise AuthIntraExtensionModificationNotAuthorized() + raise AdminException() def add_subject_dict(self, user_name, intra_extension_uuid, subject_uuid): - raise AuthIntraExtensionModificationNotAuthorized() + raise AdminException() def del_subject(self, user_name, intra_extension_uuid, subject_uuid): - raise AuthIntraExtensionModificationNotAuthorized() + raise AdminException() def set_object_dict(self, user_name, intra_extension_uuid, object_dict): - raise AuthIntraExtensionModificationNotAuthorized() + raise AdminException() def add_object_dict(self, user_name, intra_extension_uuid, object_name): - raise AuthIntraExtensionModificationNotAuthorized() + raise AdminException() def del_object(self, user_name, intra_extension_uuid, object_uuid): - raise AuthIntraExtensionModificationNotAuthorized() + raise AdminException() def set_action_dict(self, user_name, intra_extension_uuid, action_dict): - raise AuthIntraExtensionModificationNotAuthorized() + raise AdminException() def add_action_dict(self, user_name, intra_extension_uuid, action_name): - raise AuthIntraExtensionModificationNotAuthorized() + raise AdminException() def del_action(self, user_name, intra_extension_uuid, action_uuid): - raise AuthIntraExtensionModificationNotAuthorized() + raise AdminException() def set_subject_category_dict(self, user_name, intra_extension_uuid, subject_category): - raise AuthIntraExtensionModificationNotAuthorized() + raise AdminException() def add_subject_category_dict(self, user_name, intra_extension_uuid, subject_category_name): - raise AuthIntraExtensionModificationNotAuthorized() + raise AdminException() def del_subject_category(self, user_name, intra_extension_uuid, subject_uuid): - raise AuthIntraExtensionModificationNotAuthorized() + raise AdminException() def set_object_category_dict(self, user_name, intra_extension_uuid, object_category): - raise AuthIntraExtensionModificationNotAuthorized() + raise AdminException() def add_object_category_dict(self, user_name, intra_extension_uuid, object_category_name): - raise AuthIntraExtensionModificationNotAuthorized() + raise AdminException() def del_object_category(self, user_name, intra_extension_uuid, object_uuid): - raise AuthIntraExtensionModificationNotAuthorized() + raise AdminException() def set_action_category_dict(self, user_name, intra_extension_uuid, action_category): - raise AuthIntraExtensionModificationNotAuthorized() + raise AdminException() def add_action_category_dict(self, user_name, intra_extension_uuid, action_category_name): - raise AuthIntraExtensionModificationNotAuthorized() + raise AdminException() def del_action_category(self, user_name, intra_extension_uuid, action_uuid): - raise AuthIntraExtensionModificationNotAuthorized() + raise AdminException() def set_subject_category_scope_dict(self, user_name, intra_extension_uuid, category, scope): - raise AuthIntraExtensionModificationNotAuthorized() + raise AdminException() def add_subject_category_scope_dict(self, user_name, intra_extension_uuid, subject_category, scope_name): - raise AuthIntraExtensionModificationNotAuthorized() + raise AdminException() def del_subject_category_scope(self, user_name, intra_extension_uuid, subject_category, subject_category_scope): - raise AuthIntraExtensionModificationNotAuthorized() + raise AdminException() def set_object_category_scope_dict(self, user_name, intra_extension_uuid, category, scope): - raise AuthIntraExtensionModificationNotAuthorized() + raise AdminException() def add_object_category_scope_dict(self, user_name, intra_extension_uuid, object_category, scope_name): - raise AuthIntraExtensionModificationNotAuthorized() + raise AdminException() def del_object_category_scope(self, user_name, intra_extension_uuid, object_category, object_category_scope): - raise AuthIntraExtensionModificationNotAuthorized() + raise AdminException() def set_action_category_scope_dict(self, user_name, intra_extension_uuid, category, scope): - raise AuthIntraExtensionModificationNotAuthorized() + raise AdminException() def add_action_category_scope_dict(self, user_name, intra_extension_uuid, action_category, scope_name): - raise AuthIntraExtensionModificationNotAuthorized() + raise AdminException() def del_action_category_scope(self, user_name, intra_extension_uuid, action_category, action_category_scope): - raise AuthIntraExtensionModificationNotAuthorized() + raise AdminException() def set_subject_category_assignment_dict(self, user_name, intra_extension_uuid, subject_uuid, assignment_dict): - raise AuthIntraExtensionModificationNotAuthorized() + raise AdminException() def del_subject_category_assignment(self, user_name, intra_extension_uuid, subject_uuid, category_uuid, scope_uuid): - raise AuthIntraExtensionModificationNotAuthorized() + raise AdminException() def add_subject_category_assignment_dict(self, user_name, intra_extension_uuid, subject_uuid, category_uuid, scope_uuid): - raise AuthIntraExtensionModificationNotAuthorized() + raise AdminException() def set_object_category_assignment_dict(self, user_name, intra_extension_uuid, object_uuid, assignment_dict): - raise AuthIntraExtensionModificationNotAuthorized() + raise AdminException() def del_object_category_assignment(self, user_name, intra_extension_uuid, object_uuid, category_uuid, scope_uuid): - raise AuthIntraExtensionModificationNotAuthorized() + raise AdminException() def add_object_category_assignment_dict(self, user_name, intra_extension_uuid, object_uuid, category_uuid, scope_uuid): - raise AuthIntraExtensionModificationNotAuthorized() + raise AdminException() def set_action_category_assignment_dict(self, user_name, intra_extension_uuid, action_uuid, assignment_dict): - raise AuthIntraExtensionModificationNotAuthorized() + raise AdminException() def del_action_category_assignment(self, user_name, intra_extension_uuid, action_uuid, category_uuid, scope_uuid): - raise AuthIntraExtensionModificationNotAuthorized() + raise AdminException() def add_action_category_assignment_dict(self, user_name, intra_extension_uuid, action_uuid, category_uuid, scope_uuid): - raise AuthIntraExtensionModificationNotAuthorized() + raise AdminException() def set_aggregation_algorithm(self, user_name, intra_extension_uuid, aggregation_algorithm): - raise AuthIntraExtensionModificationNotAuthorized() + raise AdminException() def set_sub_meta_rule(self, user_name, intra_extension_uuid, sub_meta_rules): - raise AuthIntraExtensionModificationNotAuthorized() + raise AdminException() def set_sub_rule(self, user_name, intra_extension_uuid, relation, sub_rule): - raise AuthIntraExtensionModificationNotAuthorized() + raise AdminException() def del_sub_rule(self, user_name, intra_extension_uuid, relation_name, rule): - raise AuthIntraExtensionModificationNotAuthorized() + raise AdminException() @dependency.provider('admin_api') @dependency.requires('identity_api', 'moonlog_api', 'tenant_api') diff --git a/keystone-moon/keystone/contrib/moon/exception.py b/keystone-moon/keystone/contrib/moon/exception.py index 20a7d737..b0ec740b 100644 --- a/keystone-moon/keystone/contrib/moon/exception.py +++ b/keystone-moon/keystone/contrib/moon/exception.py @@ -7,106 +7,391 @@ from keystone.common import dependency from keystone.exception import Error from keystone.i18n import _, _LW + +class MoonErrorMetaClass(type): + + def __init__(cls, name, bases, dct): + super(MoonErrorMetaClass, cls).__init__(name, bases, dct) + cls.hierarchy += "/"+str(name) + + @dependency.requires('moonlog_api') -class TenantError(Error): - message_format = _("There is an error requesting this tenant" - " the server could not comply with the request" - " since it is either malformed or otherwise" - " incorrect. The client is assumed to be in error.") +class MoonError(Error): + __metaclass__ = MoonErrorMetaClass + hierarchy = "" + message_format = _("There is an error requesting the Moon platform.") code = 400 - title = 'Tenant Error' + title = 'Moon Error' logger = "ERROR" def __del__(self): + message = "{} ({})".format(self.hierarchy, self.message_format) if self.logger == "ERROR": - self.moonlog_api.error(self.message_format) + self.moonlog_api.error(message) elif self.logger == "WARNING": - self.moonlog_api.warning(self.message_format) + self.moonlog_api.warning(message) elif self.logger == "CRITICAL": - self.moonlog_api.critical(self.message_format) + self.moonlog_api.critical(message) elif self.logger == "AUTHZ": - self.moonlog_api.authz(self.message_format) - self.moonlog_api.error(self.message_format) + self.moonlog_api.authz(self.hierarchy) + self.moonlog_api.error(message) else: - self.moonlog_api.info(self.message_format) + self.moonlog_api.info(message) + +# Exceptions for Tenant + + +class TenantException(MoonError): + message_format = _("There is an error requesting this tenant.") + code = 400 + title = 'Tenant Error' + logger = "ERROR" -class TenantListEmptyError(TenantError): +class TenantListEmpty(TenantException): message_format = _("The tenant list mapping is empty, you must set the mapping first.") code = 400 title = 'Tenant List Empty Error' + logger = "WARNING" -class TenantNotFoundError(TenantError): +class TenantNotFound(TenantException): message_format = _("The tenant UUID was not found.") code = 400 title = 'Tenant UUID Not Found Error' -class IntraExtensionError(TenantError): - message_format = _("There is an error requesting this IntraExtension.") - code = 400 - title = 'Extension Error' +# Exceptions for IntraExtension -class CategoryNotFound(IntraExtensionError): - message_format = _("The category is unknown.") +class IntraExtensionException(MoonError): + message_format = _("There is an error requesting this IntraExtension.") code = 400 title = 'Extension Error' - logger = "WARNING" -class IntraExtensionUnMapped(TenantError): +class IntraExtensionUnMapped(IntraExtensionException): message_format = _("The Extension is not mapped to a tenant.") code = 400 title = 'Extension UUID Not Found Error' logger = "WARNING" -class IntraExtensionNotFound(IntraExtensionError): +class IntraExtensionNotFound(IntraExtensionException): message_format = _("The Extension for that tenant is unknown.") code = 400 title = 'Extension UUID Not Found Error' logger = "WARNING" -class IntraExtensionNotAuthorized(IntraExtensionError): - message_format = _("User has no authorization for that action.") +class IntraExtensionCreationError(IntraExtensionException): + message_format = _("The arguments for the creation of this Extension were malformed.") code = 400 - title = 'Authorization Error' + title = 'Intra Extension Creation Error' + + +# Authz exceptions + + +class AuthzException(MoonError): + message_format = _("There is an error requesting this Authz IntraExtension.") + code = 400 + title = 'Authz Exception' logger = "AUTHZ" -class AdminIntraExtensionNotFound(IntraExtensionNotFound): - message_format = _("The admin Extension for that tenant is unknown.") +class AuthzPerimeter(AuthzException): + code = 400 + title = 'Perimeter Exception' + + +class AuthzScope(AuthzException): + code = 400 + title = 'Scope Exception' + + +class AuthzMetadata(AuthzException): + code = 400 + title = 'Metadata Exception' + + +class AuthzAssignment(AuthzException): + code = 400 + title = 'Assignment Exception' + + +class AuthzRule(AuthzException): + code = 400 + title = 'Rule Exception' + + +class SubjectUnknown(AuthzPerimeter): + message_format = _("The given subject is unknown.") + code = 400 + title = 'Subject Unknown' + logger = "ERROR" + + +class ObjectUnknown(AuthzPerimeter): + message_format = _("The given object is unknown.") code = 400 - title = 'Admin Extension UUID Not Found Error' + title = 'Object Unknown' + logger = "ERROR" + + +class ActionUnknown(AuthzPerimeter): + message_format = _("The given action is unknown.") + code = 400 + title = 'Action Unknown' + logger = "ERROR" + + +class SubjectCategoryAssignmentOutOfScope(AuthzScope): + message_format = _("The given subject category scope value is out of scope.") + code = 400 + title = 'Subject Category Assignment Out Of Scope' logger = "WARNING" -class AdminIntraExtensionCreationError(IntraExtensionError): - message_format = _("The arguments for the creation of this admin Extension were malformed.") +class ActionCategoryAssignmentOutOfScope(AuthzScope): + message_format = _("The given action category scope value is out of scope.") code = 400 - title = 'Admin Extension Creation Error' + title = 'Action Category Assignment Out Of Scope' + logger = "WARNING" -class AdminIntraExtensionModificationNotAuthorized(IntraExtensionError): - message_format = _("The modification of this admin Extension is not authorizaed.") +class ObjectCategoryAssignmentOutOfScope(AuthzScope): + message_format = _("The given object category scope value is out of scope.") code = 400 - title = 'Admin Extension Creation Error' - logger = "AUTHZ" + title = 'Object Category Assignment Out Of Scope' + logger = "WARNING" -class AuthIntraExtensionModificationNotAuthorized(IntraExtensionError): - message_format = _("The modification of this authz Extension is not authorizaed.") + +class SubjectCategoryAssignmentUnknown(AuthzAssignment): + message_format = _("The given subject category assignment value is unknown.") code = 400 - title = 'Authz Extension Creation Error' - logger = "AUTHZ" + title = 'Subject Category Assignment Unknown' + logger = "ERROR" + + +class ObjectCategoryAssignmentUnknown(AuthzAssignment): + message_format = _("The given object category assignment value is unknown.") + code = 400 + title = 'Object Category Assignment Unknown' + logger = "ERROR" -class AuthzIntraExtensionNotFound(IntraExtensionNotFound): - message_format = _("The authz Extension for that tenant is unknown.") +class ActionCategoryAssignmentUnknown(AuthzAssignment): + message_format = _("The given action category assignment value is unknown.") code = 400 - title = 'Authz Extension UUID Not Found Error' + title = 'Action Category Assignment Unknown' + logger = "ERROR" + + +class RuleOKNotExisting(AuthzRule): + message_format = _("The positive rule for that request doen't exist.") + code = 400 + title = 'Rule OK Not Existing' logger = "WARNING" + +class RuleKOExisting(AuthzRule): + message_format = _("The request match a negative rule.") + code = 400 + title = 'Rule KO Existing' + logger = "ERROR" + + +class RuleUnknown(AuthzRule): + message_format = _("The rule for that request doesn't exist.") + code = 400 + title = 'Rule Unknown' + logger = "ERROR" + + +# Admin exceptions + + +class AdminException(MoonError): + message_format = _("There is an authorization error requesting this IntraExtension.") + code = 403 + title = 'Admin Exception' + logger = "AUTHZ" + + +class AdminPerimeter(AuthzException): + title = 'Perimeter Exception' + + +class AdminScope(AuthzException): + title = 'Scope Exception' + + +class AdminMetadata(AuthzException): + title = 'Metadata Exception' + + +class AdminAssignment(AuthzException): + title = 'Assignment Exception' + + +class AdminRule(AuthzException): + title = 'Rule Exception' + + +class SubjectReadNotAuthorized(AdminPerimeter): + title = 'Subject Read Not Authorized' + + +class SubjectAddNotAuthorized(AdminPerimeter): + title = 'Subject Add Not Authorized' + + +class SubjectDelNotAuthorized(AdminPerimeter): + title = 'Subject Del Not Authorized' + + +class ObjectReadNotAuthorized(AdminPerimeter): + title = 'Object Read Not Authorized' + + +class ObjectAddNotAuthorized(AdminPerimeter): + title = 'Object Add Not Authorized' + + +class ObjectDelNotAuthorized(AdminPerimeter): + title = 'Object Del Not Authorized' + + +class ActionReadNotAuthorized(AdminPerimeter): + title = 'Action Read Not Authorized' + + +class ActionAddNotAuthorized(AdminPerimeter): + title = 'Action Add Not Authorized' + + +class ActionDelNotAuthorized(AdminPerimeter): + title = 'Action Del Not Authorized' + + +class SubjectCategoryScopeReadNotAuthorized(AuthzException): + title = 'Subject Category Scope Read Not Authorized' + + +class SubjectCategoryScopeAddNotAuthorized(AuthzException): + title = 'Subject Category Scope Add Not Authorized' + + +class SubjectCategoryScopeDelNotAuthorized(AuthzException): + title = 'Subject Category Scope Del Not Authorized' + + +class ObjectCategoryScopeReadNotAuthorized(AuthzException): + title = 'Object Category Scope Read Not Authorized' + + +class ObjectCategoryScopeAddNotAuthorized(AuthzException): + title = 'Object Category Scope Add Not Authorized' + + +class ObjectCategoryScopeDelNotAuthorized(AuthzException): + title = 'Object Category Scope Del Not Authorized' + + +class ActionCategoryScopeReadNotAuthorized(AuthzException): + title = 'Action Category Scope Read Not Authorized' + + +class ActionCategoryScopeAddNotAuthorized(AuthzException): + title = 'Action Category Scope Add Not Authorized' + + +class ActionCategoryScopeDelNotAuthorized(AuthzException): + title = 'Action Category Scope Del Not Authorized' + + +class SubjectCategoryReadNotAuthorized(AdminMetadata): + title = 'Subject Category Read Not Authorized' + logger = "AUTHZ" + + +class SubjectCategoryAddNotAuthorized(AdminMetadata): + title = 'Subject Category Add Not Authorized' + + +class SubjectCategoryDelNotAuthorized(AdminMetadata): + title = 'Subject Category Del Not Authorized' + + +class ObjectCategoryReadNotAuthorized(AdminMetadata): + title = 'Object Category Read Not Authorized' + + +class ObjectCategoryAddNotAuthorized(AdminMetadata): + title = 'Object Category Add Not Authorized' + + +class ObjectCategoryDelNotAuthorized(AdminMetadata): + title = 'Object Category Del Not Authorized' + + +class ActionCategoryReadNotAuthorized(AdminMetadata): + title = 'Action Category Read Not Authorized' + + +class ActionCategoryAddNotAuthorized(AdminMetadata): + title = 'Action Category Add Not Authorized' + + +class ActionCategoryDelNotAuthorized(AdminMetadata): + title = 'Action Category Del Not Authorized' + + +class SubjectCategoryAssignmentReadNotAuthorized(AdminAssignment): + title = 'Subject Category Assignment Read Not Authorized' + + +class SubjectCategoryAssignmentAddNotAuthorized(AdminAssignment): + title = 'Subject Category Assignment Add Not Authorized' + + +class SubjectCategoryAssignmentDelNotAuthorized(AdminAssignment): + title = 'Subject Category Assignment Del Not Authorized' + + +class ObjectCategoryAssignmentReadNotAuthorized(AdminAssignment): + title = 'Object Category Assignment Read Not Authorized' + + +class ObjectCategoryAssignmentAddNotAuthorized(AdminAssignment): + title = 'Object Category Assignment Add Not Authorized' + + +class ObjectCategoryAssignmentDelNotAuthorized(AdminAssignment): + title = 'Object Category Assignment Del Not Authorized' + + +class ActionCategoryAssignmentReadNotAuthorized(AdminAssignment): + title = 'Action Category Assignment Read Not Authorized' + + +class ActionCategoryAssignmentAddNotAuthorized(AdminAssignment): + title = 'Action Category Assignment Add Not Authorized' + + +class ActionCategoryAssignmentDelNotAuthorized(AdminAssignment): + title = 'Action Category Assignment Del Not Authorized' + + +class RuleReadNotAuthorized(AdminRule): + title = 'Rule Read Not Authorized' + + +class RuleAddNotAuthorized(AdminRule): + title = 'Rule Add Not Authorized' + + +class RuleDelNotAuthorized(AdminRule): + title = 'Rule Del Not Authorized' diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py index 98233189..6d852780 100644 --- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py +++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py @@ -128,7 +128,7 @@ class TestIntraExtensionAuthzManager(tests.TestCase): def delete_admin_intra_extension(self): self.assertRaises( - AuthIntraExtensionModificationNotAuthorized, + AdminException, self.manager.delete_intra_extension, self.ref["id"]) @@ -147,19 +147,19 @@ class TestIntraExtensionAuthzManager(tests.TestCase): new_subjects = dict() new_subjects[new_subject["id"]] = new_subject["name"] self.assertRaises( - AuthIntraExtensionModificationNotAuthorized, + AdminException, self.manager.set_subject_dict, "admin", self.ref["id"], new_subjects) # Delete the new subject self.assertRaises( - AuthIntraExtensionModificationNotAuthorized, + AdminException, self.manager.del_subject, "admin", self.ref["id"], new_subject["id"]) # Add a particular subject self.assertRaises( - AuthIntraExtensionModificationNotAuthorized, + AdminException, self.manager.add_subject_dict, "admin", self.ref["id"], new_subject["id"]) @@ -178,19 +178,19 @@ class TestIntraExtensionAuthzManager(tests.TestCase): new_objects = dict() new_objects[new_object["id"]] = new_object["name"] self.assertRaises( - AuthIntraExtensionModificationNotAuthorized, + AdminException, self.manager.set_object_dict, "admin", self.ref["id"], new_object["id"]) # Delete the new object self.assertRaises( - AuthIntraExtensionModificationNotAuthorized, + AdminException, self.manager.del_object, "admin", self.ref["id"], new_object["id"]) # Add a particular object self.assertRaises( - AuthIntraExtensionModificationNotAuthorized, + AdminException, self.manager.add_object_dict, "admin", self.ref["id"], new_object["name"]) @@ -209,19 +209,19 @@ class TestIntraExtensionAuthzManager(tests.TestCase): new_actions = dict() new_actions[new_action["id"]] = new_action["name"] self.assertRaises( - AuthIntraExtensionModificationNotAuthorized, + AdminException, self.manager.set_action_dict, "admin", self.ref["id"], new_actions) # Delete the new action self.assertRaises( - AuthIntraExtensionModificationNotAuthorized, + AdminException, self.manager.del_action, "admin", self.ref["id"], new_action["id"]) # Add a particular action self.assertRaises( - AuthIntraExtensionModificationNotAuthorized, + AdminException, self.manager.add_action_dict, "admin", self.ref["id"], new_action["id"]) @@ -240,19 +240,19 @@ class TestIntraExtensionAuthzManager(tests.TestCase): new_subject_categories = dict() new_subject_categories[new_subject_category["id"]] = new_subject_category["name"] self.assertRaises( - AuthIntraExtensionModificationNotAuthorized, + AdminException, self.manager.set_subject_category_dict, "admin", self.ref["id"], new_subject_categories) # Delete the new subject_category self.assertRaises( - AuthIntraExtensionModificationNotAuthorized, + AdminException, self.manager.del_subject_category, "admin", self.ref["id"], new_subject_category["id"]) # Add a particular subject_category self.assertRaises( - AuthIntraExtensionModificationNotAuthorized, + AdminException, self.manager.add_subject_category_dict, "admin", self.ref["id"], new_subject_category["name"]) @@ -271,19 +271,19 @@ class TestIntraExtensionAuthzManager(tests.TestCase): new_object_categories = dict() new_object_categories[new_object_category["id"]] = new_object_category["name"] self.assertRaises( - AuthIntraExtensionModificationNotAuthorized, + AdminException, self.manager.set_object_category_dict, "admin", self.ref["id"], new_object_categories) # Delete the new object_category self.assertRaises( - AuthIntraExtensionModificationNotAuthorized, + AdminException, self.manager.del_object_category, "admin", self.ref["id"], new_object_category["id"]) # Add a particular object_category self.assertRaises( - AuthIntraExtensionModificationNotAuthorized, + AdminException, self.manager.add_object_category_dict, "admin", self.ref["id"], new_object_category["name"]) @@ -302,19 +302,19 @@ class TestIntraExtensionAuthzManager(tests.TestCase): new_action_categories = dict() new_action_categories[new_action_category["id"]] = new_action_category["name"] self.assertRaises( - AuthIntraExtensionModificationNotAuthorized, + AdminException, self.manager.set_action_category_dict, "admin", self.ref["id"], new_action_categories) # Delete the new action_category self.assertRaises( - AuthIntraExtensionModificationNotAuthorized, + AdminException, self.manager.del_action_category, "admin", self.ref["id"], new_action_category["id"]) # Add a particular action_category self.assertRaises( - AuthIntraExtensionModificationNotAuthorized, + AdminException, self.manager.add_action_category_dict, "admin", self.ref["id"], new_action_category["name"]) @@ -346,19 +346,19 @@ class TestIntraExtensionAuthzManager(tests.TestCase): new_subject_category_scope_uuid = uuid.uuid4().hex new_subject_category_scope[new_subject_category_scope_uuid] = "new_subject_category_scope" self.assertRaises( - AuthIntraExtensionModificationNotAuthorized, + AdminException, self.manager.set_subject_category_scope_dict, "admin", self.ref["id"], subject_category, new_subject_category_scope) # Delete the new subject_category_scope self.assertRaises( - AuthIntraExtensionModificationNotAuthorized, + AdminException, self.manager.del_subject_category_scope, "admin", self.ref["id"], subject_category, new_subject_category_scope_uuid) # Add a particular subject_category_scope self.assertRaises( - AuthIntraExtensionModificationNotAuthorized, + AdminException, self.manager.add_subject_category_scope_dict, "admin", self.ref["id"], subject_category, new_subject_category_scope[new_subject_category_scope_uuid]) @@ -390,19 +390,19 @@ class TestIntraExtensionAuthzManager(tests.TestCase): new_object_category_scope_uuid = uuid.uuid4().hex new_object_category_scope[new_object_category_scope_uuid] = "new_object_category_scope" self.assertRaises( - AuthIntraExtensionModificationNotAuthorized, + AdminException, self.manager.set_object_category_scope_dict, "admin", self.ref["id"], object_category, new_object_category_scope) # Delete the new object_category_scope self.assertRaises( - AuthIntraExtensionModificationNotAuthorized, + AdminException, self.manager.del_object_category_scope, "admin", self.ref["id"], object_category, new_object_category_scope_uuid) # Add a particular object_category_scope self.assertRaises( - AuthIntraExtensionModificationNotAuthorized, + AdminException, self.manager.add_object_category_scope_dict, "admin", self.ref["id"], object_category, new_object_category_scope[new_object_category_scope_uuid]) @@ -434,19 +434,19 @@ class TestIntraExtensionAuthzManager(tests.TestCase): new_action_category_scope_uuid = uuid.uuid4().hex new_action_category_scope[new_action_category_scope_uuid] = "new_action_category_scope" self.assertRaises( - AuthIntraExtensionModificationNotAuthorized, + AdminException, self.manager.set_action_category_scope_dict, "admin", self.ref["id"], action_category, new_action_category_scope) # Delete the new action_category_scope self.assertRaises( - AuthIntraExtensionModificationNotAuthorized, + AdminException, self.manager.del_action_category_scope, "admin", self.ref["id"], action_category, new_action_category_scope_uuid) # Add a particular action_category_scope self.assertRaises( - AuthIntraExtensionModificationNotAuthorized, + AdminException, self.manager.add_action_category_scope_dict, "admin", self.ref["id"], action_category, new_action_category_scope[new_action_category_scope_uuid]) @@ -525,7 +525,7 @@ class TestIntraExtensionAuthzManager(tests.TestCase): self.assertEqual({}, subject_category_assignments["subject_category_assignments"][new_subject["id"]]) self.assertRaises( - AuthIntraExtensionModificationNotAuthorized, + AdminException, self.manager.set_subject_category_assignment_dict, "admin", self.ref["id"], new_subject["id"], { @@ -533,14 +533,14 @@ class TestIntraExtensionAuthzManager(tests.TestCase): }) self.assertRaises( - AuthIntraExtensionModificationNotAuthorized, + AdminException, self.manager.del_subject_category_assignment, "admin", self.ref["id"], new_subject["id"], new_subject_category_uuid, new_subject_category_scope_uuid) self.assertRaises( - AuthIntraExtensionModificationNotAuthorized, + AdminException, self.manager.add_subject_category_assignment_dict, "admin", self.ref["id"], new_subject["id"], new_subject_category_uuid, @@ -621,7 +621,7 @@ class TestIntraExtensionAuthzManager(tests.TestCase): self.assertEqual({}, object_category_assignments["object_category_assignments"][new_object["id"]]) self.assertRaises( - AuthIntraExtensionModificationNotAuthorized, + AdminException, self.manager.set_object_category_assignment_dict, "admin", self.ref["id"], new_object["id"], { @@ -629,14 +629,14 @@ class TestIntraExtensionAuthzManager(tests.TestCase): }) self.assertRaises( - AuthIntraExtensionModificationNotAuthorized, + AdminException, self.manager.del_object_category_assignment, "admin", self.ref["id"], new_object["id"], new_object_category_uuid, new_object_category_scope_uuid) self.assertRaises( - AuthIntraExtensionModificationNotAuthorized, + AdminException, self.manager.add_object_category_assignment_dict, "admin", self.ref["id"], new_object["id"], new_object_category_uuid, @@ -717,7 +717,7 @@ class TestIntraExtensionAuthzManager(tests.TestCase): self.assertEqual({}, action_category_assignments["action_category_assignments"][new_action["id"]]) self.assertRaises( - AuthIntraExtensionModificationNotAuthorized, + AdminException, self.manager.set_action_category_assignment_dict, "admin", self.ref["id"], new_action["id"], { @@ -725,14 +725,14 @@ class TestIntraExtensionAuthzManager(tests.TestCase): }) self.assertRaises( - AuthIntraExtensionModificationNotAuthorized, + AdminException, self.manager.del_action_category_assignment, "admin", self.ref["id"], new_action["id"], new_action_category_uuid, new_action_category_scope_uuid) self.assertRaises( - AuthIntraExtensionModificationNotAuthorized, + AdminException, self.manager.add_action_category_assignment_dict, "admin", self.ref["id"], new_action["id"], new_action_category_uuid, @@ -755,7 +755,7 @@ class TestIntraExtensionAuthzManager(tests.TestCase): _aggregation_algorithm = list(aggregation_algorithms["aggregation_algorithms"]) _aggregation_algorithm.remove(aggregation_algorithm["aggregation"]) self.assertRaises( - AuthIntraExtensionModificationNotAuthorized, + AdminException, self.manager.set_aggregation_algorithm, "admin", self.ref["id"], _aggregation_algorithm[0]) @@ -805,7 +805,7 @@ class TestIntraExtensionAuthzManager(tests.TestCase): self.assertIn(new_subject_category["id"], subject_categories["subject_categories"]) metarule[relation]["subject_categories"].append(new_subject_category["id"]) self.assertRaises( - AuthIntraExtensionModificationNotAuthorized, + AdminException, self.manager.set_sub_meta_rule, "admin", self.ref["id"], metarule) @@ -856,6 +856,6 @@ class TestIntraExtensionAuthzManager(tests.TestCase): sub_rule.append(scope[func_name][cat_value].keys()[0]) self.assertRaises( - AuthIntraExtensionModificationNotAuthorized, + AdminException, self.manager.set_sub_rule, "admin", self.ref["id"], relation, sub_rule) diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py index d9c17bd5..0762f37a 100644 --- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py +++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py @@ -139,9 +139,9 @@ class TestTenantManager(tests.TestCase): self.assertEqual(data, new_mapping[_uuid]["admin"]) def test_unkown_tenant_uuid(self): - self.assertRaises(TenantNotFoundError, self.manager.get_tenant_name, uuid.uuid4().hex) - self.assertRaises(TenantNotFoundError, self.manager.set_tenant_name, uuid.uuid4().hex, "new name") - self.assertRaises(TenantNotFoundError, self.manager.get_extension_uuid, uuid.uuid4().hex) + self.assertRaises(TenantNotFound, self.manager.get_tenant_name, uuid.uuid4().hex) + self.assertRaises(TenantNotFound, self.manager.set_tenant_name, uuid.uuid4().hex, "new name") + self.assertRaises(TenantNotFound, self.manager.get_extension_uuid, uuid.uuid4().hex) _uuid = uuid.uuid4().hex new_mapping = { _uuid: { @@ -158,5 +158,5 @@ class TestTenantManager(tests.TestCase): ) self.assertEquals(_uuid, data["id"]) self.assertRaises(IntraExtensionNotFound, self.manager.get_extension_uuid, _uuid, "admin") - self.assertRaises(TenantNotFoundError, self.manager.get_tenant_uuid, uuid.uuid4().hex) + self.assertRaises(TenantNotFound, self.manager.get_tenant_uuid, uuid.uuid4().hex) # self.assertRaises(AdminIntraExtensionNotFound, self.manager.get_admin_extension_uuid, uuid.uuid4().hex) |