aboutsummaryrefslogtreecommitdiffstats
path: root/keystone-moon/keystone/contrib
diff options
context:
space:
mode:
Diffstat (limited to 'keystone-moon/keystone/contrib')
-rw-r--r--keystone-moon/keystone/contrib/moon/core.py90
-rw-r--r--keystone-moon/keystone/contrib/moon/exception.py15
2 files changed, 65 insertions, 40 deletions
diff --git a/keystone-moon/keystone/contrib/moon/core.py b/keystone-moon/keystone/contrib/moon/core.py
index aa7fd884..69e8585b 100644
--- a/keystone-moon/keystone/contrib/moon/core.py
+++ b/keystone-moon/keystone/contrib/moon/core.py
@@ -245,6 +245,16 @@ class IntraExtensionManager(manager.Manager):
:param obj: object of the request
:param act: action of the request
:return: True or False or raise an exception
+ :raises: (in that order)
+ SubjectUnknown
+ ObjectUnknown
+ ActionUnknown
+ SubjectCategoryAssignmentOutOfScope
+ ActionCategoryAssignmentOutOfScope
+ ObjectCategoryAssignmentOutOfScope
+ SubjectCategoryAssignmentUnknown
+ ObjectCategoryAssignmentUnknown
+ ActionCategoryAssignmentUnknown
"""
if not self.driver.get_intra_extension(uuid):
raise IntraExtensionNotFound()
@@ -1244,124 +1254,124 @@ class IntraExtensionAuthzManager(IntraExtensionManager):
raise AdminException()
def set_subject_dict(self, user_name, intra_extension_uuid, subject_dict):
- raise AdminException()
+ raise SubjectAddNotAuthorized()
def add_subject_dict(self, user_name, intra_extension_uuid, subject_uuid):
- raise AdminException()
+ raise SubjectAddNotAuthorized()
def del_subject(self, user_name, intra_extension_uuid, subject_uuid):
- raise AdminException()
+ raise SubjectDelNotAuthorized()
def set_object_dict(self, user_name, intra_extension_uuid, object_dict):
- raise AdminException()
+ raise ObjectAddNotAuthorized()
def add_object_dict(self, user_name, intra_extension_uuid, object_name):
- raise AdminException()
+ raise ObjectAddNotAuthorized()
def del_object(self, user_name, intra_extension_uuid, object_uuid):
- raise AdminException()
+ raise ObjectDelNotAuthorized()
def set_action_dict(self, user_name, intra_extension_uuid, action_dict):
- raise AdminException()
+ raise ActionAddNotAuthorized()
def add_action_dict(self, user_name, intra_extension_uuid, action_name):
- raise AdminException()
+ raise ActionAddNotAuthorized()
def del_action(self, user_name, intra_extension_uuid, action_uuid):
- raise AdminException()
+ raise ActionDelNotAuthorized()
def set_subject_category_dict(self, user_name, intra_extension_uuid, subject_category):
- raise AdminException()
+ raise SubjectCategoryAddNotAuthorized()
def add_subject_category_dict(self, user_name, intra_extension_uuid, subject_category_name):
- raise AdminException()
+ raise SubjectCategoryAddNotAuthorized()
def del_subject_category(self, user_name, intra_extension_uuid, subject_uuid):
- raise AdminException()
+ raise SubjectCategoryDelNotAuthorized()
def set_object_category_dict(self, user_name, intra_extension_uuid, object_category):
- raise AdminException()
+ raise ObjectCategoryAddNotAuthorized()
def add_object_category_dict(self, user_name, intra_extension_uuid, object_category_name):
- raise AdminException()
+ raise ObjectCategoryAddNotAuthorized()
def del_object_category(self, user_name, intra_extension_uuid, object_uuid):
- raise AdminException()
+ raise ObjectCategoryDelNotAuthorized()
def set_action_category_dict(self, user_name, intra_extension_uuid, action_category):
- raise AdminException()
+ raise ActionCategoryAddNotAuthorized()
def add_action_category_dict(self, user_name, intra_extension_uuid, action_category_name):
- raise AdminException()
+ raise ActionCategoryAddNotAuthorized()
def del_action_category(self, user_name, intra_extension_uuid, action_uuid):
- raise AdminException()
+ raise ActionCategoryDelNotAuthorized()
def set_subject_category_scope_dict(self, user_name, intra_extension_uuid, category, scope):
- raise AdminException()
+ raise SubjectCategoryScopeAddNotAuthorized()
def add_subject_category_scope_dict(self, user_name, intra_extension_uuid, subject_category, scope_name):
- raise AdminException()
+ raise SubjectCategoryScopeAddNotAuthorized()
def del_subject_category_scope(self, user_name, intra_extension_uuid, subject_category, subject_category_scope):
- raise AdminException()
+ raise SubjectCategoryScopeDelNotAuthorized()
def set_object_category_scope_dict(self, user_name, intra_extension_uuid, category, scope):
- raise AdminException()
+ raise ObjectCategoryScopeAddNotAuthorized()
def add_object_category_scope_dict(self, user_name, intra_extension_uuid, object_category, scope_name):
- raise AdminException()
+ raise ObjectCategoryScopeAddNotAuthorized()
def del_object_category_scope(self, user_name, intra_extension_uuid, object_category, object_category_scope):
- raise AdminException()
+ raise ObjectCategoryScopeDelNotAuthorized()
def set_action_category_scope_dict(self, user_name, intra_extension_uuid, category, scope):
- raise AdminException()
+ raise ActionCategoryScopeAddNotAuthorized()
def add_action_category_scope_dict(self, user_name, intra_extension_uuid, action_category, scope_name):
- raise AdminException()
+ raise ActionCategoryScopeAddNotAuthorized()
def del_action_category_scope(self, user_name, intra_extension_uuid, action_category, action_category_scope):
- raise AdminException()
+ raise ActionCategoryScopeDelNotAuthorized()
def set_subject_category_assignment_dict(self, user_name, intra_extension_uuid, subject_uuid, assignment_dict):
- raise AdminException()
+ raise SubjectCategoryAssignmentAddNotAuthorized()
def del_subject_category_assignment(self, user_name, intra_extension_uuid, subject_uuid, category_uuid, scope_uuid):
- raise AdminException()
+ raise SubjectCategoryAssignmentAddNotAuthorized()
def add_subject_category_assignment_dict(self, user_name, intra_extension_uuid, subject_uuid, category_uuid, scope_uuid):
- raise AdminException()
+ raise SubjectCategoryAssignmentDelNotAuthorized()
def set_object_category_assignment_dict(self, user_name, intra_extension_uuid, object_uuid, assignment_dict):
- raise AdminException()
+ raise ObjectCategoryAssignmentAddNotAuthorized()
def del_object_category_assignment(self, user_name, intra_extension_uuid, object_uuid, category_uuid, scope_uuid):
- raise AdminException()
+ raise ObjectCategoryAssignmentAddNotAuthorized()
def add_object_category_assignment_dict(self, user_name, intra_extension_uuid, object_uuid, category_uuid, scope_uuid):
- raise AdminException()
+ raise ObjectCategoryAssignmentDelNotAuthorized()
def set_action_category_assignment_dict(self, user_name, intra_extension_uuid, action_uuid, assignment_dict):
- raise AdminException()
+ raise ActionCategoryAssignmentAddNotAuthorized()
def del_action_category_assignment(self, user_name, intra_extension_uuid, action_uuid, category_uuid, scope_uuid):
- raise AdminException()
+ raise ActionCategoryAssignmentAddNotAuthorized()
def add_action_category_assignment_dict(self, user_name, intra_extension_uuid, action_uuid, category_uuid, scope_uuid):
- raise AdminException()
+ raise ActionCategoryAssignmentDelNotAuthorized()
def set_aggregation_algorithm(self, user_name, intra_extension_uuid, aggregation_algorithm):
- raise AdminException()
+ raise MetaRuleAddNotAuthorized()
def set_sub_meta_rule(self, user_name, intra_extension_uuid, sub_meta_rules):
- raise AdminException()
+ raise MetaRuleAddNotAuthorized()
def set_sub_rule(self, user_name, intra_extension_uuid, relation, sub_rule):
- raise AdminException()
+ raise RuleAddNotAuthorized()
def del_sub_rule(self, user_name, intra_extension_uuid, relation_name, rule):
- raise AdminException()
+ raise RuleAddNotAuthorized()
@dependency.provider('admin_api')
@dependency.requires('identity_api', 'moonlog_api', 'tenant_api')
diff --git a/keystone-moon/keystone/contrib/moon/exception.py b/keystone-moon/keystone/contrib/moon/exception.py
index b0ec740b..b206fc76 100644
--- a/keystone-moon/keystone/contrib/moon/exception.py
+++ b/keystone-moon/keystone/contrib/moon/exception.py
@@ -239,6 +239,9 @@ class AdminAssignment(AuthzException):
class AdminRule(AuthzException):
title = 'Rule Exception'
+class AdminMetaRule(AuthzException):
+ title = 'MetaRule Exception'
+
class SubjectReadNotAuthorized(AdminPerimeter):
title = 'Subject Read Not Authorized'
@@ -395,3 +398,15 @@ class RuleAddNotAuthorized(AdminRule):
class RuleDelNotAuthorized(AdminRule):
title = 'Rule Del Not Authorized'
+
+
+class MetaRuleReadNotAuthorized(AdminRule):
+ title = 'MetaRule Read Not Authorized'
+
+
+class MetaRuleAddNotAuthorized(AdminRule):
+ title = 'MetaRule Add Not Authorized'
+
+
+class MetaRuleDelNotAuthorized(AdminRule):
+ title = 'MetaRule Del Not Authorized'