diff options
Diffstat (limited to 'keystone-moon/keystone/tests')
6 files changed, 525 insertions, 662 deletions
diff --git a/keystone-moon/keystone/tests/moon/unit/__init__.py b/keystone-moon/keystone/tests/moon/unit/__init__.py index 0cd835ce..54c9252e 100644 --- a/keystone-moon/keystone/tests/moon/unit/__init__.py +++ b/keystone-moon/keystone/tests/moon/unit/__init__.py @@ -3,7 +3,6 @@ # license which can be found in the file 'LICENSE' in this package distribution # or at 'http://www.apache.org/licenses/LICENSE-2.0'. import uuid -from keystone.contrib.moon.core import ADMIN_ID USER = { 'name': 'admin', @@ -25,10 +24,8 @@ def create_intra_extension(self, policy_model="policy_authz"): if "authz" in policy_model: genre = "authz" IE["genre"] = genre - # force re-initialization of the ADMIN_ID variable - from keystone.contrib.moon.core import ADMIN_ID - self.ADMIN_ID = ADMIN_ID - ref = self.admin_api.load_intra_extension_dict(self.ADMIN_ID, intra_extension_dict=IE) + ref = self.admin_api.load_intra_extension_dict(self.root_api.get_root_admin_id(), + intra_extension_dict=IE) self.assertIsInstance(ref, dict) return ref @@ -62,7 +59,6 @@ def create_user(self, username="TestAdminIntraExtensionManagerUser"): def create_mapping(self, tenant_name=None, authz_id=None, admin_id=None): - from keystone.contrib.moon.core import ADMIN_ID if not tenant_name: tenant_name = uuid.uuid4().hex @@ -76,7 +72,7 @@ def create_mapping(self, tenant_name=None, authz_id=None, admin_id=None): "domain_id": "default" } keystone_tenant = self.resource_api.create_project(tenant["id"], tenant) - mapping = self.tenant_api.add_tenant_dict(ADMIN_ID, tenant) + mapping = self.tenant_api.add_tenant_dict(self.root_api.get_root_admin_id(), tenant) self.assertIsInstance(mapping, dict) self.assertIn("intra_authz_extension_id", mapping[tenant["id"]]) self.assertIn("intra_admin_extension_id", mapping[tenant["id"]]) diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_configuration.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_configuration.py index 1d612b7d..0be52c18 100644 --- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_configuration.py +++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_configuration.py @@ -12,7 +12,6 @@ from keystone.contrib.moon.core import ConfigurationManager from keystone.tests.unit.ksfixtures import database from keystone.contrib.moon.exception import * from keystone.tests.unit import default_fixtures -from keystone.contrib.moon.core import ADMIN_ID from keystone.contrib.moon.core import LogManager from keystone.contrib.moon.core import IntraExtensionAdminManager from keystone.tests.moon.unit import * @@ -26,15 +25,18 @@ class TestConfigurationManager(tests.TestCase): def setUp(self): self.useFixture(database.Database()) super(TestConfigurationManager, self).setUp() - self.load_backends() self.load_fixtures(default_fixtures) + self.load_backends() + domain = {'id': "default", 'name': "default"} + self.resource_api.create_domain(domain['id'], domain) self.admin = create_user(self, username="admin") self.demo = create_user(self, username="demo") - self.root_intra_extension = create_intra_extension(self, policy_model="policy_root") - # force re-initialization of the ADMIN_ID variable - from keystone.contrib.moon.core import ADMIN_ID - self.ADMIN_ID = ADMIN_ID - self.manager = self.configuration_api + self.root_intra_extension = self.root_api.get_root_extension_dict() + self.root_intra_extension_id = self.root_intra_extension.keys()[0] + self.ADMIN_ID = self.root_api.get_root_admin_id() + self.authz_manager = self.authz_api + self.admin_manager = self.admin_api + self.configuration_manager = self.configuration_api def load_extra_backends(self): return { @@ -60,10 +62,9 @@ class TestConfigurationManager(tests.TestCase): policy_directory=self.policy_directory) def test_get_policy_template_dict(self): - data = self.manager.get_policy_templates_dict(self.ADMIN_ID) + data = self.configuration_manager.get_policy_templates_dict(self.ADMIN_ID) self.assertIsInstance(data, dict) - self.assertIn("authz_templates", data) - self.assertIn("policy_root", data["authz_templates"]) + self.assertIn("policy_root", data) # def test_get_aggregation_algorithm_dict(self): # admin_intra_extension = create_intra_extension(self, policy_model="policy_admin") diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py index 60122b9d..e76173e7 100644 --- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py +++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py @@ -16,7 +16,6 @@ from keystone import resource from keystone.contrib.moon.exception import * from keystone.tests.unit import default_fixtures from keystone.contrib.moon.core import LogManager, TenantManager -from keystone.contrib.moon.core import ADMIN_ID from keystone.tests.moon.unit import * CONF = cfg.CONF @@ -33,6 +32,7 @@ IE = { "description": "a simple description." } + @dependency.requires('admin_api', 'authz_api', 'tenant_api', 'configuration_api', 'moonlog_api') class TestIntraExtensionAdminManagerOK(tests.TestCase): @@ -40,15 +40,16 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): def setUp(self): self.useFixture(database.Database()) super(TestIntraExtensionAdminManagerOK, self).setUp() - self.load_backends() self.load_fixtures(default_fixtures) + self.load_backends() + domain = {'id': "default", 'name': "default"} + self.resource_api.create_domain(domain['id'], domain) self.admin = create_user(self, username="admin") self.demo = create_user(self, username="demo") - self.root_intra_extension = create_intra_extension(self, policy_model="policy_root") - # force re-initialization of the ADMIN_ID variable - from keystone.contrib.moon.core import ADMIN_ID - self.ADMIN_ID = ADMIN_ID - self.manager = self.authz_api + self.root_intra_extension = self.root_api.get_root_extension_dict() + self.root_intra_extension_id = self.root_intra_extension.keys()[0] + self.ADMIN_ID = self.root_api.get_root_admin_id() + self.authz_manager = self.authz_api self.admin_manager = self.admin_api def __get_key_from_value(self, value, values_dict): @@ -74,7 +75,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): policy_directory=self.policy_directory) def delete_admin_intra_extension(self): - self.manager.del_intra_extension(self.ref["id"]) + self.authz_manager.del_intra_extension(self.ref["id"]) def test_subjects(self): authz_ie_dict = create_intra_extension(self, "policy_authz") @@ -82,12 +83,10 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() - subjects = self.manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"]) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + subjects = self.authz_manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"]) self.assertIsInstance(subjects, dict) for key, value in subjects.iteritems(): self.assertIsInstance(value, dict) @@ -112,7 +111,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): # Delete the new subject self.admin_manager.del_subject(admin_subject_id, authz_ie_dict["id"], new_subject["id"]) - subjects = self.manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"]) + subjects = self.authz_manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"]) for key, value in subjects.iteritems(): self.assertIsInstance(value, dict) self.assertIn("name", value) @@ -125,12 +124,10 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() - objects = self.manager.get_objects_dict(admin_subject_id, authz_ie_dict["id"]) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + objects = self.authz_manager.get_objects_dict(admin_subject_id, authz_ie_dict["id"]) objects_id_list = [] self.assertIsInstance(objects, dict) for key, value in objects.iteritems(): @@ -145,12 +142,10 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() - actions = self.manager.get_actions_dict(admin_subject_id, authz_ie_dict["id"]) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + actions = self.authz_manager.get_actions_dict(admin_subject_id, authz_ie_dict["id"]) actions_id_list = [] self.assertIsInstance(actions, dict) for key, value in actions.iteritems(): @@ -165,12 +160,10 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() - subject_categories = self.manager.get_subject_categories_dict(admin_subject_id, authz_ie_dict["id"]) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + subject_categories = self.authz_manager.get_subject_categories_dict(admin_subject_id, authz_ie_dict["id"]) self.assertIsInstance(subject_categories, dict) for key, value in subject_categories.iteritems(): self.assertIsInstance(value, dict) @@ -192,7 +185,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): # Delete the new subject_category self.admin_manager.del_subject_category(admin_subject_id, authz_ie_dict["id"], new_subject_category["id"]) - subject_categories = self.manager.get_subject_categories_dict(admin_subject_id, authz_ie_dict["id"]) + subject_categories = self.authz_manager.get_subject_categories_dict(admin_subject_id, authz_ie_dict["id"]) for key, value in subject_categories.iteritems(): self.assertIsInstance(value, dict) self.assertIn("name", value) @@ -205,12 +198,10 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() - object_categories = self.manager.get_object_categories_dict(admin_subject_id, authz_ie_dict["id"]) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + object_categories = self.authz_manager.get_object_categories_dict(admin_subject_id, authz_ie_dict["id"]) self.assertIsInstance(object_categories, dict) for key, value in object_categories.iteritems(): self.assertIsInstance(value, dict) @@ -233,7 +224,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): # Delete the new object_category self.admin_manager.del_object_category(admin_subject_id, authz_ie_dict["id"], new_object_category["id"]) - object_categories = self.manager.get_object_categories_dict(admin_subject_id, authz_ie_dict["id"]) + object_categories = self.authz_manager.get_object_categories_dict(admin_subject_id, authz_ie_dict["id"]) for key, value in object_categories.iteritems(): self.assertIsInstance(value, dict) self.assertIn("name", value) @@ -246,12 +237,10 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() - action_categories = self.manager.get_action_categories_dict(admin_subject_id, authz_ie_dict["id"]) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + action_categories = self.authz_manager.get_action_categories_dict(admin_subject_id, authz_ie_dict["id"]) self.assertIsInstance(action_categories, dict) for key, value in action_categories.iteritems(): self.assertIsInstance(value, dict) @@ -274,7 +263,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): # Delete the new action_category self.admin_manager.del_action_category(admin_subject_id, authz_ie_dict["id"], new_action_category["id"]) - action_categories = self.manager.get_action_categories_dict(admin_subject_id, authz_ie_dict["id"]) + action_categories = self.authz_manager.get_action_categories_dict(admin_subject_id, authz_ie_dict["id"]) for key, value in action_categories.iteritems(): self.assertIsInstance(value, dict) self.assertIn("name", value) @@ -287,11 +276,11 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() + # demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], + # {"name": "demo", "description": "demo"}) demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() subject_categories = self.admin_manager.add_subject_category_dict( admin_subject_id, @@ -304,7 +293,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): for subject_category_id in subject_categories: - subject_category_scope = self.manager.get_subject_scopes_dict( + subject_category_scope = self.authz_manager.get_subject_scopes_dict( admin_subject_id, authz_ie_dict["id"], subject_category_id) @@ -350,11 +339,11 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() + # demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], + # {"name": "demo", "description": "demo"}) demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() object_categories = self.admin_manager.add_object_category_dict( admin_subject_id, @@ -367,7 +356,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): for object_category_id in object_categories: - object_category_scope = self.manager.get_object_scopes_dict( + object_category_scope = self.authz_manager.get_object_scopes_dict( admin_subject_id, authz_ie_dict["id"], object_category_id) @@ -413,11 +402,11 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() + # demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], + # {"name": "demo", "description": "demo"}) demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() action_categories = self.admin_manager.add_action_category_dict( admin_subject_id, @@ -430,7 +419,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): for action_category_id in action_categories: - action_category_scope = self.manager.get_action_scopes_dict( + action_category_scope = self.authz_manager.get_action_scopes_dict( admin_subject_id, authz_ie_dict["id"], action_category_id) @@ -476,17 +465,17 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() admin_authz_subject_id, admin_authz_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], authz_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], authz_ie_dict['id'], 'admin').iteritems().next() + # demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], + # {"name": "demo", "description": "demo"}) demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() demo_authz_subject_id, demo_authz_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], authz_ie_dict['id'], 'demo').iteritems().next() + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], authz_ie_dict['id'], 'demo').iteritems().next() - subjects_dict = self.manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"]) + subjects_dict = self.authz_manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"]) subject_categories = self.admin_manager.add_subject_category_dict( admin_subject_id, @@ -498,7 +487,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): ) for subject_category_id in subject_categories: - subject_category_scope = self.manager.get_subject_scopes_dict( + subject_category_scope = self.authz_manager.get_subject_scopes_dict( admin_subject_id, authz_ie_dict["id"], subject_category_id) @@ -529,7 +518,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): new_subject_category_scope_2) subject_category_scope_2_id = subject_category_scope_2.keys()[0] - subject_category_assignments = self.manager.get_subject_assignment_list( + subject_category_assignments = self.authz_manager.get_subject_assignment_list( admin_subject_id, authz_ie_dict["id"], admin_authz_subject_id, @@ -538,7 +527,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): self.assertIsInstance(subject_category_assignments, list) self.assertEqual([], subject_category_assignments) - subject_category_assignments = self.manager.get_subject_assignment_list( + subject_category_assignments = self.authz_manager.get_subject_assignment_list( admin_subject_id, authz_ie_dict["id"], demo_authz_subject_id, @@ -599,13 +588,13 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() + # demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], + # {"name": "demo", "description": "demo"}) demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() - objects_dict = self.manager.get_objects_dict(admin_subject_id, authz_ie_dict["id"]) + objects_dict = self.authz_manager.get_objects_dict(admin_subject_id, authz_ie_dict["id"]) object_vm1_id = None object_vm2_id = None @@ -627,7 +616,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): ) for object_category_id in object_categories: - object_category_scope = self.manager.get_object_scopes_dict( + object_category_scope = self.authz_manager.get_object_scopes_dict( admin_subject_id, authz_ie_dict["id"], object_category_id) @@ -658,7 +647,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): new_object_category_scope_2) object_category_scope_2_id = object_category_scope_2.keys()[0] - object_category_assignments = self.manager.get_object_assignment_list( + object_category_assignments = self.authz_manager.get_object_assignment_list( admin_subject_id, authz_ie_dict["id"], object_vm1_id, @@ -667,7 +656,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): self.assertIsInstance(object_category_assignments, list) self.assertEqual([], object_category_assignments) - object_category_assignments = self.manager.get_object_assignment_list( + object_category_assignments = self.authz_manager.get_object_assignment_list( admin_subject_id, authz_ie_dict["id"], object_vm2_id, @@ -728,13 +717,13 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() + # demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], + # {"name": "demo", "description": "demo"}) demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() - actions_dict = self.manager.get_actions_dict(admin_subject_id, authz_ie_dict["id"]) + actions_dict = self.authz_manager.get_actions_dict(admin_subject_id, authz_ie_dict["id"]) action_upload_id = None action_list_id = None @@ -756,7 +745,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): ) for action_category_id in action_categories: - action_category_scope = self.manager.get_action_scopes_dict( + action_category_scope = self.authz_manager.get_action_scopes_dict( admin_subject_id, authz_ie_dict["id"], action_category_id) @@ -787,7 +776,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): new_action_category_scope_2) action_category_scope_2_id = action_category_scope_2.keys()[0] - action_category_assignments = self.manager.get_action_assignment_list( + action_category_assignments = self.authz_manager.get_action_assignment_list( admin_subject_id, authz_ie_dict["id"], action_upload_id, @@ -796,7 +785,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): self.assertIsInstance(action_category_assignments, list) self.assertEqual([], action_category_assignments) - action_category_assignments = self.manager.get_action_assignment_list( + action_category_assignments = self.authz_manager.get_action_assignment_list( admin_subject_id, authz_ie_dict["id"], action_list_id, @@ -857,11 +846,11 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.admin_manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() + # demo_subject_dict = self.admin_manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], + # {"name": "demo", "description": "demo"}) demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() aggregation_algorithms = self.admin_manager.get_aggregation_algorithm_dict(admin_subject_id, authz_ie_dict["id"]) for key, value in aggregation_algorithms.iteritems(): @@ -899,11 +888,11 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.admin_manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() + # demo_subject_dict = self.admin_manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], + # {"name": "demo", "description": "demo"}) demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() sub_meta_rules = self.admin_manager.get_sub_meta_rules_dict(admin_subject_id, authz_ie_dict["id"]) self.assertIsInstance(sub_meta_rules, dict) @@ -978,15 +967,16 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): def setUp(self): self.useFixture(database.Database()) super(TestIntraExtensionAdminManagerKO, self).setUp() - self.load_backends() self.load_fixtures(default_fixtures) + self.load_backends() + domain = {'id': "default", 'name': "default"} + self.resource_api.create_domain(domain['id'], domain) self.admin = create_user(self, username="admin") self.demo = create_user(self, username="demo") - self.root_intra_extension = create_intra_extension(self, policy_model="policy_root") - # force re-initialization of the ADMIN_ID variable - from keystone.contrib.moon.core import ADMIN_ID - self.ADMIN_ID = ADMIN_ID - self.manager = self.authz_api + self.root_intra_extension = self.root_api.get_root_extension_dict() + self.root_intra_extension_id = self.root_intra_extension.keys()[0] + self.ADMIN_ID = self.root_api.get_root_admin_id() + self.authz_manager = self.authz_api self.admin_manager = self.admin_api def __get_key_from_value(self, value, values_dict): @@ -1017,12 +1007,12 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() + # demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], + # {"name": "demo", "description": "demo"}) demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() - subjects = self.manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"]) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + subjects = self.authz_manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"]) self.assertIsInstance(subjects, dict) for key, value in subjects.iteritems(): self.assertIsInstance(value, dict) @@ -1035,7 +1025,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): new_subject = {"name": "subject_test", "description": "subject_test"} self.assertRaises( AuthzException, - self.manager.add_subject_dict, + self.authz_manager.add_subject_dict, demo_subject_id, admin_ie_dict["id"], new_subject) subjects = self.admin_manager.add_subject_dict(admin_subject_id, authz_ie_dict["id"], new_subject) @@ -1052,11 +1042,11 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): # Delete the new subject self.assertRaises( AuthzException, - self.manager.del_subject, + self.authz_manager.del_subject, demo_subject_id, authz_ie_dict["id"], new_subject["id"]) self.admin_manager.del_subject(admin_subject_id, authz_ie_dict["id"], new_subject["id"]) - subjects = self.manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"]) + subjects = self.authz_manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"]) for key, value in subjects.iteritems(): self.assertIsInstance(value, dict) self.assertIn("name", value) @@ -1069,12 +1059,12 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() + # demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], + # {"name": "demo", "description": "demo"}) demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() - objects = self.manager.get_objects_dict(admin_subject_id, authz_ie_dict["id"]) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + objects = self.authz_manager.get_objects_dict(admin_subject_id, authz_ie_dict["id"]) objects_id_list = [] self.assertIsInstance(objects, dict) for key, value in objects.iteritems(): @@ -1087,35 +1077,35 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): new_object = {"name": "object_test", "description": "object_test"} self.assertRaises( AuthzException, - self.manager.add_object_dict, + self.authz_manager.add_object_dict, demo_subject_id, admin_ie_dict["id"], new_object) self.assertRaises( ObjectsWriteNoAuthorized, self.admin_manager.add_object_dict, - admin_subject_id, authz_ie_dict["id"], new_object + admin_subject_id, admin_ie_dict["id"], new_object ) # Delete the new object for key in objects_id_list: self.assertRaises( AuthzException, - self.manager.del_object, + self.authz_manager.del_object, demo_subject_id, authz_ie_dict["id"], key) self.assertRaises( AuthzException, - self.manager.del_object, + self.authz_manager.del_object, admin_subject_id, authz_ie_dict["id"], key) for key in objects_id_list: self.assertRaises( ObjectsWriteNoAuthorized, self.admin_manager.del_object, - demo_subject_id, authz_ie_dict["id"], key) + demo_subject_id, admin_ie_dict["id"], key) self.assertRaises( ObjectsWriteNoAuthorized, self.admin_manager.del_object, - admin_subject_id, authz_ie_dict["id"], key) + admin_subject_id, admin_ie_dict["id"], key) def test_actions(self): authz_ie_dict = create_intra_extension(self, "policy_authz") @@ -1123,12 +1113,12 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() + # demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], + # {"name": "demo", "description": "demo"}) demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() - actions = self.manager.get_actions_dict(admin_subject_id, authz_ie_dict["id"]) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + actions = self.authz_manager.get_actions_dict(admin_subject_id, authz_ie_dict["id"]) actions_id_list = [] self.assertIsInstance(actions, dict) for key, value in actions.iteritems(): @@ -1141,35 +1131,35 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): new_action = {"name": "action_test", "description": "action_test"} self.assertRaises( AuthzException, - self.manager.add_action_dict, + self.authz_manager.add_action_dict, demo_subject_id, admin_ie_dict["id"], new_action) self.assertRaises( ActionsWriteNoAuthorized, self.admin_manager.add_action_dict, - admin_subject_id, authz_ie_dict["id"], new_action + admin_subject_id, admin_ie_dict["id"], new_action ) # Delete all actions for key in actions_id_list: self.assertRaises( AuthzException, - self.manager.del_action, + self.authz_manager.del_action, demo_subject_id, authz_ie_dict["id"], key) self.assertRaises( AuthzException, - self.manager.del_action, + self.authz_manager.del_action, admin_subject_id, authz_ie_dict["id"], key) for key in actions_id_list: self.assertRaises( ActionsWriteNoAuthorized, self.admin_manager.del_action, - demo_subject_id, authz_ie_dict["id"], key) + demo_subject_id, admin_ie_dict["id"], key) self.assertRaises( ActionsWriteNoAuthorized, self.admin_manager.del_action, - admin_subject_id, authz_ie_dict["id"], key) + admin_subject_id, admin_ie_dict["id"], key) def test_subject_categories(self): authz_ie_dict = create_intra_extension(self, "policy_authz") @@ -1177,12 +1167,12 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() + # demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], + # {"name": "demo", "description": "demo"}) demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() - subject_categories = self.manager.get_subject_categories_dict(admin_subject_id, authz_ie_dict["id"]) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + subject_categories = self.authz_manager.get_subject_categories_dict(admin_subject_id, authz_ie_dict["id"]) self.assertIsInstance(subject_categories, dict) for key, value in subject_categories.iteritems(): self.assertIsInstance(value, dict) @@ -1192,7 +1182,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): new_subject_category = {"name": "subject_category_test", "description": "subject_category_test"} self.assertRaises( AuthzException, - self.manager.add_subject_category_dict, + self.authz_manager.add_subject_category_dict, demo_subject_id, admin_ie_dict["id"], new_subject_category) subject_categories = self.admin_manager.add_subject_category_dict(admin_subject_id, authz_ie_dict["id"], new_subject_category) @@ -1209,11 +1199,11 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): # Delete the new subject_category self.assertRaises( AuthzException, - self.manager.del_subject_category, + self.authz_manager.del_subject_category, demo_subject_id, authz_ie_dict["id"], new_subject_category["id"]) self.admin_manager.del_subject_category(admin_subject_id, authz_ie_dict["id"], new_subject_category["id"]) - subject_categories = self.manager.get_subject_categories_dict(admin_subject_id, authz_ie_dict["id"]) + subject_categories = self.authz_manager.get_subject_categories_dict(admin_subject_id, authz_ie_dict["id"]) for key, value in subject_categories.iteritems(): self.assertIsInstance(value, dict) self.assertIn("name", value) @@ -1226,12 +1216,12 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() + # demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], + # {"name": "demo", "description": "demo"}) demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() - object_categories = self.manager.get_object_categories_dict(admin_subject_id, authz_ie_dict["id"]) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + object_categories = self.authz_manager.get_object_categories_dict(admin_subject_id, authz_ie_dict["id"]) self.assertIsInstance(object_categories, dict) for key, value in object_categories.iteritems(): self.assertIsInstance(value, dict) @@ -1241,7 +1231,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): new_object_category = {"name": "object_category_test", "description": "object_category_test"} self.assertRaises( AuthzException, - self.manager.add_object_category_dict, + self.authz_manager.add_object_category_dict, demo_subject_id, admin_ie_dict["id"], new_object_category) object_categories = self.admin_manager.add_object_category_dict(admin_subject_id, authz_ie_dict["id"], new_object_category) @@ -1258,11 +1248,11 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): # Delete the new object_category self.assertRaises( AuthzException, - self.manager.del_object_category, + self.authz_manager.del_object_category, demo_subject_id, authz_ie_dict["id"], new_object_category["id"]) self.admin_manager.del_object_category(admin_subject_id, authz_ie_dict["id"], new_object_category["id"]) - object_categories = self.manager.get_object_categories_dict(admin_subject_id, authz_ie_dict["id"]) + object_categories = self.authz_manager.get_object_categories_dict(admin_subject_id, authz_ie_dict["id"]) for key, value in object_categories.iteritems(): self.assertIsInstance(value, dict) self.assertIn("name", value) @@ -1275,12 +1265,12 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() + # demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], + # {"name": "demo", "description": "demo"}) demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() - action_categories = self.manager.get_action_categories_dict(admin_subject_id, authz_ie_dict["id"]) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + action_categories = self.authz_manager.get_action_categories_dict(admin_subject_id, authz_ie_dict["id"]) self.assertIsInstance(action_categories, dict) for key, value in action_categories.iteritems(): self.assertIsInstance(value, dict) @@ -1290,7 +1280,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): new_action_category = {"name": "action_category_test", "description": "action_category_test"} self.assertRaises( AuthzException, - self.manager.add_action_category_dict, + self.authz_manager.add_action_category_dict, demo_subject_id, admin_ie_dict["id"], new_action_category) action_categories = self.admin_manager.add_action_category_dict(admin_subject_id, authz_ie_dict["id"], new_action_category) @@ -1307,11 +1297,11 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): # Delete the new action_category self.assertRaises( AuthzException, - self.manager.del_action_category, + self.authz_manager.del_action_category, demo_subject_id, authz_ie_dict["id"], new_action_category["id"]) self.admin_manager.del_action_category(admin_subject_id, authz_ie_dict["id"], new_action_category["id"]) - action_categories = self.manager.get_action_categories_dict(admin_subject_id, authz_ie_dict["id"]) + action_categories = self.authz_manager.get_action_categories_dict(admin_subject_id, authz_ie_dict["id"]) for key, value in action_categories.iteritems(): self.assertIsInstance(value, dict) self.assertIn("name", value) @@ -1324,11 +1314,11 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() + # demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], + # {"name": "demo", "description": "demo"}) demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() subject_categories = self.admin_manager.add_subject_category_dict( admin_subject_id, @@ -1341,7 +1331,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): for subject_category_id in subject_categories: - subject_category_scope = self.manager.get_subject_scopes_dict( + subject_category_scope = self.authz_manager.get_subject_scopes_dict( admin_subject_id, authz_ie_dict["id"], subject_category_id) @@ -1396,11 +1386,11 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() + # demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], + # {"name": "demo", "description": "demo"}) demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() object_categories = self.admin_manager.add_object_category_dict( admin_subject_id, @@ -1413,7 +1403,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): for object_category_id in object_categories: - object_category_scope = self.manager.get_object_scopes_dict( + object_category_scope = self.authz_manager.get_object_scopes_dict( admin_subject_id, authz_ie_dict["id"], object_category_id) @@ -1468,11 +1458,11 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() + # demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], + # {"name": "demo", "description": "demo"}) demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() action_categories = self.admin_manager.add_action_category_dict( admin_subject_id, @@ -1485,7 +1475,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): for action_category_id in action_categories: - action_category_scope = self.manager.get_action_scopes_dict( + action_category_scope = self.authz_manager.get_action_scopes_dict( admin_subject_id, authz_ie_dict["id"], action_category_id) @@ -1540,17 +1530,17 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() admin_authz_subject_id, admin_authz_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], authz_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], authz_ie_dict['id'], 'admin').iteritems().next() + # demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], + # {"name": "demo", "description": "demo"}) demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() demo_authz_subject_id, demo_authz_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], authz_ie_dict['id'], 'demo').iteritems().next() + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], authz_ie_dict['id'], 'demo').iteritems().next() - subjects_dict = self.manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"]) + subjects_dict = self.authz_manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"]) subject_categories = self.admin_manager.add_subject_category_dict( admin_subject_id, @@ -1562,7 +1552,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): ) for subject_category_id in subject_categories: - subject_category_scope = self.manager.get_subject_scopes_dict( + subject_category_scope = self.authz_manager.get_subject_scopes_dict( admin_subject_id, authz_ie_dict["id"], subject_category_id) @@ -1593,7 +1583,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): new_subject_category_scope_2) subject_category_scope_2_id = subject_category_scope_2.keys()[0] - subject_category_assignments = self.manager.get_subject_assignment_list( + subject_category_assignments = self.authz_manager.get_subject_assignment_list( admin_subject_id, authz_ie_dict["id"], admin_authz_subject_id, @@ -1602,7 +1592,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): self.assertIsInstance(subject_category_assignments, list) self.assertEqual([], subject_category_assignments) - subject_category_assignments = self.manager.get_subject_assignment_list( + subject_category_assignments = self.authz_manager.get_subject_assignment_list( admin_subject_id, authz_ie_dict["id"], demo_authz_subject_id, @@ -1613,14 +1603,14 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): self.assertRaises( AuthzException, - self.manager.add_subject_assignment_list, + self.authz_manager.add_subject_assignment_list, demo_subject_id, authz_ie_dict["id"], admin_authz_subject_id, subject_category_id, subject_category_scope_1_id ) self.assertRaises( AuthzException, - self.manager.add_subject_assignment_list, + self.authz_manager.add_subject_assignment_list, demo_subject_id, authz_ie_dict["id"], demo_authz_subject_id, subject_category_id, subject_category_scope_2_id ) @@ -1692,13 +1682,13 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() + # demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], + # {"name": "demo", "description": "demo"}) demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() - objects_dict = self.manager.get_objects_dict(admin_subject_id, authz_ie_dict["id"]) + objects_dict = self.authz_manager.get_objects_dict(admin_subject_id, authz_ie_dict["id"]) object_vm1_id = None object_vm2_id = None @@ -1720,7 +1710,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): ) for object_category_id in object_categories: - object_category_scope = self.manager.get_object_scopes_dict( + object_category_scope = self.authz_manager.get_object_scopes_dict( admin_subject_id, authz_ie_dict["id"], object_category_id) @@ -1751,7 +1741,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): new_object_category_scope_2) object_category_scope_2_id = object_category_scope_2.keys()[0] - object_category_assignments = self.manager.get_object_assignment_list( + object_category_assignments = self.authz_manager.get_object_assignment_list( admin_subject_id, authz_ie_dict["id"], object_vm1_id, @@ -1760,7 +1750,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): self.assertIsInstance(object_category_assignments, list) self.assertEqual([], object_category_assignments) - object_category_assignments = self.manager.get_object_assignment_list( + object_category_assignments = self.authz_manager.get_object_assignment_list( admin_subject_id, authz_ie_dict["id"], object_vm2_id, @@ -1771,14 +1761,14 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): self.assertRaises( AuthzException, - self.manager.add_object_assignment_list, + self.authz_manager.add_object_assignment_list, demo_subject_id, authz_ie_dict["id"], object_vm1_id, object_category_id, object_category_scope_1_id ) self.assertRaises( AuthzException, - self.manager.add_object_assignment_list, + self.authz_manager.add_object_assignment_list, demo_subject_id, authz_ie_dict["id"], object_vm2_id, object_category_id, object_category_scope_2_id ) @@ -1850,13 +1840,13 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() + # demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], + # {"name": "demo", "description": "demo"}) demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() - actions_dict = self.manager.get_actions_dict(admin_subject_id, authz_ie_dict["id"]) + actions_dict = self.authz_manager.get_actions_dict(admin_subject_id, authz_ie_dict["id"]) action_upload_id = None action_list_id = None @@ -1878,7 +1868,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): ) for action_category_id in action_categories: - action_category_scope = self.manager.get_action_scopes_dict( + action_category_scope = self.authz_manager.get_action_scopes_dict( admin_subject_id, authz_ie_dict["id"], action_category_id) @@ -1909,7 +1899,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): new_action_category_scope_2) action_category_scope_2_id = action_category_scope_2.keys()[0] - action_category_assignments = self.manager.get_action_assignment_list( + action_category_assignments = self.authz_manager.get_action_assignment_list( admin_subject_id, authz_ie_dict["id"], action_upload_id, @@ -1918,7 +1908,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): self.assertIsInstance(action_category_assignments, list) self.assertEqual([], action_category_assignments) - action_category_assignments = self.manager.get_action_assignment_list( + action_category_assignments = self.authz_manager.get_action_assignment_list( admin_subject_id, authz_ie_dict["id"], action_list_id, @@ -1929,14 +1919,14 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): self.assertRaises( AuthzException, - self.manager.add_action_assignment_list, + self.authz_manager.add_action_assignment_list, demo_subject_id, authz_ie_dict["id"], action_upload_id, action_category_id, action_category_scope_1_id ) self.assertRaises( AuthzException, - self.manager.add_action_assignment_list, + self.authz_manager.add_action_assignment_list, demo_subject_id, authz_ie_dict["id"], action_list_id, action_category_id, action_category_scope_2_id ) @@ -2008,11 +1998,11 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.admin_manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() + # demo_subject_dict = self.admin_manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], + # {"name": "demo", "description": "demo"}) demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() aggregation_algorithms = self.admin_manager.get_aggregation_algorithm_dict(admin_subject_id, authz_ie_dict["id"]) for key, value in aggregation_algorithms.iteritems(): @@ -2050,11 +2040,11 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.admin_manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() + # demo_subject_dict = self.admin_manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], + # {"name": "demo", "description": "demo"}) demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() sub_meta_rules = self.admin_manager.get_sub_meta_rules_dict(admin_subject_id, authz_ie_dict["id"]) self.assertIsInstance(sub_meta_rules, dict) diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py index 2f75acaf..c96c00b5 100644 --- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py +++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py @@ -10,12 +10,12 @@ import os import uuid from oslo_config import cfg from keystone.tests import unit as tests -from keystone.contrib.moon.core import IntraExtensionAdminManager, IntraExtensionAuthzManager +from keystone.contrib.moon.core import IntraExtensionAdminManager, IntraExtensionAuthzManager, IntraExtensionRootManager from keystone.tests.unit.ksfixtures import database from keystone import resource from keystone.contrib.moon.exception import * from keystone.tests.unit import default_fixtures -from keystone.contrib.moon.core import LogManager, TenantManager, ADMIN_ID +from keystone.contrib.moon.core import LogManager, TenantManager from keystone.tests.moon.unit import * CONF = cfg.CONF @@ -38,15 +38,16 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase): def setUp(self): self.useFixture(database.Database()) super(TestIntraExtensionAuthzManagerAuthzOK, self).setUp() - self.load_backends() self.load_fixtures(default_fixtures) + self.load_backends() + domain = {'id': "default", 'name': "default"} + self.resource_api.create_domain(domain['id'], domain) self.admin = create_user(self, username="admin") self.demo = create_user(self, username="demo") - self.root_intra_extension = create_intra_extension(self, policy_model="policy_root") - # force re-initialization of the ADMIN_ID variable - from keystone.contrib.moon.core import ADMIN_ID - self.ADMIN_ID = ADMIN_ID - self.manager = self.authz_api + self.root_intra_extension = self.root_api.get_root_extension_dict() + self.root_intra_extension_id = self.root_intra_extension.keys()[0] + self.ADMIN_ID = self.root_api.get_root_admin_id() + self.authz_manager = self.authz_api self.admin_manager = self.admin_api def __get_key_from_value(self, value, values_dict): @@ -72,7 +73,7 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase): policy_directory=self.policy_directory) def delete_admin_intra_extension(self): - self.manager.del_intra_extension(self.ref["id"]) + self.authz_manager.del_intra_extension(self.ref["id"]) def test_subjects(self): authz_ie_dict = create_intra_extension(self, "policy_authz") @@ -80,12 +81,10 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() - subjects = self.manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"]) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + subjects = self.authz_manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"]) self.assertIsInstance(subjects, dict) for key, value in subjects.iteritems(): self.assertIsInstance(value, dict) @@ -110,7 +109,7 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase): # Delete the new subject self.admin_manager.del_subject(admin_subject_id, authz_ie_dict["id"], new_subject["id"]) - subjects = self.manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"]) + subjects = self.authz_manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"]) for key, value in subjects.iteritems(): self.assertIsInstance(value, dict) self.assertIn("name", value) @@ -123,12 +122,10 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() - objects = self.manager.get_objects_dict(admin_subject_id, authz_ie_dict["id"]) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + objects = self.authz_manager.get_objects_dict(admin_subject_id, authz_ie_dict["id"]) objects_id_list = [] self.assertIsInstance(objects, dict) for key, value in objects.iteritems(): @@ -143,12 +140,10 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() - actions = self.manager.get_actions_dict(admin_subject_id, authz_ie_dict["id"]) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + actions = self.authz_manager.get_actions_dict(admin_subject_id, authz_ie_dict["id"]) actions_id_list = [] self.assertIsInstance(actions, dict) for key, value in actions.iteritems(): @@ -163,12 +158,10 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() - subject_categories = self.manager.get_subject_categories_dict(admin_subject_id, authz_ie_dict["id"]) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + subject_categories = self.authz_manager.get_subject_categories_dict(admin_subject_id, authz_ie_dict["id"]) self.assertIsInstance(subject_categories, dict) for key, value in subject_categories.iteritems(): self.assertIsInstance(value, dict) @@ -190,7 +183,7 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase): # Delete the new subject_category self.admin_manager.del_subject_category(admin_subject_id, authz_ie_dict["id"], new_subject_category["id"]) - subject_categories = self.manager.get_subject_categories_dict(admin_subject_id, authz_ie_dict["id"]) + subject_categories = self.authz_manager.get_subject_categories_dict(admin_subject_id, authz_ie_dict["id"]) for key, value in subject_categories.iteritems(): self.assertIsInstance(value, dict) self.assertIn("name", value) @@ -203,12 +196,10 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() - object_categories = self.manager.get_object_categories_dict(admin_subject_id, authz_ie_dict["id"]) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + object_categories = self.authz_manager.get_object_categories_dict(admin_subject_id, authz_ie_dict["id"]) self.assertIsInstance(object_categories, dict) for key, value in object_categories.iteritems(): self.assertIsInstance(value, dict) @@ -231,7 +222,7 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase): # Delete the new object_category self.admin_manager.del_object_category(admin_subject_id, authz_ie_dict["id"], new_object_category["id"]) - object_categories = self.manager.get_object_categories_dict(admin_subject_id, authz_ie_dict["id"]) + object_categories = self.authz_manager.get_object_categories_dict(admin_subject_id, authz_ie_dict["id"]) for key, value in object_categories.iteritems(): self.assertIsInstance(value, dict) self.assertIn("name", value) @@ -244,12 +235,10 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() - action_categories = self.manager.get_action_categories_dict(admin_subject_id, authz_ie_dict["id"]) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + action_categories = self.authz_manager.get_action_categories_dict(admin_subject_id, authz_ie_dict["id"]) self.assertIsInstance(action_categories, dict) for key, value in action_categories.iteritems(): self.assertIsInstance(value, dict) @@ -272,7 +261,7 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase): # Delete the new action_category self.admin_manager.del_action_category(admin_subject_id, authz_ie_dict["id"], new_action_category["id"]) - action_categories = self.manager.get_action_categories_dict(admin_subject_id, authz_ie_dict["id"]) + action_categories = self.authz_manager.get_action_categories_dict(admin_subject_id, authz_ie_dict["id"]) for key, value in action_categories.iteritems(): self.assertIsInstance(value, dict) self.assertIn("name", value) @@ -285,11 +274,9 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() subject_categories = self.admin_manager.add_subject_category_dict( admin_subject_id, @@ -302,7 +289,7 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase): for subject_category_id in subject_categories: - subject_category_scope = self.manager.get_subject_scopes_dict( + subject_category_scope = self.authz_manager.get_subject_scopes_dict( admin_subject_id, authz_ie_dict["id"], subject_category_id) @@ -348,11 +335,9 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() object_categories = self.admin_manager.add_object_category_dict( admin_subject_id, @@ -365,7 +350,7 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase): for object_category_id in object_categories: - object_category_scope = self.manager.get_object_scopes_dict( + object_category_scope = self.authz_manager.get_object_scopes_dict( admin_subject_id, authz_ie_dict["id"], object_category_id) @@ -411,11 +396,9 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() action_categories = self.admin_manager.add_action_category_dict( admin_subject_id, @@ -428,7 +411,7 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase): for action_category_id in action_categories: - action_category_scope = self.manager.get_action_scopes_dict( + action_category_scope = self.authz_manager.get_action_scopes_dict( admin_subject_id, authz_ie_dict["id"], action_category_id) @@ -474,17 +457,15 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() admin_authz_subject_id, admin_authz_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], authz_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], authz_ie_dict['id'], 'admin').iteritems().next() demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() demo_authz_subject_id, demo_authz_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], authz_ie_dict['id'], 'demo').iteritems().next() + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], authz_ie_dict['id'], 'demo').iteritems().next() - subjects_dict = self.manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"]) + subjects_dict = self.authz_manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"]) subject_categories = self.admin_manager.add_subject_category_dict( admin_subject_id, @@ -496,7 +477,7 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase): ) for subject_category_id in subject_categories: - subject_category_scope = self.manager.get_subject_scopes_dict( + subject_category_scope = self.authz_manager.get_subject_scopes_dict( admin_subject_id, authz_ie_dict["id"], subject_category_id) @@ -527,7 +508,7 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase): new_subject_category_scope_2) subject_category_scope_2_id = subject_category_scope_2.keys()[0] - subject_category_assignments = self.manager.get_subject_assignment_list( + subject_category_assignments = self.authz_manager.get_subject_assignment_list( admin_subject_id, authz_ie_dict["id"], admin_authz_subject_id, @@ -536,7 +517,7 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase): self.assertIsInstance(subject_category_assignments, list) self.assertEqual([], subject_category_assignments) - subject_category_assignments = self.manager.get_subject_assignment_list( + subject_category_assignments = self.authz_manager.get_subject_assignment_list( admin_subject_id, authz_ie_dict["id"], demo_authz_subject_id, @@ -597,13 +578,11 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() - objects_dict = self.manager.get_objects_dict(admin_subject_id, authz_ie_dict["id"]) + objects_dict = self.authz_manager.get_objects_dict(admin_subject_id, authz_ie_dict["id"]) object_vm1_id = None object_vm2_id = None @@ -625,7 +604,7 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase): ) for object_category_id in object_categories: - object_category_scope = self.manager.get_object_scopes_dict( + object_category_scope = self.authz_manager.get_object_scopes_dict( admin_subject_id, authz_ie_dict["id"], object_category_id) @@ -656,7 +635,7 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase): new_object_category_scope_2) object_category_scope_2_id = object_category_scope_2.keys()[0] - object_category_assignments = self.manager.get_object_assignment_list( + object_category_assignments = self.authz_manager.get_object_assignment_list( admin_subject_id, authz_ie_dict["id"], object_vm1_id, @@ -665,7 +644,7 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase): self.assertIsInstance(object_category_assignments, list) self.assertEqual([], object_category_assignments) - object_category_assignments = self.manager.get_object_assignment_list( + object_category_assignments = self.authz_manager.get_object_assignment_list( admin_subject_id, authz_ie_dict["id"], object_vm2_id, @@ -726,13 +705,11 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() - actions_dict = self.manager.get_actions_dict(admin_subject_id, authz_ie_dict["id"]) + actions_dict = self.authz_manager.get_actions_dict(admin_subject_id, authz_ie_dict["id"]) action_upload_id = None action_list_id = None @@ -754,7 +731,7 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase): ) for action_category_id in action_categories: - action_category_scope = self.manager.get_action_scopes_dict( + action_category_scope = self.authz_manager.get_action_scopes_dict( admin_subject_id, authz_ie_dict["id"], action_category_id) @@ -785,7 +762,7 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase): new_action_category_scope_2) action_category_scope_2_id = action_category_scope_2.keys()[0] - action_category_assignments = self.manager.get_action_assignment_list( + action_category_assignments = self.authz_manager.get_action_assignment_list( admin_subject_id, authz_ie_dict["id"], action_upload_id, @@ -794,7 +771,7 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase): self.assertIsInstance(action_category_assignments, list) self.assertEqual([], action_category_assignments) - action_category_assignments = self.manager.get_action_assignment_list( + action_category_assignments = self.authz_manager.get_action_assignment_list( admin_subject_id, authz_ie_dict["id"], action_list_id, @@ -855,11 +832,9 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.admin_manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() aggregation_algorithms = self.admin_manager.get_aggregation_algorithm_dict(admin_subject_id, authz_ie_dict["id"]) for key, value in aggregation_algorithms.iteritems(): @@ -897,11 +872,9 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.admin_manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() sub_meta_rules = self.admin_manager.get_sub_meta_rules_dict(admin_subject_id, authz_ie_dict["id"]) self.assertIsInstance(sub_meta_rules, dict) @@ -969,23 +942,28 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase): # TODO: add test for the delete function -@dependency.requires('admin_api', 'authz_api', 'tenant_api', 'configuration_api', 'moonlog_api') +@dependency.requires('admin_api', 'authz_api', 'tenant_api', 'configuration_api', 'moonlog_api', 'identity_api', 'root_api') class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): def setUp(self): self.useFixture(database.Database()) super(TestIntraExtensionAuthzManagerAuthzKO, self).setUp() - self.load_backends() self.load_fixtures(default_fixtures) + self.load_backends() + domain = {'id': "default", 'name': "default"} + self.resource_api.create_domain(domain['id'], domain) self.admin = create_user(self, username="admin") self.demo = create_user(self, username="demo") - self.root_intra_extension = create_intra_extension(self, policy_model="policy_root") - # force re-initialization of the ADMIN_ID variable - from keystone.contrib.moon.core import ADMIN_ID - self.ADMIN_ID = ADMIN_ID - self.manager = self.authz_api + self.root_intra_extension = self.root_api.get_root_extension_dict() + self.root_intra_extension_id = self.root_intra_extension.keys()[0] + self.ADMIN_ID = self.root_api.get_root_admin_id() + self.authz_manager = self.authz_api self.admin_manager = self.admin_api + def tearDown(self): + # self.admin_manager.del_intra_extension(self.ADMIN_ID, self.root_intra_extension["id"]) + tests.TestCase.tearDown(self) + def __get_key_from_value(self, value, values_dict): return filter(lambda v: v[1] == value, values_dict.iteritems())[0][0] @@ -995,70 +973,41 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): "tenant_api": TenantManager(), "admin_api": IntraExtensionAdminManager(), "authz_api": IntraExtensionAuthzManager(), + "root_api": IntraExtensionRootManager(), # "resource_api": resource.Manager(), } def config_overrides(self): super(TestIntraExtensionAuthzManagerAuthzKO, self).config_overrides() self.policy_directory = 'examples/moon/policies' + self.root_policy_directory = 'policy_root' self.config_fixture.config( group='moon', intraextension_driver='keystone.contrib.moon.backends.sql.IntraExtensionConnector') self.config_fixture.config( group='moon', policy_directory=self.policy_directory) - - def test_tenant_exceptions(self): - self.assertRaises( - TenantUnknown, - self.manager.get_tenant_dict - ) - self.assertRaises( - TenantUnknown, - self.manager.get_tenant_name, - uuid.uuid4().hex - ) - self.assertRaises( - TenantUnknown, - self.manager.set_tenant_name, - uuid.uuid4().hex, uuid.uuid4().hex - ) - self.assertRaises( - TenantUnknown, - self.manager.get_extension_uuid, - uuid.uuid4().hex, "authz" - ) - self.assertRaises( - TenantUnknown, - self.manager.get_extension_uuid, - uuid.uuid4().hex, "admin" - ) - - def test_intra_extension_exceptions(self): - - tenant = self.create_tenant() - self.assertRaises( - IntraExtensionUnknown, - self.manager.get_extension_uuid, - tenant["id"], "authz" - ) - self.assertRaises( - IntraExtensionUnknown, - self.manager.get_extension_uuid, - tenant["id"], "admin" - ) - # TODO + self.config_fixture.config( + group='moon', + root_policy_directory=self.root_policy_directory) def test_delete_admin_intra_extension(self): + authz_ie_dict = create_intra_extension(self, "policy_authz") + admin_ie_dict = create_intra_extension(self, "policy_admin") + tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) + + admin_subject_id, admin_subject_dict = \ + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() self.assertRaises( - AdminException, - self.manager.del_intra_extension, - self.ref["id"]) + SubjectUnknown, + self.authz_manager.del_intra_extension, + uuid.uuid4().hex, + admin_ie_dict["id"]) def test_authz_exceptions(self): self.assertRaises( TenantUnknown, - self.manager.authz, + self.authz_manager.authz, uuid.uuid4().hex, uuid.uuid4().hex, uuid.uuid4().hex, uuid.uuid4().hex ) @@ -1067,19 +1016,17 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() # Test when subject is unknown self.assertRaises( SubjectUnknown, - self.manager.authz, + self.authz_manager.authz, tenant["name"], uuid.uuid4().hex, uuid.uuid4().hex, uuid.uuid4().hex ) # Test when subject is known but not the object - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], authz_ie_dict['id'], 'demo').iteritems().next() + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], authz_ie_dict['id'], 'demo').iteritems().next() # self.manager.add_subject_dict( # admin_subject_id, @@ -1089,13 +1036,13 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): self.assertRaises( ObjectUnknown, - self.manager.authz, + self.authz_manager.authz, tenant["name"], demo_subject_dict["name"], uuid.uuid4().hex, uuid.uuid4().hex ) # Test when subject and object are known but not the action my_object = {"name": "my_object", "description": "my_object description"} - _tmp = self.manager.add_object_dict( + _tmp = self.admin_manager.add_object_dict( admin_subject_id, authz_ie_dict["id"], my_object @@ -1104,13 +1051,13 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): self.assertRaises( ActionUnknown, - self.manager.authz, + self.authz_manager.authz, tenant["name"], demo_subject_dict["name"], my_object["name"], uuid.uuid4().hex ) # Test when subject and object and action are known my_action = {"name": "my_action", "description": "my_action description"} - _tmp = self.manager.add_action_dict( + _tmp = self.admin_manager.add_action_dict( admin_subject_id, authz_ie_dict["id"], my_action @@ -1119,13 +1066,13 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): self.assertRaises( AuthzException, - self.manager.authz, + self.authz_manager.authz, tenant["name"], demo_subject_dict["name"], my_object["name"], my_action["name"] ) # Add a subject scope and test ObjectCategoryAssignmentOutOfScope my_subject_category = {"name": "my_subject_category", "description": "my_subject_category description"} - _tmp = self.manager.add_subject_category_dict( + _tmp = self.admin_manager.add_subject_category_dict( admin_subject_id, authz_ie_dict["id"], my_subject_category @@ -1133,7 +1080,7 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): my_subject_category["id"] = _tmp.keys()[0] my_subject_scope = {"name": "my_subject_scope", "description": "my_subject_scope description"} - _tmp = self.manager.add_subject_scope_dict( + _tmp = self.admin_manager.add_subject_scope_dict( admin_subject_id, authz_ie_dict["id"], my_subject_category["id"], @@ -1143,13 +1090,13 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): self.assertRaises( AuthzException, - self.manager.authz, + self.authz_manager.authz, tenant["name"], demo_subject_dict["name"], my_object["name"], my_action["name"] ) # Add an object scope and test ActionCategoryAssignmentOutOfScope my_object_category = {"name": "my_object_category", "description": "my_object_category description"} - _tmp = self.manager.add_object_category_dict( + _tmp = self.admin_manager.add_object_category_dict( admin_subject_id, authz_ie_dict["id"], my_object_category @@ -1157,7 +1104,7 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): my_object_category["id"] = _tmp.keys()[0] my_object_scope = {"name": "my_object_scope", "description": "my_object_scope description"} - _tmp = self.manager.add_object_scope_dict( + _tmp = self.admin_manager.add_object_scope_dict( admin_subject_id, authz_ie_dict["id"], my_object_category["id"], @@ -1167,13 +1114,13 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): self.assertRaises( AuthzException, - self.manager.authz, + self.authz_manager.authz, tenant["name"], demo_subject_dict["name"], my_object["name"], my_action["name"] ) # Add an action scope and test SubjectCategoryAssignmentUnknown my_action_category = {"name": "my_action_category", "description": "my_action_category description"} - _tmp = self.manager.add_action_category_dict( + _tmp = self.admin_manager.add_action_category_dict( admin_subject_id, authz_ie_dict["id"], my_action_category @@ -1181,7 +1128,7 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): my_action_category["id"] = _tmp.keys()[0] my_action_scope = {"name": "my_action_scope", "description": "my_action_scope description"} - _tmp = self.manager.add_action_scope_dict( + _tmp = self.admin_manager.add_action_scope_dict( admin_subject_id, authz_ie_dict["id"], my_action_category["id"], @@ -1191,12 +1138,12 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): self.assertRaises( AuthzException, - self.manager.authz, + self.authz_manager.authz, tenant["name"], demo_subject_dict["name"], my_object["name"], my_action["name"] ) # Add a subject assignment and test ObjectCategoryAssignmentUnknown - self.manager.add_subject_assignment_list( + self.admin_manager.add_subject_assignment_list( admin_subject_id, authz_ie_dict["id"], demo_subject_id, @@ -1206,12 +1153,12 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): self.assertRaises( AuthzException, - self.manager.authz, + self.authz_manager.authz, tenant["name"], demo_subject_dict["name"], my_object["name"], my_action["name"] ) # Add an object assignment and test ActionCategoryAssignmentUnknown - self.manager.add_object_assignment_list( + self.admin_manager.add_object_assignment_list( admin_subject_id, authz_ie_dict["id"], my_object["id"], @@ -1221,12 +1168,12 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): self.assertRaises( AuthzException, - self.manager.authz, + self.authz_manager.authz, tenant["name"], demo_subject_dict["name"], my_object["name"], my_action["name"] ) # Add an action assignment and test RuleUnknown - self.manager.add_action_assignment_list( + self.admin_manager.add_action_assignment_list( admin_subject_id, authz_ie_dict["id"], my_action["id"], @@ -1236,7 +1183,7 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): self.assertRaises( AuthzException, - self.manager.authz, + self.authz_manager.authz, tenant["name"], admin_subject_dict["name"], my_object["name"], my_action["name"] ) @@ -1248,15 +1195,15 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): "action_categories": [my_action_category["id"], ], "object_categories": [my_object_category["id"], ] } - print("my_meta_rule", my_meta_rule) - sub_meta_rules_dict = self.manager.get_sub_meta_rules_dict( + sub_meta_rules_dict = self.authz_manager.get_sub_meta_rules_dict( admin_subject_id, authz_ie_dict["id"] ) + print("authz_ie_dict[\"id\"]", authz_ie_dict["id"]) self.assertRaises( SubMetaRuleAlgorithmNotExisting, - self.manager.add_sub_meta_rule_dict, + self.admin_manager.add_sub_meta_rule_dict, admin_subject_id, authz_ie_dict["id"], my_meta_rule @@ -1264,19 +1211,31 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): # TODO: the next request should be called with demo_subject_id # but the demo user has no right in the root intra_extension - algorithms = self.configuration_api.get_sub_meta_rule_algorithms_dict(admin_subject_id) - for algorithm_id in algorithms: - if algorithms[algorithm_id]["name"] == "inclusion": - my_meta_rule["algorithm"] = algorithm_id + # algorithms = self.configuration_api.get_sub_meta_rule_algorithms_dict(admin_subject_id) + # for algorithm_id in algorithms: + # if algorithms[algorithm_id]["name"] == "inclusion": + # my_meta_rule["algorithm"] = algorithm_id + my_meta_rule['algorithm'] = 'inclusion' - sub_meta_rule = self.manager.add_sub_meta_rule_dict( + sub_meta_rule = self.admin_manager.add_sub_meta_rule_dict( admin_subject_id, authz_ie_dict["id"], my_meta_rule ) - sub_meta_rule_id, sub_meta_rule_dict = sub_meta_rule.iteritems().next() - - rule = self.manager.add_rule_dict( + sub_meta_rule_id, sub_meta_rule_dict = None, None + for key, value in sub_meta_rule.iteritems(): + if value["name"] == my_meta_rule["name"]: + sub_meta_rule_id, sub_meta_rule_dict = key, value + break + + aggregation_algorithms = self.configuration_api.get_aggregation_algorithms_dict(admin_subject_id) + for _id in aggregation_algorithms: + if aggregation_algorithms[_id]["name"] == "one_true": + agg = self.admin_manager.set_aggregation_algorithm_dict(admin_subject_id, authz_ie_dict["id"], + _id, + aggregation_algorithms[_id]) + + rule = self.admin_manager.add_rule_dict( admin_subject_id, authz_ie_dict["id"], sub_meta_rule_id, @@ -1285,11 +1244,11 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): self.assertRaises( AuthzException, - self.manager.authz, + self.authz_manager.authz, tenant["name"], admin_subject_dict["name"], my_object["name"], my_action["name"] ) - result = self.manager.authz(tenant["name"], demo_subject_dict["name"], my_object["name"], my_action["name"]) + result = self.authz_manager.authz(tenant["name"], demo_subject_dict["name"], my_object["name"], my_action["name"]) self.assertEqual(True, result) def test_subjects(self): @@ -1298,12 +1257,10 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() - subjects = self.manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"]) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + subjects = self.authz_manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"]) self.assertIsInstance(subjects, dict) for key, value in subjects.iteritems(): self.assertIsInstance(value, dict) @@ -1316,7 +1273,7 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): new_subject = {"name": "subject_test", "description": "subject_test"} self.assertRaises( AuthzException, - self.manager.add_subject_dict, + self.admin_manager.add_subject_dict, demo_subject_id, admin_ie_dict["id"], new_subject) subjects = self.admin_manager.add_subject_dict(admin_subject_id, authz_ie_dict["id"], new_subject) @@ -1333,11 +1290,11 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): # Delete the new subject self.assertRaises( AuthzException, - self.manager.del_subject, + self.authz_manager.del_subject, demo_subject_id, authz_ie_dict["id"], new_subject["id"]) self.admin_manager.del_subject(admin_subject_id, authz_ie_dict["id"], new_subject["id"]) - subjects = self.manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"]) + subjects = self.authz_manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"]) for key, value in subjects.iteritems(): self.assertIsInstance(value, dict) self.assertIn("name", value) @@ -1350,12 +1307,10 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() - objects = self.manager.get_objects_dict(admin_subject_id, authz_ie_dict["id"]) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + objects = self.authz_manager.get_objects_dict(admin_subject_id, authz_ie_dict["id"]) objects_id_list = [] self.assertIsInstance(objects, dict) for key, value in objects.iteritems(): @@ -1364,39 +1319,39 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): self.assertIn("name", value) self.assertIn("description", value) - create_user(self, "subject_test") + # create_user(self, "subject_test") new_object = {"name": "object_test", "description": "object_test"} self.assertRaises( AuthzException, - self.manager.add_object_dict, + self.authz_manager.add_object_dict, demo_subject_id, admin_ie_dict["id"], new_object) self.assertRaises( ObjectsWriteNoAuthorized, self.admin_manager.add_object_dict, - admin_subject_id, authz_ie_dict["id"], new_object + admin_subject_id, admin_ie_dict["id"], new_object ) # Delete the new object for key in objects_id_list: self.assertRaises( AuthzException, - self.manager.del_object, + self.authz_manager.del_object, demo_subject_id, authz_ie_dict["id"], key) self.assertRaises( AuthzException, - self.manager.del_object, + self.authz_manager.del_object, admin_subject_id, authz_ie_dict["id"], key) for key in objects_id_list: self.assertRaises( ObjectsWriteNoAuthorized, self.admin_manager.del_object, - demo_subject_id, authz_ie_dict["id"], key) + demo_subject_id, admin_ie_dict["id"], key) self.assertRaises( ObjectsWriteNoAuthorized, self.admin_manager.del_object, - admin_subject_id, authz_ie_dict["id"], key) + admin_subject_id, admin_ie_dict["id"], key) def test_actions(self): authz_ie_dict = create_intra_extension(self, "policy_authz") @@ -1404,12 +1359,10 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() - actions = self.manager.get_actions_dict(admin_subject_id, authz_ie_dict["id"]) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + actions = self.authz_manager.get_actions_dict(admin_subject_id, authz_ie_dict["id"]) actions_id_list = [] self.assertIsInstance(actions, dict) for key, value in actions.iteritems(): @@ -1422,35 +1375,35 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): new_action = {"name": "action_test", "description": "action_test"} self.assertRaises( AuthzException, - self.manager.add_action_dict, + self.authz_manager.add_action_dict, demo_subject_id, admin_ie_dict["id"], new_action) self.assertRaises( ActionsWriteNoAuthorized, self.admin_manager.add_action_dict, - admin_subject_id, authz_ie_dict["id"], new_action + admin_subject_id, admin_ie_dict["id"], new_action ) # Delete all actions for key in actions_id_list: self.assertRaises( AuthzException, - self.manager.del_action, + self.authz_manager.del_action, demo_subject_id, authz_ie_dict["id"], key) self.assertRaises( AuthzException, - self.manager.del_action, + self.authz_manager.del_action, admin_subject_id, authz_ie_dict["id"], key) for key in actions_id_list: self.assertRaises( ActionsWriteNoAuthorized, self.admin_manager.del_action, - demo_subject_id, authz_ie_dict["id"], key) + demo_subject_id, admin_ie_dict["id"], key) self.assertRaises( ActionsWriteNoAuthorized, self.admin_manager.del_action, - admin_subject_id, authz_ie_dict["id"], key) + admin_subject_id, admin_ie_dict["id"], key) def test_subject_categories(self): authz_ie_dict = create_intra_extension(self, "policy_authz") @@ -1458,12 +1411,10 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() - subject_categories = self.manager.get_subject_categories_dict(admin_subject_id, authz_ie_dict["id"]) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + subject_categories = self.authz_manager.get_subject_categories_dict(admin_subject_id, authz_ie_dict["id"]) self.assertIsInstance(subject_categories, dict) for key, value in subject_categories.iteritems(): self.assertIsInstance(value, dict) @@ -1473,7 +1424,7 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): new_subject_category = {"name": "subject_category_test", "description": "subject_category_test"} self.assertRaises( AuthzException, - self.manager.add_subject_category_dict, + self.authz_manager.add_subject_category_dict, demo_subject_id, admin_ie_dict["id"], new_subject_category) subject_categories = self.admin_manager.add_subject_category_dict(admin_subject_id, authz_ie_dict["id"], new_subject_category) @@ -1490,11 +1441,11 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): # Delete the new subject_category self.assertRaises( AuthzException, - self.manager.del_subject_category, + self.authz_manager.del_subject_category, demo_subject_id, authz_ie_dict["id"], new_subject_category["id"]) self.admin_manager.del_subject_category(admin_subject_id, authz_ie_dict["id"], new_subject_category["id"]) - subject_categories = self.manager.get_subject_categories_dict(admin_subject_id, authz_ie_dict["id"]) + subject_categories = self.authz_manager.get_subject_categories_dict(admin_subject_id, authz_ie_dict["id"]) for key, value in subject_categories.iteritems(): self.assertIsInstance(value, dict) self.assertIn("name", value) @@ -1507,12 +1458,10 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() - object_categories = self.manager.get_object_categories_dict(admin_subject_id, authz_ie_dict["id"]) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + object_categories = self.authz_manager.get_object_categories_dict(admin_subject_id, authz_ie_dict["id"]) self.assertIsInstance(object_categories, dict) for key, value in object_categories.iteritems(): self.assertIsInstance(value, dict) @@ -1522,7 +1471,7 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): new_object_category = {"name": "object_category_test", "description": "object_category_test"} self.assertRaises( AuthzException, - self.manager.add_object_category_dict, + self.authz_manager.add_object_category_dict, demo_subject_id, admin_ie_dict["id"], new_object_category) object_categories = self.admin_manager.add_object_category_dict(admin_subject_id, authz_ie_dict["id"], new_object_category) @@ -1539,11 +1488,11 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): # Delete the new object_category self.assertRaises( AuthzException, - self.manager.del_object_category, + self.authz_manager.del_object_category, demo_subject_id, authz_ie_dict["id"], new_object_category["id"]) self.admin_manager.del_object_category(admin_subject_id, authz_ie_dict["id"], new_object_category["id"]) - object_categories = self.manager.get_object_categories_dict(admin_subject_id, authz_ie_dict["id"]) + object_categories = self.authz_manager.get_object_categories_dict(admin_subject_id, authz_ie_dict["id"]) for key, value in object_categories.iteritems(): self.assertIsInstance(value, dict) self.assertIn("name", value) @@ -1556,12 +1505,10 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() - action_categories = self.manager.get_action_categories_dict(admin_subject_id, authz_ie_dict["id"]) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + action_categories = self.authz_manager.get_action_categories_dict(admin_subject_id, authz_ie_dict["id"]) self.assertIsInstance(action_categories, dict) for key, value in action_categories.iteritems(): self.assertIsInstance(value, dict) @@ -1571,7 +1518,7 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): new_action_category = {"name": "action_category_test", "description": "action_category_test"} self.assertRaises( AuthzException, - self.manager.add_action_category_dict, + self.authz_manager.add_action_category_dict, demo_subject_id, admin_ie_dict["id"], new_action_category) action_categories = self.admin_manager.add_action_category_dict(admin_subject_id, authz_ie_dict["id"], new_action_category) @@ -1588,11 +1535,11 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): # Delete the new action_category self.assertRaises( AuthzException, - self.manager.del_action_category, + self.authz_manager.del_action_category, demo_subject_id, authz_ie_dict["id"], new_action_category["id"]) self.admin_manager.del_action_category(admin_subject_id, authz_ie_dict["id"], new_action_category["id"]) - action_categories = self.manager.get_action_categories_dict(admin_subject_id, authz_ie_dict["id"]) + action_categories = self.authz_manager.get_action_categories_dict(admin_subject_id, authz_ie_dict["id"]) for key, value in action_categories.iteritems(): self.assertIsInstance(value, dict) self.assertIn("name", value) @@ -1605,11 +1552,9 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() subject_categories = self.admin_manager.add_subject_category_dict( admin_subject_id, @@ -1622,7 +1567,7 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): for subject_category_id in subject_categories: - subject_category_scope = self.manager.get_subject_scopes_dict( + subject_category_scope = self.authz_manager.get_subject_scopes_dict( admin_subject_id, authz_ie_dict["id"], subject_category_id) @@ -1677,11 +1622,9 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() object_categories = self.admin_manager.add_object_category_dict( admin_subject_id, @@ -1694,7 +1637,7 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): for object_category_id in object_categories: - object_category_scope = self.manager.get_object_scopes_dict( + object_category_scope = self.authz_manager.get_object_scopes_dict( admin_subject_id, authz_ie_dict["id"], object_category_id) @@ -1749,11 +1692,9 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() action_categories = self.admin_manager.add_action_category_dict( admin_subject_id, @@ -1766,7 +1707,7 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): for action_category_id in action_categories: - action_category_scope = self.manager.get_action_scopes_dict( + action_category_scope = self.authz_manager.get_action_scopes_dict( admin_subject_id, authz_ie_dict["id"], action_category_id) @@ -1821,17 +1762,15 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() admin_authz_subject_id, admin_authz_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], authz_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], authz_ie_dict['id'], 'admin').iteritems().next() demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() demo_authz_subject_id, demo_authz_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], authz_ie_dict['id'], 'demo').iteritems().next() + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], authz_ie_dict['id'], 'demo').iteritems().next() - subjects_dict = self.manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"]) + subjects_dict = self.authz_manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"]) subject_categories = self.admin_manager.add_subject_category_dict( admin_subject_id, @@ -1843,7 +1782,7 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): ) for subject_category_id in subject_categories: - subject_category_scope = self.manager.get_subject_scopes_dict( + subject_category_scope = self.authz_manager.get_subject_scopes_dict( admin_subject_id, authz_ie_dict["id"], subject_category_id) @@ -1874,7 +1813,7 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): new_subject_category_scope_2) subject_category_scope_2_id = subject_category_scope_2.keys()[0] - subject_category_assignments = self.manager.get_subject_assignment_list( + subject_category_assignments = self.authz_manager.get_subject_assignment_list( admin_subject_id, authz_ie_dict["id"], admin_authz_subject_id, @@ -1883,7 +1822,7 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): self.assertIsInstance(subject_category_assignments, list) self.assertEqual([], subject_category_assignments) - subject_category_assignments = self.manager.get_subject_assignment_list( + subject_category_assignments = self.authz_manager.get_subject_assignment_list( admin_subject_id, authz_ie_dict["id"], demo_authz_subject_id, @@ -1894,14 +1833,14 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): self.assertRaises( AuthzException, - self.manager.add_subject_assignment_list, + self.authz_manager.add_subject_assignment_list, demo_subject_id, authz_ie_dict["id"], admin_authz_subject_id, subject_category_id, subject_category_scope_1_id ) self.assertRaises( AuthzException, - self.manager.add_subject_assignment_list, + self.authz_manager.add_subject_assignment_list, demo_subject_id, authz_ie_dict["id"], demo_authz_subject_id, subject_category_id, subject_category_scope_2_id ) @@ -1973,13 +1912,11 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() - objects_dict = self.manager.get_objects_dict(admin_subject_id, authz_ie_dict["id"]) + objects_dict = self.authz_manager.get_objects_dict(admin_subject_id, authz_ie_dict["id"]) object_vm1_id = None object_vm2_id = None @@ -2001,7 +1938,7 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): ) for object_category_id in object_categories: - object_category_scope = self.manager.get_object_scopes_dict( + object_category_scope = self.authz_manager.get_object_scopes_dict( admin_subject_id, authz_ie_dict["id"], object_category_id) @@ -2032,7 +1969,7 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): new_object_category_scope_2) object_category_scope_2_id = object_category_scope_2.keys()[0] - object_category_assignments = self.manager.get_object_assignment_list( + object_category_assignments = self.authz_manager.get_object_assignment_list( admin_subject_id, authz_ie_dict["id"], object_vm1_id, @@ -2041,7 +1978,7 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): self.assertIsInstance(object_category_assignments, list) self.assertEqual([], object_category_assignments) - object_category_assignments = self.manager.get_object_assignment_list( + object_category_assignments = self.authz_manager.get_object_assignment_list( admin_subject_id, authz_ie_dict["id"], object_vm2_id, @@ -2052,14 +1989,14 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): self.assertRaises( AuthzException, - self.manager.add_object_assignment_list, + self.authz_manager.add_object_assignment_list, demo_subject_id, authz_ie_dict["id"], object_vm1_id, object_category_id, object_category_scope_1_id ) self.assertRaises( AuthzException, - self.manager.add_object_assignment_list, + self.authz_manager.add_object_assignment_list, demo_subject_id, authz_ie_dict["id"], object_vm2_id, object_category_id, object_category_scope_2_id ) @@ -2131,13 +2068,11 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() - actions_dict = self.manager.get_actions_dict(admin_subject_id, authz_ie_dict["id"]) + actions_dict = self.authz_manager.get_actions_dict(admin_subject_id, authz_ie_dict["id"]) action_upload_id = None action_list_id = None @@ -2159,7 +2094,7 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): ) for action_category_id in action_categories: - action_category_scope = self.manager.get_action_scopes_dict( + action_category_scope = self.authz_manager.get_action_scopes_dict( admin_subject_id, authz_ie_dict["id"], action_category_id) @@ -2190,7 +2125,7 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): new_action_category_scope_2) action_category_scope_2_id = action_category_scope_2.keys()[0] - action_category_assignments = self.manager.get_action_assignment_list( + action_category_assignments = self.authz_manager.get_action_assignment_list( admin_subject_id, authz_ie_dict["id"], action_upload_id, @@ -2199,7 +2134,7 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): self.assertIsInstance(action_category_assignments, list) self.assertEqual([], action_category_assignments) - action_category_assignments = self.manager.get_action_assignment_list( + action_category_assignments = self.authz_manager.get_action_assignment_list( admin_subject_id, authz_ie_dict["id"], action_list_id, @@ -2210,14 +2145,14 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): self.assertRaises( AuthzException, - self.manager.add_action_assignment_list, + self.authz_manager.add_action_assignment_list, demo_subject_id, authz_ie_dict["id"], action_upload_id, action_category_id, action_category_scope_1_id ) self.assertRaises( AuthzException, - self.manager.add_action_assignment_list, + self.authz_manager.add_action_assignment_list, demo_subject_id, authz_ie_dict["id"], action_list_id, action_category_id, action_category_scope_2_id ) @@ -2289,11 +2224,9 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.admin_manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() aggregation_algorithms = self.admin_manager.get_aggregation_algorithm_dict(admin_subject_id, authz_ie_dict["id"]) for key, value in aggregation_algorithms.iteritems(): @@ -2331,11 +2264,9 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id']) admin_subject_id, admin_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() - demo_subject_dict = self.admin_manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"], - {"name": "demo", "description": "demo"}) + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next() demo_subject_id, demo_subject_dict = \ - self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() + self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() sub_meta_rules = self.admin_manager.get_sub_meta_rules_dict(admin_subject_id, authz_ie_dict["id"]) self.assertIsInstance(sub_meta_rules, dict) diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_log.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_log.py index 17e70018..37d210aa 100644 --- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_log.py +++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_log.py @@ -17,7 +17,7 @@ from keystone import resource from keystone.contrib.moon.exception import * from keystone.tests.unit import default_fixtures from keystone.contrib.moon.core import LogManager, TenantManager -from keystone.contrib.moon.core import ADMIN_ID +from keystone.tests.moon.unit import * CONF = cfg.CONF @@ -41,15 +41,18 @@ class TestIntraExtensionAdminManager(tests.TestCase): def setUp(self): self.useFixture(database.Database()) super(TestIntraExtensionAdminManager, self).setUp() - self.load_backends() self.load_fixtures(default_fixtures) - self.admin = self.create_user(username="admin") - self.demo = self.create_user(username="demo") - self.root_intra_extension = self.create_intra_extension(policy_model="policy_root") - # force re-initialization of the ADMIN_ID variable - from keystone.contrib.moon.core import ADMIN_ID - self.ADMIN_ID = ADMIN_ID - self.manager = IntraExtensionAdminManager() + self.load_backends() + domain = {'id': "default", 'name': "default"} + self.resource_api.create_domain(domain['id'], domain) + self.admin = create_user(self, username="admin") + self.demo = create_user(self, username="demo") + self.root_intra_extension = self.root_api.get_root_extension_dict() + self.root_intra_extension_id = self.root_intra_extension.keys()[0] + self.ADMIN_ID = self.root_api.get_root_admin_id() + self.authz_manager = self.authz_api + self.admin_manager = self.admin_api + self.tenant_manager = self.tenant_api def __get_key_from_value(self, value, values_dict): return filter(lambda v: v[1] == value, values_dict.iteritems())[0][0] @@ -71,43 +74,6 @@ class TestIntraExtensionAdminManager(tests.TestCase): group='moon', policy_directory=self.policy_directory) - def create_intra_extension(self, policy_model="policy_rbac_admin"): - # Create the admin user because IntraExtension needs it - self.admin = self.identity_api.create_user(USER_ADMIN) - IE["policymodel"] = policy_model - self.ref = self.manager.load_intra_extension_dict(ADMIN_ID, intra_extension_dict=IE) - self.assertIsInstance(self.ref, dict) - self.create_tenant(self.ref["id"]) - - def create_tenant(self, authz_uuid): - tenant = { - "id": uuid.uuid4().hex, - "name": "TestAuthzIntraExtensionManager", - "enabled": True, - "description": "", - "domain_id": "default" - } - project = self.resource_api.create_project(tenant["id"], tenant) - mapping = self.tenant_api.set_tenant_dict(project["id"], project["name"], authz_uuid, None) - self.assertIsInstance(mapping, dict) - self.assertIn("authz", mapping) - self.assertEqual(mapping["authz"], authz_uuid) - return mapping - - def create_user(self, username="TestAdminIntraExtensionManagerUser"): - user = { - "id": uuid.uuid4().hex, - "name": username, - "enabled": True, - "description": "", - "domain_id": "default" - } - _user = self.identity_api.create_user(user) - return _user - - def delete_admin_intra_extension(self): - self.manager.del_intra_extension(self.ref["id"]) - def send_logs(self): log_authz = "Test for authz " + uuid.uuid4().hex logs = [] diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py index 995b6a54..3c136ccd 100644 --- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py +++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py @@ -14,8 +14,8 @@ from keystone.contrib.moon.exception import * from keystone.tests.unit import default_fixtures from keystone.contrib.moon.core import LogManager from keystone.contrib.moon.core import ConfigurationManager -from keystone.contrib.moon.core import ADMIN_ID from keystone.common import dependency +from keystone.tests.moon.unit import * CONF = cfg.CONF @@ -37,17 +37,18 @@ class TestTenantManager(tests.TestCase): def setUp(self): self.useFixture(database.Database()) super(TestTenantManager, self).setUp() - self.load_backends() self.load_fixtures(default_fixtures) - self.admin = self.create_user(username="admin") - self.demo = self.create_user(username="demo") - self.root_intra_extension = self.create_intra_extension(policy_model="policy_root") - # force re-initialization of the ADMIN_ID variable - from keystone.contrib.moon.core import ADMIN_ID - self.ADMIN_ID = ADMIN_ID - self.manager = self.tenant_api - # self.configuration_api = self.configuration_api - # self.configuration_api.init_default_variables() + self.load_backends() + domain = {'id': "default", 'name': "default"} + self.resource_api.create_domain(domain['id'], domain) + self.admin = create_user(self, username="admin") + self.demo = create_user(self, username="demo") + self.root_intra_extension = self.root_api.get_root_extension_dict() + self.root_intra_extension_id = self.root_intra_extension.keys()[0] + self.ADMIN_ID = self.root_api.get_root_admin_id() + self.authz_manager = self.authz_api + self.admin_manager = self.admin_api + self.tenant_manager = self.tenant_api def load_extra_backends(self): return { @@ -67,30 +68,9 @@ class TestTenantManager(tests.TestCase): group='moon', policy_directory=self.policy_directory) - def create_user(self, username="admin"): - - _USER = dict(USER) - _USER["name"] = username - return self.identity_api.create_user(_USER) - - def create_intra_extension(self, policy_model="policy_authz"): - - IE["model"] = policy_model - IE["name"] = uuid.uuid4().hex - genre = "admin" - if "authz" in policy_model: - genre = "authz" - IE["genre"] = genre - # force re-initialization of the ADMIN_ID variable - from keystone.contrib.moon.core import ADMIN_ID - self.ADMIN_ID = ADMIN_ID - ref = self.admin_api.load_intra_extension_dict(self.ADMIN_ID, intra_extension_dict=IE) - self.assertIsInstance(ref, dict) - return ref - def test_add_tenant(self): - authz_intra_extension = self.create_intra_extension(policy_model="policy_authz") - admin_intra_extension = self.create_intra_extension(policy_model="policy_admin") + authz_intra_extension = create_intra_extension(self, policy_model="policy_authz") + admin_intra_extension = create_intra_extension(self, policy_model="policy_admin") new_tenant = { "id": uuid.uuid4().hex, "name": "demo", @@ -98,129 +78,128 @@ class TestTenantManager(tests.TestCase): "intra_authz_extension_id": authz_intra_extension['id'], "intra_admin_extension_id": admin_intra_extension['id'], } - data = self.manager.add_tenant_dict(user_id=self.ADMIN_ID, tenant_dict=new_tenant) - self.assertEquals(new_tenant["id"], data["id"]) - self.assertEquals(new_tenant["name"], data['tenant']["name"]) - self.assertEquals(new_tenant["intra_authz_extension_id"], data['tenant']["intra_authz_extension_id"]) - self.assertEquals(new_tenant["intra_admin_extension_id"], data['tenant']["intra_admin_extension_id"]) - data = self.manager.get_tenants_dict(self.ADMIN_ID) + data = self.tenant_manager.add_tenant_dict(user_id=self.ADMIN_ID, tenant_dict=new_tenant) + data_id = data.keys()[0] + self.assertEquals(new_tenant["id"], data_id) + self.assertEquals(new_tenant["name"], data[data_id]["name"]) + self.assertEquals(new_tenant["intra_authz_extension_id"], data[data_id]["intra_authz_extension_id"]) + self.assertEquals(new_tenant["intra_admin_extension_id"], data[data_id]["intra_admin_extension_id"]) + data = self.tenant_manager.get_tenants_dict(self.ADMIN_ID) self.assertNotEqual(data, {}) data = self.admin_api.get_intra_extension_dict(self.ADMIN_ID, new_tenant["intra_authz_extension_id"]) - self.assertEquals(new_tenant["intra_authz_extension_id"], data["id"]) + data_id = data["id"] + self.assertEquals(new_tenant["intra_authz_extension_id"], data_id) data = self.admin_api.get_intra_extension_dict(self.ADMIN_ID, new_tenant["intra_admin_extension_id"]) - self.assertEquals(new_tenant["intra_admin_extension_id"], data["id"]) + data_id = data["id"] + self.assertEquals(new_tenant["intra_admin_extension_id"], data_id) def test_del_tenant(self): - authz_intra_extension = self.create_intra_extension(policy_model="policy_authz") - admin_intra_extension = self.create_intra_extension(policy_model="policy_admin") + authz_intra_extension = create_intra_extension(self, policy_model="policy_authz") + admin_intra_extension = create_intra_extension(self, policy_model="policy_admin") new_tenant = { - "id": uuid.uuid4().hex, "name": "demo", "description": uuid.uuid4().hex, "intra_authz_extension_id": authz_intra_extension['id'], "intra_admin_extension_id": admin_intra_extension['id'], } - data = self.manager.add_tenant_dict(user_id=self.ADMIN_ID, tenant_dict=new_tenant) - self.assertEquals(new_tenant["id"], data["id"]) - self.assertEquals(new_tenant["name"], data['tenant']["name"]) - self.assertEquals(new_tenant["intra_authz_extension_id"], data['tenant']["intra_authz_extension_id"]) - self.assertEquals(new_tenant["intra_admin_extension_id"], data['tenant']["intra_admin_extension_id"]) - data = self.manager.get_tenants_dict(self.ADMIN_ID) + data = self.tenant_manager.add_tenant_dict(user_id=self.ADMIN_ID, tenant_dict=new_tenant) + data_id = data.keys()[0] + self.assertEquals(new_tenant["name"], data[data_id]["name"]) + self.assertEquals(new_tenant["intra_authz_extension_id"], data[data_id]["intra_authz_extension_id"]) + self.assertEquals(new_tenant["intra_admin_extension_id"], data[data_id]["intra_admin_extension_id"]) + data = self.tenant_manager.get_tenants_dict(self.ADMIN_ID) self.assertNotEqual(data, {}) - self.manager.del_tenant(self.ADMIN_ID, new_tenant["id"]) - data = self.manager.get_tenants_dict(self.ADMIN_ID) + self.tenant_manager.del_tenant(self.ADMIN_ID, data_id) + data = self.tenant_manager.get_tenants_dict(self.ADMIN_ID) self.assertEqual(data, {}) def test_set_tenant(self): - authz_intra_extension = self.create_intra_extension(policy_model="policy_authz") - admin_intra_extension = self.create_intra_extension(policy_model="policy_admin") + authz_intra_extension = create_intra_extension(self, policy_model="policy_authz") + admin_intra_extension = create_intra_extension(self, policy_model="policy_admin") new_tenant = { - "id": uuid.uuid4().hex, "name": "demo", "description": uuid.uuid4().hex, "intra_authz_extension_id": authz_intra_extension['id'], "intra_admin_extension_id": admin_intra_extension['id'], } - data = self.manager.add_tenant_dict(user_id=self.ADMIN_ID, tenant_dict=new_tenant) - self.assertEquals(new_tenant["id"], data["id"]) - self.assertEquals(new_tenant["name"], data['tenant']["name"]) - self.assertEquals(new_tenant["intra_authz_extension_id"], data['tenant']["intra_authz_extension_id"]) - self.assertEquals(new_tenant["intra_admin_extension_id"], data['tenant']["intra_admin_extension_id"]) - data = self.manager.get_tenants_dict(self.ADMIN_ID) + data = self.tenant_manager.add_tenant_dict(user_id=self.ADMIN_ID, tenant_dict=new_tenant) + data_id = data.keys()[0] + self.assertEquals(new_tenant["name"], data[data_id]["name"]) + self.assertEquals(new_tenant["intra_authz_extension_id"], data[data_id]["intra_authz_extension_id"]) + self.assertEquals(new_tenant["intra_admin_extension_id"], data[data_id]["intra_admin_extension_id"]) + data = self.tenant_manager.get_tenants_dict(self.ADMIN_ID) self.assertNotEqual(data, {}) new_tenant["name"] = "demo2" - data = self.manager.set_tenant_dict(user_id=self.ADMIN_ID, tenant_id=new_tenant["id"], tenant_dict=new_tenant) - self.assertEquals(new_tenant["id"], data["id"]) - self.assertEquals(new_tenant["name"], data['tenant']["name"]) - self.assertEquals(new_tenant["intra_authz_extension_id"], data['tenant']["intra_authz_extension_id"]) - self.assertEquals(new_tenant["intra_admin_extension_id"], data['tenant']["intra_admin_extension_id"]) + print(new_tenant) + data = self.tenant_manager.set_tenant_dict(user_id=self.ADMIN_ID, tenant_id=data_id, tenant_dict=new_tenant) + data_id = data.keys()[0] + self.assertEquals(new_tenant["name"], data[data_id]["name"]) + self.assertEquals(new_tenant["intra_authz_extension_id"], data[data_id]["intra_authz_extension_id"]) + self.assertEquals(new_tenant["intra_admin_extension_id"], data[data_id]["intra_admin_extension_id"]) def test_exception_tenant_unknown(self): - self.assertRaises(TenantUnknown, self.manager.get_tenant_dict, self.ADMIN_ID, uuid.uuid4().hex) - self.assertRaises(TenantUnknown, self.manager.del_tenant, self.ADMIN_ID, uuid.uuid4().hex) - self.assertRaises(TenantUnknown, self.manager.set_tenant_dict, self.ADMIN_ID, uuid.uuid4().hex, {}) + self.assertRaises(TenantUnknown, self.tenant_manager.get_tenant_dict, self.ADMIN_ID, uuid.uuid4().hex) + self.assertRaises(TenantUnknown, self.tenant_manager.del_tenant, self.ADMIN_ID, uuid.uuid4().hex) + self.assertRaises(TenantUnknown, self.tenant_manager.set_tenant_dict, self.ADMIN_ID, uuid.uuid4().hex, {}) - authz_intra_extension = self.create_intra_extension(policy_model="policy_authz") - admin_intra_extension = self.create_intra_extension(policy_model="policy_admin") + authz_intra_extension = create_intra_extension(self, policy_model="policy_authz") + admin_intra_extension = create_intra_extension(self, policy_model="policy_admin") new_tenant = { - "id": uuid.uuid4().hex, "name": "demo", "description": uuid.uuid4().hex, "intra_authz_extension_id": authz_intra_extension['id'], "intra_admin_extension_id": admin_intra_extension['id'], } - data = self.manager.add_tenant_dict(user_id=self.ADMIN_ID, tenant_dict=new_tenant) - self.assertEquals(new_tenant["id"], data["id"]) - self.assertEquals(new_tenant["name"], data['tenant']["name"]) - self.assertEquals(new_tenant["intra_authz_extension_id"], data['tenant']["intra_authz_extension_id"]) - self.assertEquals(new_tenant["intra_admin_extension_id"], data['tenant']["intra_admin_extension_id"]) - data = self.manager.get_tenants_dict(self.ADMIN_ID) + data = self.tenant_manager.add_tenant_dict(user_id=self.ADMIN_ID, tenant_dict=new_tenant) + data_id = data.keys()[0] + self.assertEquals(new_tenant["name"], data[data_id]["name"]) + self.assertEquals(new_tenant["intra_authz_extension_id"], data[data_id]["intra_authz_extension_id"]) + self.assertEquals(new_tenant["intra_admin_extension_id"], data[data_id]["intra_admin_extension_id"]) + data = self.tenant_manager.get_tenants_dict(self.ADMIN_ID) self.assertNotEqual(data, {}) - self.assertRaises(TenantUnknown, self.manager.get_tenant_dict, self.ADMIN_ID, uuid.uuid4().hex) + self.assertRaises(TenantUnknown, self.tenant_manager.get_tenant_dict, self.ADMIN_ID, uuid.uuid4().hex) def test_exception_tenant_added_name_existing(self): - authz_intra_extension = self.create_intra_extension(policy_model="policy_authz") - admin_intra_extension = self.create_intra_extension(policy_model="policy_admin") + authz_intra_extension = create_intra_extension(self, policy_model="policy_authz") + admin_intra_extension = create_intra_extension(self, policy_model="policy_admin") new_tenant = { - "id": uuid.uuid4().hex, "name": "demo", "description": uuid.uuid4().hex, "intra_authz_extension_id": authz_intra_extension['id'], "intra_admin_extension_id": admin_intra_extension['id'], } - data = self.manager.add_tenant_dict(user_id=self.ADMIN_ID, tenant_dict=new_tenant) - self.assertEquals(new_tenant["id"], data["id"]) - self.assertEquals(new_tenant["name"], data['tenant']["name"]) - self.assertEquals(new_tenant["intra_authz_extension_id"], data['tenant']["intra_authz_extension_id"]) - self.assertEquals(new_tenant["intra_admin_extension_id"], data['tenant']["intra_admin_extension_id"]) - data = self.manager.get_tenants_dict(self.ADMIN_ID) + data = self.tenant_manager.add_tenant_dict(user_id=self.ADMIN_ID, tenant_dict=new_tenant) + data_id = data.keys()[0] + self.assertEquals(new_tenant["name"], data[data_id]["name"]) + self.assertEquals(new_tenant["intra_authz_extension_id"], data[data_id]["intra_authz_extension_id"]) + self.assertEquals(new_tenant["intra_admin_extension_id"], data[data_id]["intra_admin_extension_id"]) + data = self.tenant_manager.get_tenants_dict(self.ADMIN_ID) self.assertNotEqual(data, {}) - self.assertRaises(TenantAddedNameExisting, self.manager.add_tenant_dict, self.ADMIN_ID, new_tenant) + self.assertRaises(TenantAddedNameExisting, self.tenant_manager.add_tenant_dict, self.ADMIN_ID, new_tenant) def test_exception_tenant_no_intra_extension(self): - authz_intra_extension = self.create_intra_extension(policy_model="policy_authz") - admin_intra_extension = self.create_intra_extension(policy_model="policy_admin") + authz_intra_extension = create_intra_extension(self, policy_model="policy_authz") + admin_intra_extension = create_intra_extension(self, policy_model="policy_admin") new_tenant = { - "id": uuid.uuid4().hex, "name": "demo", "description": uuid.uuid4().hex, "intra_authz_extension_id": authz_intra_extension['id'], "intra_admin_extension_id": admin_intra_extension['id'], } new_tenant['intra_authz_extension_id'] = None - self.assertRaises(TenantNoIntraAuthzExtension, self.manager.add_tenant_dict, self.ADMIN_ID, new_tenant) + self.assertRaises(TenantNoIntraAuthzExtension, self.tenant_manager.add_tenant_dict, self.ADMIN_ID, new_tenant) new_tenant['intra_authz_extension_id'] = authz_intra_extension['id'] - data = self.manager.add_tenant_dict(user_id=self.ADMIN_ID, tenant_dict=new_tenant) - self.assertEquals(new_tenant["id"], data["id"]) - self.assertEquals(new_tenant["name"], data['tenant']["name"]) - self.assertEquals(new_tenant["intra_authz_extension_id"], data['tenant']["intra_authz_extension_id"]) - self.assertEquals(new_tenant["intra_admin_extension_id"], data['tenant']["intra_admin_extension_id"]) - data = self.manager.get_tenants_dict(self.ADMIN_ID) + data = self.tenant_manager.add_tenant_dict(user_id=self.ADMIN_ID, tenant_dict=new_tenant) + data_id = data.keys()[0] + self.assertEquals(new_tenant["name"], data[data_id]["name"]) + self.assertEquals(new_tenant["intra_authz_extension_id"], data[data_id]["intra_authz_extension_id"]) + self.assertEquals(new_tenant["intra_admin_extension_id"], data[data_id]["intra_admin_extension_id"]) + data = self.tenant_manager.get_tenants_dict(self.ADMIN_ID) self.assertNotEqual(data, {}) new_tenant['intra_authz_extension_id'] = None new_tenant['name'] = "demo2" - self.assertRaises(TenantNoIntraAuthzExtension, self.manager.set_tenant_dict, self.ADMIN_ID, new_tenant["id"], new_tenant) + self.assertRaises(TenantNoIntraAuthzExtension, self.tenant_manager.set_tenant_dict, self.ADMIN_ID, data_id, new_tenant) |