summaryrefslogtreecommitdiffstats
path: root/keystone-moon/keystone
diff options
context:
space:
mode:
Diffstat (limited to 'keystone-moon/keystone')
-rw-r--r--keystone-moon/keystone/contrib/moon/algorithms.py34
-rw-r--r--keystone-moon/keystone/contrib/moon/backends/memory.py17
-rw-r--r--keystone-moon/keystone/contrib/moon/backends/sql.py23
-rw-r--r--keystone-moon/keystone/contrib/moon/core.py601
-rw-r--r--keystone-moon/keystone/contrib/moon/extension.py740
-rw-r--r--keystone-moon/keystone/contrib/moon/migrate_repo/versions/001_moon.py12
-rw-r--r--keystone-moon/keystone/tests/moon/unit/__init__.py10
-rw-r--r--keystone-moon/keystone/tests/moon/unit/test_unit_core_configuration.py21
-rw-r--r--keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py402
-rw-r--r--keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py515
-rw-r--r--keystone-moon/keystone/tests/moon/unit/test_unit_core_log.py58
-rw-r--r--keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py181
12 files changed, 926 insertions, 1688 deletions
diff --git a/keystone-moon/keystone/contrib/moon/algorithms.py b/keystone-moon/keystone/contrib/moon/algorithms.py
index 8644e02d..30305fc1 100644
--- a/keystone-moon/keystone/contrib/moon/algorithms.py
+++ b/keystone-moon/keystone/contrib/moon/algorithms.py
@@ -22,18 +22,19 @@ sub_meta_rule_dict = {
}
rule_dict = [
- ["high", "vm_admin", "medium"],
- ["high", "vm_admin", "low"],
- ["medium", "vm_admin", "low"],
- ["high", "vm_access", "high"],
- ["high", "vm_access", "medium"],
- ["high", "vm_access", "low"],
- ["medium", "vm_access", "medium"],
- ["medium", "vm_access", "low"],
- ["low", "vm_access", "low"]
+ ["high", "vm_admin", "medium", True],
+ ["high", "vm_admin", "low", True],
+ ["medium", "vm_admin", "low", True],
+ ["high", "vm_access", "high", True],
+ ["high", "vm_access", "medium", True],
+ ["high", "vm_access", "low", True],
+ ["medium", "vm_access", "medium", True],
+ ["medium", "vm_access", "low", True],
+ ["low", "vm_access", "low", True]
]
"""
+
def inclusion(authz_buffer, sub_meta_rule_dict, rule_list):
_cat = []
for subject_cat in sub_meta_rule_dict['subject_categories']:
@@ -46,14 +47,10 @@ def inclusion(authz_buffer, sub_meta_rule_dict, rule_list):
if object_cat in authz_buffer['object_assignments']:
_cat.append(authz_buffer['object_assignments'][object_cat])
- print("authz_buffer", authz_buffer)
- print("rule_list", rule_list)
- print("_cat", _cat)
for _element in itertools.product(*_cat):
# Add the boolean at the end
_element = list(_element)
_element.append(True)
- print("_element", _element)
if _element in rule_list:
return True
@@ -66,6 +63,13 @@ def comparison(authz_buffer, sub_meta_rule_dict, rule_list):
def all_true(decision_buffer):
for _rule in decision_buffer:
- if decision_buffer[_rule] is False:
+ if decision_buffer[_rule] == False:
return False
- return True \ No newline at end of file
+ return True
+
+
+def one_true(decision_buffer):
+ for _rule in decision_buffer:
+ if decision_buffer[_rule] == True:
+ return True
+ return False
diff --git a/keystone-moon/keystone/contrib/moon/backends/memory.py b/keystone-moon/keystone/contrib/moon/backends/memory.py
index 675240e5..7a996847 100644
--- a/keystone-moon/keystone/contrib/moon/backends/memory.py
+++ b/keystone-moon/keystone/contrib/moon/backends/memory.py
@@ -6,6 +6,7 @@
from uuid import uuid4
from glob import glob
import os
+import json
from keystone import config
from keystone.contrib.moon.core import ConfigurationDriver
@@ -19,12 +20,12 @@ class ConfigurationConnector(ConfigurationDriver):
super(ConfigurationConnector, self).__init__()
self.aggregation_algorithms_dict = dict()
self.aggregation_algorithms_dict[uuid4().hex] = {'name': 'all_true', 'description': 'all_true'}
+ self.aggregation_algorithms_dict[uuid4().hex] = {'name': 'one_true', 'description': 'one_true'}
self.sub_meta_rule_algorithms_dict = dict()
self.sub_meta_rule_algorithms_dict[uuid4().hex] = {'name': 'inclusion', 'description': 'inclusion'}
self.sub_meta_rule_algorithms_dict[uuid4().hex] = {'name': 'comparison', 'description': 'comparison'}
def get_policy_templates_dict(self):
- # TODO (dthom): this function should return a dictionary of all policy templates as:
"""
:return: {
template_id1: {name: template_name, description: template_description},
@@ -33,11 +34,15 @@ class ConfigurationConnector(ConfigurationDriver):
}
"""
nodes = glob(os.path.join(CONF.moon.policy_directory, "*"))
- return {
- "authz_templates": [os.path.basename(n) for n in nodes if os.path.isdir(n)]
- }
-
- def get_aggregation_algorithm_dict(self):
+ templates = dict()
+ for node in nodes:
+ templates[os.path.basename(node)] = dict()
+ metadata = json.load(open(os.path.join(node, "metadata.json")))
+ templates[os.path.basename(node)]["name"] = metadata["name"]
+ templates[os.path.basename(node)]["description"] = metadata["description"]
+ return templates
+
+ def get_aggregation_algorithms_dict(self):
return self.aggregation_algorithms_dict
def get_sub_meta_rule_algorithms_dict(self):
diff --git a/keystone-moon/keystone/contrib/moon/backends/sql.py b/keystone-moon/keystone/contrib/moon/backends/sql.py
index 7a75af39..cb64c1f7 100644
--- a/keystone-moon/keystone/contrib/moon/backends/sql.py
+++ b/keystone-moon/keystone/contrib/moon/backends/sql.py
@@ -887,7 +887,7 @@ class IntraExtensionConnector(IntraExtensionDriver):
def set_aggregation_algorithm_dict(self, intra_extension_id, aggregation_algorithm_id, aggregation_algorithm_dict):
with sql.transaction() as session:
query = session.query(AggregationAlgorithm)
- query = query.filter_by(intra_extension_id=intra_extension_id, id=aggregation_algorithm_id)
+ query = query.filter_by(intra_extension_id=intra_extension_id)
ref = query.first()
new_ref = AggregationAlgorithm.from_dict(
{
@@ -896,21 +896,18 @@ class IntraExtensionConnector(IntraExtensionDriver):
'intra_extension_id': intra_extension_id
}
)
- if not ref:
- session.add(new_ref)
- else:
- for attr in AggregationAlgorithm.attributes:
- if attr != 'id':
- setattr(ref, attr, getattr(new_ref, attr))
+ if ref:
+ session.delete(ref)
+ session.add(new_ref)
session.flush()
return self.get_aggregation_algorithm_dict(intra_extension_id)
- # def del_aggregation_algorithm(self, intra_extension_id, aggregation_algorithm_id):
- # with sql.transaction() as session:
- # query = session.query(AggregationAlgorithm)
- # query = query.filter_by(intra_extension_id=intra_extension_id, id=aggregation_algorithm_id)
- # ref = query.first()
- # session.delete(ref)
+ def del_aggregation_algorithm(self, intra_extension_id, aggregation_algorithm_id):
+ with sql.transaction() as session:
+ query = session.query(AggregationAlgorithm)
+ query = query.filter_by(intra_extension_id=intra_extension_id, id=aggregation_algorithm_id)
+ ref = query.first()
+ session.delete(ref)
# Getter and Setter for sub_meta_rule
diff --git a/keystone-moon/keystone/contrib/moon/core.py b/keystone-moon/keystone/contrib/moon/core.py
index d82c9fcc..a1255fe2 100644
--- a/keystone-moon/keystone/contrib/moon/core.py
+++ b/keystone-moon/keystone/contrib/moon/core.py
@@ -25,9 +25,9 @@ from keystone.contrib.moon.algorithms import *
CONF = config.CONF
LOG = log.getLogger(__name__)
-ADMIN_ID = None # default user_id for internal invocation
-ROOT_EXTENSION_ID = None
-ROOT_EXTENSION_MODEL = "policy_root"
+# ADMIN_ID = None # default user_id for internal invocation
+# ROOT_EXTENSION_ID = None
+# ROOT_EXTENSION_MODEL = "policy_root"
_OPTS = [
@@ -52,9 +52,9 @@ _OPTS = [
cfg.StrOpt('policy_directory',
default='/etc/keystone/policies',
help='Local directory where all policies are stored.'),
- cfg.StrOpt('super_extension_directory',
- default='/etc/keystone/super_extension',
- help='Local directory where SuperExtension configuration is stored.'),
+ cfg.StrOpt('root_policy_directory',
+ default='policy_root',
+ help='Local directory where Root IntraExtension configuration is stored.'),
]
CONF.register_opts(_OPTS, group='moon')
@@ -108,29 +108,29 @@ def enforce(action_names, object_name, **extra):
_action_name_list = action_names
_object_name = object_name
- def get_root_extension(self, args, kwargs):
- if not ROOT_EXTENSION_ID:
- global ROOT_EXTENSION_MODEL, ROOT_EXTENSION_ID, ADMIN_ID
- try:
- # if it is the first time we passed here, the root extension may be not initialized
- # specially during unittest. So we raise RootExtensionNotInitialized to authorize the
- # current creation process
- if 'intra_extension_dict' in kwargs:
- intra_extension_dict = kwargs['intra_extension_dict']
- else:
- intra_extension_dict = args[2]
- if isinstance(intra_extension_dict, dict) and \
- "model" in intra_extension_dict and \
- intra_extension_dict["model"] == "policy_root":
- raise RootExtensionNotInitialized()
- except KeyError:
- pass
- return ROOT_EXTENSION_ID
+ # def get_root_extension(self, args, kwargs):
+ # if not ROOT_EXTENSION_ID:
+ # global ROOT_EXTENSION_MODEL, ROOT_EXTENSION_ID, ADMIN_ID
+ # try:
+ # # if it is the first time we passed here, the root extension may be not initialized
+ # # specially during unittest. So we raise RootExtensionNotInitialized to authorize the
+ # # current creation process
+ # if 'intra_extension_dict' in kwargs:
+ # intra_extension_dict = kwargs['intra_extension_dict']
+ # else:
+ # intra_extension_dict = args[2]
+ # if isinstance(intra_extension_dict, dict) and \
+ # "model" in intra_extension_dict and \
+ # intra_extension_dict["model"] == "policy_root":
+ # raise RootExtensionNotInitialized()
+ # except KeyError:
+ # pass
+ # return ROOT_EXTENSION_ID
def wrap(func):
def wrapped(*args, **kwargs):
- global ADMIN_ID, ROOT_EXTENSION_ID
+ # global ADMIN_ID, ROOT_EXTENSION_ID
returned_value_for_func = None
self = args[0]
try:
@@ -140,46 +140,42 @@ def enforce(action_names, object_name, **extra):
intra_extension_id = None
intra_admin_extension_id = None
- try:
- intra_root_extension_id = get_root_extension(self, args, kwargs)
- # FIXME (asteroide): intra_root_extension_id is not used at all...
- except RootExtensionNotInitialized:
- # Root extension is not initialized, the current requested function must be the creation
- # of this root extension
- returned_value_for_func = func(*args, **kwargs)
- # after the creation, we must update ROOT_EXTENSION_ID and ADMIN_ID
- intra_extensions_dict = self.admin_api.driver.get_intra_extensions_dict()
- for ext in intra_extensions_dict:
- if intra_extensions_dict[ext]["model"] == ROOT_EXTENSION_MODEL:
- ROOT_EXTENSION_ID = ext
- break
- if not ROOT_EXTENSION_ID:
- raise RootExtensionUnknown()
- subjects_dict = self.admin_api.driver.get_subjects_dict(returned_value_for_func['id'])
- for subject_id in subjects_dict:
- if subjects_dict[subject_id]["name"] == "admin":
- ADMIN_ID = subject_id
- break
- if not ADMIN_ID:
- raise RootExtensionUnknown()
- # if all is OK, return values from func (creation of the root extension)
- return returned_value_for_func
+ # try:
+ intra_root_extension_id = self.root_api.get_root_extension_id()
+ # except RootExtensionNotInitialized:
+ # # Root extension is not initialized, the current requested function must be the creation
+ # # of this root extension
+ # returned_value_for_func = func(*args, **kwargs)
+ # # after the creation, we must update ROOT_EXTENSION_ID and ADMIN_ID
+ # intra_extensions_dict = self.admin_api.driver.get_intra_extensions_dict()
+ # for ext in intra_extensions_dict:
+ # if intra_extensions_dict[ext]["model"] == ROOT_EXTENSION_MODEL:
+ # ROOT_EXTENSION_ID = ext
+ # break
+ # if not ROOT_EXTENSION_ID:
+ # raise RootExtensionUnknown()
+ # subjects_dict = self.admin_api.driver.get_subjects_dict(returned_value_for_func['id'])
+ # for subject_id in subjects_dict:
+ # if subjects_dict[subject_id]["name"] == "admin":
+ # ADMIN_ID = subject_id
+ # break
+ # if not ADMIN_ID:
+ # raise RootExtensionUnknown()
+ # # if all is OK, return values from func (creation of the root extension)
+ # return returned_value_for_func
try:
intra_extension_id = args[2]
except IndexError:
- print("IndexError", kwargs)
if 'intra_extension_id' in kwargs:
intra_extension_id = kwargs['intra_extension_id']
else:
- print("in else", intra_root_extension_id)
intra_extension_id = intra_root_extension_id
- if ADMIN_ID and user_id == ADMIN_ID:
+ if user_id == self.root_api.get_root_admin_id():
# TODO: check if there is no security hole here
returned_value_for_func = func(*args, **kwargs)
else:
intra_extensions_dict = self.admin_api.driver.get_intra_extensions_dict()
- print(intra_extension_id, intra_extensions_dict)
if intra_extension_id not in intra_extensions_dict:
raise IntraExtensionUnknown()
tenants_dict = self.tenant_api.driver.get_tenants_dict()
@@ -213,7 +209,10 @@ def enforce(action_names, object_name, **extra):
# if we found the object in intra_root_extension_id, so we change the intra_admin_extension_id
# into intra_root_extension_id and we modify the ID of the subject
subjects_dict = self.admin_api.driver.get_subjects_dict(intra_admin_extension_id)
- subject_name = subjects_dict[user_id]["name"]
+ try:
+ subject_name = subjects_dict[user_id]["name"]
+ except KeyError:
+ raise SubjectUnknown()
intra_admin_extension_id = intra_root_extension_id
subjects_dict = self.admin_api.driver.get_subjects_dict(intra_admin_extension_id)
user_id = None
@@ -221,7 +220,7 @@ def enforce(action_names, object_name, **extra):
if subjects_dict[_subject_id]["name"] == subject_name:
user_id = _subject_id
if not user_id:
- raise SubjectUnknown("Subject Unknown for Root intraExtension...")
+ raise SubjectUnknown("Subject {} Unknown for Root IntraExtension...".format(subject_name))
if type(_action_name_list) in (str, unicode):
action_name_list = (_action_name_list, )
else:
@@ -256,7 +255,7 @@ def enforce(action_names, object_name, **extra):
@dependency.provider('configuration_api')
-@dependency.requires('moonlog_api', 'admin_api', 'tenant_api')
+@dependency.requires('moonlog_api', 'admin_api', 'tenant_api', 'root_api')
class ConfigurationManager(manager.Manager):
def __init__(self):
@@ -278,7 +277,7 @@ class ConfigurationManager(manager.Manager):
def get_policy_template_id_from_name(self, user_id, policy_template_name):
policy_templates_dict = self.driver.get_policy_templates_dict()
for policy_template_id in policy_templates_dict:
- if policy_templates_dict[policy_template_id]['name'] is policy_template_name:
+ if policy_templates_dict[policy_template_id]['name'] == policy_template_name:
return policy_template_id
return None
@@ -298,7 +297,7 @@ class ConfigurationManager(manager.Manager):
def get_aggregation_algorithm_id_from_name(self, user_id, aggregation_algorithm_name):
aggregation_algorithms_dict = self.driver.get_aggregation_algorithms_dict()
for aggregation_algorithm_id in aggregation_algorithms_dict:
- if aggregation_algorithms_dict[aggregation_algorithm_id]['name'] is aggregation_algorithm_name:
+ if aggregation_algorithms_dict[aggregation_algorithm_id]['name'] == aggregation_algorithm_name:
return aggregation_algorithm_id
return None
@@ -318,13 +317,13 @@ class ConfigurationManager(manager.Manager):
def get_sub_meta_rule_algorithm_id_from_name(self, sub_meta_rule_algorithm_name):
sub_meta_rule_algorithms_dict = self.driver.get_sub_meta_rule_algorithms_dict()
for sub_meta_rule_algorithm_id in sub_meta_rule_algorithms_dict:
- if sub_meta_rule_algorithms_dict[sub_meta_rule_algorithm_id]['name'] is sub_meta_rule_algorithm_name:
+ if sub_meta_rule_algorithms_dict[sub_meta_rule_algorithm_id]['name'] == sub_meta_rule_algorithm_name:
return sub_meta_rule_algorithm_id
return None
@dependency.provider('tenant_api')
-@dependency.requires('moonlog_api', 'admin_api', 'configuration_api')
+@dependency.requires('moonlog_api', 'admin_api', 'configuration_api', 'root_api', 'resource_api')
class TenantManager(manager.Manager):
def __init__(self):
@@ -348,38 +347,66 @@ class TenantManager(manager.Manager):
"""
return self.driver.get_tenants_dict()
+ def __get_keystone_tenant_dict(self, tenant_id="", tenant_name=""):
+ tenants = self.resource_api.list_projects()
+ for tenant in tenants:
+ if tenant_id and tenant_id == tenant['id']:
+ return tenant
+ if tenant_name and tenant_name == tenant['name']:
+ return tenant
+ if not tenant_id:
+ tenant_id = uuid4().hex
+ if not tenant_name:
+ tenant_name = tenant_id
+ tenant = {
+ "id": tenant_id,
+ "name": tenant_name,
+ "description": "Auto generated tenant from Moon platform",
+ "enabled": True,
+ "domain_id": "default"
+ }
+ keystone_tenant = self.resource_api.create_project(tenant["id"], tenant)
+ return keystone_tenant
+
@filter_input
@enforce(("read", "write"), "tenants")
def add_tenant_dict(self, user_id, tenant_dict):
tenants_dict = self.driver.get_tenants_dict()
for tenant_id in tenants_dict:
- if tenants_dict[tenant_id]['name'] is tenant_dict['name']:
+ if tenants_dict[tenant_id]['name'] == tenant_dict['name']:
raise TenantAddedNameExisting()
+ # Check (and eventually sync) Keystone tenant
+ if 'id' not in tenant_dict:
+ tenant_dict['id'] = None
+ keystone_tenant = self.__get_keystone_tenant_dict(tenant_dict['id'], tenant_dict['name'])
+ tenant_dict.update(keystone_tenant)
# Sync users between intra_authz_extension and intra_admin_extension
if tenant_dict['intra_admin_extension_id']:
if not tenant_dict['intra_authz_extension_id']:
raise TenantNoIntraAuthzExtension()
- authz_subjects_dict = self.admin_api.get_subjects_dict(ADMIN_ID, tenant_dict['intra_authz_extension_id'])
- admin_subjects_dict = self.admin_api.get_subjects_dict(ADMIN_ID, tenant_dict['intra_admin_extension_id'])
- for _subject_id in authz_subjects_dict:
- if _subject_id not in admin_subjects_dict:
- self.admin_api.add_subject_dict(ADMIN_ID, tenant_dict['intra_admin_extension_id'], authz_subjects_dict[_subject_id])
- for _subject_id in admin_subjects_dict:
- if _subject_id not in authz_subjects_dict:
- self.admin_api.add_subject_dict(ADMIN_ID, tenant_dict['intra_authz_extension_id'], admin_subjects_dict[_subject_id])
-
- # TODO (dthom): check whether we can replace the below code by the above one
- # authz_subjects_dict = self.admin_api.get_subjects_dict(ADMIN_ID, tenant_dict['intra_authz_extension_id'])
- # authz_subject_names_list = [authz_subjects_dict[subject_id]["name"] for subject_id in authz_subjects_dict]
- # admin_subjects_dict = self.admin_api.get_subjects_dict(ADMIN_ID, tenant_dict['intra_admin_extension_id'])
- # admin_subject_names_list = [admin_subjects_dict[subject_id]["name"] for subject_id in admin_subjects_dict]
+ # authz_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id'])
+ # admin_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id'])
# for _subject_id in authz_subjects_dict:
- # if authz_subjects_dict[_subject_id]["name"] not in admin_subject_names_list:
- # self.admin_api.add_subject_dict(ADMIN_ID, tenant_dict['intra_admin_extension_id'], authz_subjects_dict[_subject_id])
+ # if _subject_id not in admin_subjects_dict:
+ # self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id'], authz_subjects_dict[_subject_id])
# for _subject_id in admin_subjects_dict:
- # if admin_subjects_dict[_subject_id]["name"] not in authz_subject_names_list:
- # self.admin_api.add_subject_dict(ADMIN_ID, tenant_dict['intra_authz_extension_id'], admin_subjects_dict[_subject_id])
+ # if _subject_id not in authz_subjects_dict:
+ # self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id'], admin_subjects_dict[_subject_id])
+
+ # TODO (ateroide): check whether we can replace the below code by the above one
+ # NOTE (ateroide): at a first glance: no, subject_id changes depending on which intra_extesion is used
+ # we must use name which is constant.
+ authz_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id'])
+ authz_subject_names_list = [authz_subjects_dict[subject_id]["name"] for subject_id in authz_subjects_dict]
+ admin_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id'])
+ admin_subject_names_list = [admin_subjects_dict[subject_id]["name"] for subject_id in admin_subjects_dict]
+ for _subject_id in authz_subjects_dict:
+ if authz_subjects_dict[_subject_id]["name"] not in admin_subject_names_list:
+ self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id'], authz_subjects_dict[_subject_id])
+ for _subject_id in admin_subjects_dict:
+ if admin_subjects_dict[_subject_id]["name"] not in authz_subject_names_list:
+ self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id'], admin_subjects_dict[_subject_id])
return self.driver.add_tenant_dict(tenant_dict['id'], tenant_dict)
@@ -409,50 +436,20 @@ class TenantManager(manager.Manager):
if tenant_dict['intra_admin_extension_id']:
if not tenant_dict['intra_authz_extension_id']:
raise TenantNoIntraAuthzExtension
- authz_subjects_dict = self.admin_api.get_subjects_dict(ADMIN_ID, tenant_dict['intra_authz_extension_id'])
- admin_subjects_dict = self.admin_api.get_subjects_dict(ADMIN_ID, tenant_dict['intra_admin_extension_id'])
+ authz_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id'])
+ authz_subject_names_list = [authz_subjects_dict[subject_id]["name"] for subject_id in authz_subjects_dict]
+ admin_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id'])
+ admin_subject_names_list = [admin_subjects_dict[subject_id]["name"] for subject_id in admin_subjects_dict]
for _subject_id in authz_subjects_dict:
- if _subject_id not in admin_subjects_dict:
- self.admin_api.add_subject_dict(ADMIN_ID, tenant_dict['intra_admin_extension_id'], authz_subjects_dict[_subject_id])
+ if authz_subjects_dict[_subject_id]["name"] not in admin_subject_names_list:
+ self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id'], authz_subjects_dict[_subject_id])
for _subject_id in admin_subjects_dict:
- if _subject_id not in authz_subjects_dict:
- self.admin_api.add_subject_dict(ADMIN_ID, tenant_dict['intra_authz_extension_id'], admin_subjects_dict[_subject_id])
+ if admin_subjects_dict[_subject_id]["name"] not in authz_subject_names_list:
+ self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id'], admin_subjects_dict[_subject_id])
return self.driver.set_tenant_dict(tenant_id, tenant_dict)
- # TODO (dthom): move the following 2 functions to perimeter functions
- @filter_input
- def get_subject_dict_from_keystone_id(self, tenant_id, intra_extension_id, keystone_id):
- tenants_dict = self.driver.get_tenants_dict()
- if tenant_id not in tenants_dict:
- raise TenantUnknown()
- if intra_extension_id not in (tenants_dict[tenant_id]['intra_authz_extension_id'],
- tenants_dict[tenant_id]['intra_admin_extension_id'], ):
- raise IntraExtensionUnknown()
- # Note (asteroide): We used ADMIN_ID because the user requesting this information may only know his keystone_id
- # and not the subject ID in the requested intra_extension.
- subjects_dict = self.admin_api.get_subjects_dict(ADMIN_ID, intra_extension_id)
- for subject_id in subjects_dict:
- if keystone_id is subjects_dict[subject_id]['keystone_id']:
- return {subject_id: subjects_dict[subject_id]}
-
- @filter_input
- def get_subject_dict_from_keystone_name(self, tenant_id, intra_extension_id, keystone_name):
- tenants_dict = self.driver.get_tenants_dict()
- if tenant_id not in tenants_dict:
- raise TenantUnknown()
- if intra_extension_id not in (tenants_dict[tenant_id]['intra_authz_extension_id'],
- tenants_dict[tenant_id]['intra_admin_extension_id'], ):
- raise IntraExtensionUnknown()
- # Note (asteroide): We used ADMIN_ID because the user requesting this information may only know his
- # keystone_name and not the subject ID in the requested intra_extension.
- subjects_dict = self.admin_api.get_subjects_dict(ADMIN_ID, intra_extension_id)
- for subject_id in subjects_dict:
- if keystone_name is subjects_dict[subject_id]['keystone_name']:
- return {subject_id: subjects_dict[subject_id]}
-
-
-@dependency.requires('identity_api', 'tenant_api', 'configuration_api', 'authz_api', 'admin_api', 'moonlog_api')
+@dependency.requires('identity_api', 'tenant_api', 'configuration_api', 'authz_api', 'admin_api', 'moonlog_api', 'root_api')
class IntraExtensionManager(manager.Manager):
def __init__(self):
@@ -501,6 +498,7 @@ class IntraExtensionManager(manager.Manager):
authz_buffer['subject_assignments'] = dict()
authz_buffer['object_assignments'] = dict()
authz_buffer['action_assignments'] = dict()
+
for _subject_category in meta_data_dict['subject_categories']:
authz_buffer['subject_assignments'][_subject_category] = list(subject_assignment_dict[_subject_category])
for _object_category in meta_data_dict['object_categories']:
@@ -543,6 +541,8 @@ class IntraExtensionManager(manager.Manager):
aggregation_algorithm_id = aggregation_algorithm_dict.keys()[0]
if aggregation_algorithm_dict[aggregation_algorithm_id]['name'] == 'all_true':
decision = all_true(decision_buffer)
+ elif aggregation_algorithm_dict[aggregation_algorithm_id]['name'] == 'one_true':
+ decision = one_true(decision_buffer)
if not decision:
raise AuthzException("{} {}-{}-{}".format(intra_extension_id, subject_id, action_id, object_id))
return decision
@@ -607,7 +607,12 @@ class IntraExtensionManager(manager.Manager):
subject_dict = dict()
# We suppose that all subjects can be mapped to a true user in Keystone
for _subject in json_perimeter['subjects']:
- keystone_user = self.identity_api.get_user_by_name(_subject, "default")
+ try:
+ keystone_user = self.identity_api.get_user_by_name(_subject, "default")
+ except exception.UserNotFound:
+ # TODO (asteroide): must add a configuration option to allow that exception
+ # maybe a debug option for unittest
+ keystone_user = {'id': "", 'name': _subject}
subject_id = uuid4().hex
subject_dict[subject_id] = keystone_user
subject_dict[subject_id]['keystone_id'] = keystone_user["id"]
@@ -774,8 +779,6 @@ class IntraExtensionManager(manager.Manager):
sub_rule_id = self.driver.get_uuid_from_name(intra_extension_dict["id"],
sub_rule_name,
self.driver.SUB_META_RULE)
- # print(sub_rule_name)
- # print(self.get_sub_meta_rule_relations("admin", ie["id"]))
# if sub_rule_name not in self.get_sub_meta_rule_relations("admin", ie["id"])["sub_meta_rule_relations"]:
# raise IntraExtensionException("Bad sub_rule_name name {} in rules".format(sub_rule_name))
rules[sub_rule_id] = list()
@@ -833,6 +836,32 @@ class IntraExtensionManager(manager.Manager):
self.__load_rule_file(ie_dict, template_dir)
return ref
+ def load_root_intra_extension_dict(self, policy_template):
+ # Note (asteroide): Only one root Extension is authorized
+ # and this extension is created at the very beginning of the server
+ # so we don't need to use enforce here
+ for key in self.driver.get_intra_extensions_dict():
+ # Note (asteroide): if there is at least one Intra Extension, it implies that
+ # the Root Intra Extension had already been created...
+ return
+ ie_dict = dict()
+ ie_dict['id'] = uuid4().hex
+ ie_dict["name"] = "policy_root"
+ ie_dict["model"] = filter_input(policy_template)
+ ie_dict["genre"] = "admin"
+ ie_dict["description"] = "policy_root"
+ ref = self.driver.set_intra_extension_dict(ie_dict['id'], ie_dict)
+ self.moonlog_api.debug("Creation of IE: {}".format(ref))
+ # read the template given by "model" and populate default variables
+ template_dir = os.path.join(CONF.moon.policy_directory, ie_dict["model"])
+ self.__load_metadata_file(ie_dict, template_dir)
+ self.__load_perimeter_file(ie_dict, template_dir)
+ self.__load_scope_file(ie_dict, template_dir)
+ self.__load_assignment_file(ie_dict, template_dir)
+ self.__load_metarule_file(ie_dict, template_dir)
+ self.__load_rule_file(ie_dict, template_dir)
+ return ref
+
@enforce("read", "intra_extensions")
def get_intra_extension_dict(self, user_id, intra_extension_id):
"""
@@ -858,7 +887,7 @@ class IntraExtensionManager(manager.Manager):
for rule_id in self.driver.get_rules_dict(intra_extension_id, sub_meta_rule_id):
self.driver.del_rule(intra_extension_id, sub_meta_rule_id, rule_id)
self.driver.del_sub_meta_rule(intra_extension_id, sub_meta_rule_id)
- for aggregation_algorithm_id in self.driver.get_aggregation_algorithms_dict(intra_extension_id):
+ for aggregation_algorithm_id in self.driver.get_aggregation_algorithm_dict(intra_extension_id):
self.driver.del_aggregation_algorithm(intra_extension_id, aggregation_algorithm_id)
for subject_id in self.driver.get_subjects_dict(intra_extension_id):
self.driver.del_subject(intra_extension_id, subject_id)
@@ -1049,6 +1078,7 @@ class IntraExtensionManager(manager.Manager):
def add_subject_dict(self, user_id, intra_extension_id, subject_dict):
subjects_dict = self.driver.get_subjects_dict(intra_extension_id)
for subject_id in subjects_dict:
+ print(subjects_dict[subject_id]["name"], subject_dict['name'])
if subjects_dict[subject_id]["name"] == subject_dict['name']:
raise SubjectNameExisting()
# Next line will raise an error if user is not present in Keystone database
@@ -1091,6 +1121,37 @@ class IntraExtensionManager(manager.Manager):
return self.driver.set_subject_dict(intra_extension_id, subject_dict["id"], subject_dict)
@filter_input
+ def get_subject_dict_from_keystone_id(self, tenant_id, intra_extension_id, keystone_id):
+ tenants_dict = self.tenant_api.driver.get_tenants_dict()
+ if tenant_id not in tenants_dict:
+ raise TenantUnknown()
+ if intra_extension_id not in (tenants_dict[tenant_id]['intra_authz_extension_id'],
+ tenants_dict[tenant_id]['intra_admin_extension_id'], ):
+ raise IntraExtensionUnknown()
+ # Note (asteroide): We used self.root_api.get_root_admin_id() because the user requesting this information
+ # may only know his keystone_id and not the subject ID in the requested intra_extension.
+ subjects_dict = self.get_subjects_dict(self.root_api.get_root_admin_id(), intra_extension_id)
+ for subject_id in subjects_dict:
+ if keystone_id == subjects_dict[subject_id]['keystone_id']:
+ return {subject_id: subjects_dict[subject_id]}
+
+ @filter_input
+ def get_subject_dict_from_keystone_name(self, tenant_id, intra_extension_id, keystone_name):
+ tenants_dict = self.tenant_api.driver.get_tenants_dict()
+ if tenant_id not in tenants_dict:
+ raise TenantUnknown()
+ if intra_extension_id not in (tenants_dict[tenant_id]['intra_authz_extension_id'],
+ tenants_dict[tenant_id]['intra_admin_extension_id'], ):
+ raise IntraExtensionUnknown()
+ # Note (asteroide): We used self.root_api.get_root_admin_id() because the user requesting this information
+ # may only know his keystone_name and not the subject ID in the requested intra_extension.
+ subjects_dict = self.get_subjects_dict(self.root_api.get_root_admin_id(), intra_extension_id)
+ for subject_id in subjects_dict:
+ if keystone_name == subjects_dict[subject_id]['keystone_name']:
+ return {subject_id: subjects_dict[subject_id]}
+
+
+ @filter_input
@enforce("read", "objects")
def get_objects_dict(self, user_id, intra_extension_id):
return self.driver.get_objects_dict(intra_extension_id)
@@ -1539,7 +1600,7 @@ class IntraExtensionManager(manager.Manager):
@enforce(("read", "write"), "aggregation_algorithm")
def set_aggregation_algorithm_dict(self, user_id, intra_extension_id, aggregation_algorithm_id, aggregation_algorithm_dict):
if aggregation_algorithm_id:
- if aggregation_algorithm_id not in self.configuration_api.get_aggregation_algorithms_dict(ADMIN_ID):
+ if aggregation_algorithm_id not in self.configuration_api.get_aggregation_algorithms_dict(self.root_api.get_root_admin_id()):
raise AggregationAlgorithmUnknown()
else:
aggregation_algorithm_id = uuid4().hex
@@ -1577,7 +1638,9 @@ class IntraExtensionManager(manager.Manager):
sub_meta_rule_dict['action_categories'] == sub_meta_rules_dict[_sub_meta_rule_id]["action_categories"] and \
sub_meta_rule_dict['algorithm'] == sub_meta_rules_dict[_sub_meta_rule_id]["algorithm"]:
raise SubMetaRuleExisting()
- if sub_meta_rule_dict['algorithm'] not in self.configuration_api.get_sub_meta_rule_algorithms_dict(user_id):
+ algorithm_names = map(lambda x: x['name'],
+ self.configuration_api.get_sub_meta_rule_algorithms_dict(user_id).values())
+ if sub_meta_rule_dict['algorithm'] not in algorithm_names:
raise SubMetaRuleAlgorithmNotExisting()
sub_meta_rule_id = uuid4().hex
# TODO (dthom): add new sub-meta-rule to rule dict
@@ -1682,10 +1745,10 @@ class IntraExtensionAuthzManager(IntraExtensionManager):
elif genre == "admin":
genre = "intra_admin_extension_id"
- tenants_dict = self.tenant_api.get_tenants_dict(ADMIN_ID)
+ tenants_dict = self.tenant_api.get_tenants_dict(self.root_api.get_root_admin_id())
tenant_id = None
for _tenant_id in tenants_dict:
- if tenants_dict[_tenant_id]["name"] is tenant_name:
+ if tenants_dict[_tenant_id]["name"] == tenant_name:
tenant_id = _tenant_id
break
if not tenant_id:
@@ -1697,8 +1760,9 @@ class IntraExtensionAuthzManager(IntraExtensionManager):
subjects_dict = self.driver.get_subjects_dict(intra_extension_id)
subject_id = None
for _subject_id in subjects_dict:
- if subjects_dict[_subject_id]['keystone_name'] is subject_name:
- subject_id = subjects_dict[_subject_id]['keystone_id']
+ if subjects_dict[_subject_id]['keystone_name'] == subject_name:
+ # subject_id = subjects_dict[_subject_id]['keystone_id']
+ subject_id = _subject_id
break
if not subject_id:
raise SubjectUnknown()
@@ -1725,7 +1789,7 @@ class IntraExtensionAuthzManager(IntraExtensionManager):
def add_subject_dict(self, user_id, intra_extension_id, subject_dict):
subject = super(IntraExtensionAuthzManager, self).add_subject_dict(user_id, intra_extension_id, subject_dict)
subject_id, subject_value = subject.iteritems().next()
- tenants_dict = self.tenant_api.get_tenants_dict(ADMIN_ID)
+ tenants_dict = self.tenant_api.get_tenants_dict(self.root_api.get_root_admin_id())
for tenant_id in tenants_dict:
if tenants_dict[tenant_id]["intra_authz_extension_id"] == intra_extension_id:
_subjects = self.driver.get_subjects_dict(tenants_dict[tenant_id]["intra_admin_extension_id"])
@@ -1742,7 +1806,7 @@ class IntraExtensionAuthzManager(IntraExtensionManager):
def del_subject(self, user_id, intra_extension_id, subject_id):
subject_name = self.driver.get_subjects_dict(intra_extension_id)[subject_id]["name"]
super(IntraExtensionAuthzManager, self).del_subject(user_id, intra_extension_id, subject_id)
- tenants_dict = self.tenant_api.get_tenants_dict(ADMIN_ID)
+ tenants_dict = self.tenant_api.get_tenants_dict(self.root_api.get_root_admin_id())
for tenant_id in tenants_dict:
if tenants_dict[tenant_id]["intra_authz_extension_id"] == intra_extension_id:
subject_id = self.driver.get_uuid_from_name(tenants_dict[tenant_id]["intra_admin_extension_id"],
@@ -1760,7 +1824,7 @@ class IntraExtensionAuthzManager(IntraExtensionManager):
def set_subject_dict(self, user_id, intra_extension_id, subject_id, subject_dict):
subject = super(IntraExtensionAuthzManager, self).set_subject_dict(user_id, intra_extension_id, subject_dict)
subject_id, subject_value = subject.iteritems().next()
- tenants_dict = self.tenant_api.get_tenants_dict(ADMIN_ID)
+ tenants_dict = self.tenant_api.get_tenants_dict(self.root_api.get_root_admin_id())
for tenant_id in tenants_dict:
if tenants_dict[tenant_id]["intra_authz_extension_id"] == intra_extension_id:
self.driver.set_subject_dict(tenants_dict[tenant_id]["intra_admin_extension_id"], uuid4().hex, subject_value)
@@ -1770,110 +1834,110 @@ class IntraExtensionAuthzManager(IntraExtensionManager):
break
return subject
- # def add_subject_category(self, user_id, intra_extension_id, subject_category_dict):
- # raise AuthzException()
- #
- # def del_subject_category(self, user_id, intra_extension_id, subject_category_id):
- # raise AuthzException()
- #
- # def set_subject_category(self, user_id, intra_extension_id, subject_category_id, subject_category_dict):
- # raise AuthzException()
- #
- # def add_object_category(self, user_id, intra_extension_id, object_category_dict):
- # raise AuthzException()
- #
- # def del_object_category(self, user_id, intra_extension_id, object_category_id):
- # raise AuthzException()
- #
- # def add_action_category(self, user_id, intra_extension_id, action_category_name):
- # raise AuthzException()
- #
- # def del_action_category(self, user_id, intra_extension_id, action_category_id):
- # raise AuthzException()
- #
- # def add_object_dict(self, user_id, intra_extension_id, object_name):
- # raise AuthzException()
- #
- # def set_object_dict(self, user_id, intra_extension_id, object_id, object_dict):
- # raise AuthzException()
- #
- # def del_object(self, user_id, intra_extension_id, object_id):
- # raise AuthzException()
- #
- # def add_action_dict(self, user_id, intra_extension_id, action_name):
- # raise AuthzException()
- #
- # def set_action_dict(self, user_id, intra_extension_id, action_id, action_dict):
- # raise AuthzException()
- #
- # def del_action(self, user_id, intra_extension_id, action_id):
- # raise AuthzException()
- #
- # def add_subject_scope_dict(self, user_id, intra_extension_id, subject_category_id, subject_scope_dict):
- # raise AuthzException()
- #
- # def del_subject_scope(self, user_id, intra_extension_id, subject_category_id, subject_scope_id):
- # raise AuthzException()
- #
- # def set_subject_scope_dict(self, user_id, intra_extension_id, subject_category_id, subject_scope_id, subject_scope_name):
- # raise AuthzException()
- #
- # def add_object_scope_dict(self, user_id, intra_extension_id, object_category_id, object_scope_name):
- # raise AuthzException()
- #
- # def del_object_scope(self, user_id, intra_extension_id, object_category_id, object_scope_id):
- # raise AuthzException()
- #
- # def set_object_scope_dict(self, user_id, intra_extension_id, object_category_id, object_scope_id, object_scope_name):
- # raise AuthzException()
- #
- # def add_action_scope_dict(self, user_id, intra_extension_id, action_category_id, action_scope_name):
- # raise AuthzException()
- #
- # def del_action_scope(self, user_id, intra_extension_id, action_category_id, action_scope_id):
- # raise AuthzException()
- #
- # def add_subject_assignment_list(self, user_id, intra_extension_id, subject_id, subject_category_id, subject_scope_id):
- # raise AuthzException()
- #
- # def del_subject_assignment(self, user_id, intra_extension_id, subject_id, subject_category_id, subject_scope_id):
- # raise AuthzException()
- #
- # def add_object_assignment_list(self, user_id, intra_extension_id, object_id, object_category_id, object_scope_id):
- # raise AuthzException()
- #
- # def del_object_assignment(self, user_id, intra_extension_id, object_id, object_category_id, object_scope_id):
- # raise AuthzException()
- #
- # def add_action_assignment_list(self, user_id, intra_extension_id, action_id, action_category_id, action_scope_id):
- # raise AuthzException()
- #
- # def del_action_assignment(self, user_id, intra_extension_id, action_id, action_category_id, action_scope_id):
- # raise AuthzException()
- #
- # def set_aggregation_algorithm_dict(self, user_id, intra_extension_id, aggregation_algorithm_id, aggregation_algorithm_dict):
- # raise AuthzException()
- #
- # def del_aggregation_algorithm_dict(self, user_id, intra_extension_id, aggregation_algorithm_id):
- # raise AuthzException()
- #
- # def add_sub_meta_rule_dict(self, user_id, intra_extension_id, sub_meta_rule_dict):
- # raise AuthzException()
- #
- # def del_sub_meta_rule(self, user_id, intra_extension_id, sub_meta_rule_id):
- # raise AuthzException()
- #
- # def set_sub_meta_rule_dict(self, user_id, intra_extension_id, sub_meta_rule_id, sub_meta_rule_dict):
- # raise AuthzException()
- #
- # def add_rule_dict(self, user_id, intra_extension_id, sub_meta_rule_id, rule_list):
- # raise AuthzException()
- #
- # def del_rule(self, user_id, intra_extension_id, sub_meta_rule_id, rule_id):
- # raise AuthzException()
- #
- # def set_rule_dict(self, user_id, intra_extension_id, sub_meta_rule_id, rule_id, rule_list):
- # raise AuthzException()
+ def add_subject_category(self, user_id, intra_extension_id, subject_category_dict):
+ raise AuthzException()
+
+ def del_subject_category(self, user_id, intra_extension_id, subject_category_id):
+ raise AuthzException()
+
+ def set_subject_category(self, user_id, intra_extension_id, subject_category_id, subject_category_dict):
+ raise AuthzException()
+
+ def add_object_category(self, user_id, intra_extension_id, object_category_dict):
+ raise AuthzException()
+
+ def del_object_category(self, user_id, intra_extension_id, object_category_id):
+ raise AuthzException()
+
+ def add_action_category(self, user_id, intra_extension_id, action_category_name):
+ raise AuthzException()
+
+ def del_action_category(self, user_id, intra_extension_id, action_category_id):
+ raise AuthzException()
+
+ def add_object_dict(self, user_id, intra_extension_id, object_name):
+ raise AuthzException()
+
+ def set_object_dict(self, user_id, intra_extension_id, object_id, object_dict):
+ raise AuthzException()
+
+ def del_object(self, user_id, intra_extension_id, object_id):
+ raise AuthzException()
+
+ def add_action_dict(self, user_id, intra_extension_id, action_name):
+ raise AuthzException()
+
+ def set_action_dict(self, user_id, intra_extension_id, action_id, action_dict):
+ raise AuthzException()
+
+ def del_action(self, user_id, intra_extension_id, action_id):
+ raise AuthzException()
+
+ def add_subject_scope_dict(self, user_id, intra_extension_id, subject_category_id, subject_scope_dict):
+ raise AuthzException()
+
+ def del_subject_scope(self, user_id, intra_extension_id, subject_category_id, subject_scope_id):
+ raise AuthzException()
+
+ def set_subject_scope_dict(self, user_id, intra_extension_id, subject_category_id, subject_scope_id, subject_scope_name):
+ raise AuthzException()
+
+ def add_object_scope_dict(self, user_id, intra_extension_id, object_category_id, object_scope_name):
+ raise AuthzException()
+
+ def del_object_scope(self, user_id, intra_extension_id, object_category_id, object_scope_id):
+ raise AuthzException()
+
+ def set_object_scope_dict(self, user_id, intra_extension_id, object_category_id, object_scope_id, object_scope_name):
+ raise AuthzException()
+
+ def add_action_scope_dict(self, user_id, intra_extension_id, action_category_id, action_scope_name):
+ raise AuthzException()
+
+ def del_action_scope(self, user_id, intra_extension_id, action_category_id, action_scope_id):
+ raise AuthzException()
+
+ def add_subject_assignment_list(self, user_id, intra_extension_id, subject_id, subject_category_id, subject_scope_id):
+ raise AuthzException()
+
+ def del_subject_assignment(self, user_id, intra_extension_id, subject_id, subject_category_id, subject_scope_id):
+ raise AuthzException()
+
+ def add_object_assignment_list(self, user_id, intra_extension_id, object_id, object_category_id, object_scope_id):
+ raise AuthzException()
+
+ def del_object_assignment(self, user_id, intra_extension_id, object_id, object_category_id, object_scope_id):
+ raise AuthzException()
+
+ def add_action_assignment_list(self, user_id, intra_extension_id, action_id, action_category_id, action_scope_id):
+ raise AuthzException()
+
+ def del_action_assignment(self, user_id, intra_extension_id, action_id, action_category_id, action_scope_id):
+ raise AuthzException()
+
+ def set_aggregation_algorithm_dict(self, user_id, intra_extension_id, aggregation_algorithm_id, aggregation_algorithm_dict):
+ raise AuthzException()
+
+ def del_aggregation_algorithm_dict(self, user_id, intra_extension_id, aggregation_algorithm_id):
+ raise AuthzException()
+
+ def add_sub_meta_rule_dict(self, user_id, intra_extension_id, sub_meta_rule_dict):
+ raise AuthzException()
+
+ def del_sub_meta_rule(self, user_id, intra_extension_id, sub_meta_rule_id):
+ raise AuthzException()
+
+ def set_sub_meta_rule_dict(self, user_id, intra_extension_id, sub_meta_rule_id, sub_meta_rule_dict):
+ raise AuthzException()
+
+ def add_rule_dict(self, user_id, intra_extension_id, sub_meta_rule_id, rule_list):
+ raise AuthzException()
+
+ def del_rule(self, user_id, intra_extension_id, sub_meta_rule_id, rule_id):
+ raise AuthzException()
+
+ def set_rule_dict(self, user_id, intra_extension_id, sub_meta_rule_id, rule_id, rule_list):
+ raise AuthzException()
@dependency.provider('admin_api')
@@ -1885,7 +1949,7 @@ class IntraExtensionAdminManager(IntraExtensionManager):
def add_subject_dict(self, user_id, intra_extension_id, subject_dict):
subject = super(IntraExtensionAdminManager, self).add_subject_dict(user_id, intra_extension_id, subject_dict)
subject_id, subject_value = subject.iteritems().next()
- tenants_dict = self.tenant_api.get_tenants_dict(ADMIN_ID)
+ tenants_dict = self.tenant_api.get_tenants_dict(self.root_api.get_root_admin_id())
for tenant_id in tenants_dict:
if tenants_dict[tenant_id]["intra_authz_extension_id"] == intra_extension_id:
_subjects = self.driver.get_subjects_dict(tenants_dict[tenant_id]["intra_admin_extension_id"])
@@ -1902,7 +1966,7 @@ class IntraExtensionAdminManager(IntraExtensionManager):
def del_subject(self, user_id, intra_extension_id, subject_id):
subject_name = self.driver.get_subjects_dict(intra_extension_id)[subject_id]["name"]
super(IntraExtensionAdminManager, self).del_subject(user_id, intra_extension_id, subject_id)
- tenants_dict = self.tenant_api.get_tenants_dict(ADMIN_ID)
+ tenants_dict = self.tenant_api.get_tenants_dict(self.root_api.get_root_admin_id())
for tenant_id in tenants_dict:
if tenants_dict[tenant_id]["intra_authz_extension_id"] == intra_extension_id:
subject_id = self.driver.get_uuid_from_name(tenants_dict[tenant_id]["intra_admin_extension_id"],
@@ -1920,7 +1984,7 @@ class IntraExtensionAdminManager(IntraExtensionManager):
def set_subject_dict(self, user_id, intra_extension_id, subject_id, subject_dict):
subject = super(IntraExtensionAdminManager, self).set_subject_dict(user_id, intra_extension_id, subject_dict)
subject_id, subject_value = subject.iteritems().next()
- tenants_dict = self.tenant_api.get_tenants_dict(ADMIN_ID)
+ tenants_dict = self.tenant_api.get_tenants_dict(self.root_api.get_root_admin_id())
for tenant_id in tenants_dict:
if tenants_dict[tenant_id]["intra_authz_extension_id"] == intra_extension_id:
self.driver.set_subject_dict(tenants_dict[tenant_id]["intra_admin_extension_id"], uuid4().hex, subject_value)
@@ -1931,27 +1995,74 @@ class IntraExtensionAdminManager(IntraExtensionManager):
return subject
def add_object_dict(self, user_id, intra_extension_id, object_name):
- raise ObjectsWriteNoAuthorized()
+ if "admin" == self.get_intra_extension_dict(self.root_api.get_root_admin_id(), intra_extension_id)['genre']:
+ raise ObjectsWriteNoAuthorized()
+ return super(IntraExtensionAdminManager, self).add_object_dict(user_id, intra_extension_id, object_name)
def set_object_dict(self, user_id, intra_extension_id, object_id, object_dict):
- raise ObjectsWriteNoAuthorized()
+ if "admin" == self.get_intra_extension_dict(self.root_api.get_root_admin_id(), intra_extension_id)['genre']:
+ raise ObjectsWriteNoAuthorized()
+ return super(IntraExtensionAdminManager, self).set_object_dict(user_id, intra_extension_id, object_id, object_dict)
def del_object(self, user_id, intra_extension_id, object_id):
- raise ObjectsWriteNoAuthorized()
+ if "admin" == self.get_intra_extension_dict(self.root_api.get_root_admin_id(), intra_extension_id)['genre']:
+ raise ObjectsWriteNoAuthorized()
+ return super(IntraExtensionAdminManager, self).del_object(user_id, intra_extension_id, object_id)
def add_action_dict(self, user_id, intra_extension_id, action_name):
- raise ActionsWriteNoAuthorized()
+ if "admin" == self.get_intra_extension_dict(self.root_api.get_root_admin_id(), intra_extension_id)['genre']:
+ raise ActionsWriteNoAuthorized()
+ return super(IntraExtensionAdminManager, self).add_action_dict(user_id, intra_extension_id, action_name)
def set_action_dict(self, user_id, intra_extension_id, action_id, action_dict):
- raise ActionsWriteNoAuthorized()
+ if "admin" == self.get_intra_extension_dict(self.root_api.get_root_admin_id(), intra_extension_id)['genre']:
+ raise ActionsWriteNoAuthorized()
+ return super(IntraExtensionAdminManager, self).set_action_dict(user_id, intra_extension_id, action_id, action_dict)
def del_action(self, user_id, intra_extension_id, action_id):
- raise ActionsWriteNoAuthorized()
+ if "admin" == self.get_intra_extension_dict(self.root_api.get_root_admin_id(), intra_extension_id)['genre']:
+ raise ActionsWriteNoAuthorized()
+ return super(IntraExtensionAdminManager, self).del_action(user_id, intra_extension_id, action_id)
+
+
+@dependency.provider('root_api')
+@dependency.requires('moonlog_api', 'admin_api', 'tenant_api')
+class IntraExtensionRootManager(IntraExtensionManager):
+
+ def __init__(self):
+ super(IntraExtensionRootManager, self).__init__()
+ extensions = self.admin_api.driver.get_intra_extensions_dict()
+ for extension_id, extension_dict in extensions.iteritems():
+ if extension_dict["model"] == CONF.moon.root_policy_directory:
+ self.root_extension_id = extension_id
+ else:
+ extension = self.admin_api.load_root_intra_extension_dict(CONF.moon.root_policy_directory)
+ self.root_extension_id = extension['id']
+ self.root_admin_id = self.__compute_admin_id_for_root_extension()
+
+ def get_root_extension_dict(self):
+ """
+
+ :return: {id: {"name": "xxx"}}
+ """
+ return {self.root_extension_id: self.admin_api.driver.get_intra_extensions_dict()[self.root_extension_id]}
+
+ def __compute_admin_id_for_root_extension(self):
+ for subject_id, subject_dict in self.admin_api.driver.get_subjects_dict(self.root_extension_id).iteritems():
+ if subject_dict["name"] == "admin":
+ return subject_id
+ raise RootExtensionNotInitialized()
+
+ def get_root_extension_id(self):
+ return self.root_extension_id
+
+ def get_root_admin_id(self):
+ return self.root_admin_id
@dependency.provider('moonlog_api')
# Next line is mandatory in order to force keystone to process dependencies.
-@dependency.requires('identity_api', 'tenant_api', 'configuration_api', 'authz_api', 'admin_api')
+@dependency.requires('identity_api', 'tenant_api', 'configuration_api', 'authz_api', 'admin_api', 'root_api')
class LogManager(manager.Manager):
def __init__(self):
diff --git a/keystone-moon/keystone/contrib/moon/extension.py b/keystone-moon/keystone/contrib/moon/extension.py
deleted file mode 100644
index efee55c5..00000000
--- a/keystone-moon/keystone/contrib/moon/extension.py
+++ /dev/null
@@ -1,740 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-
-import os.path
-import copy
-import json
-import itertools
-from uuid import uuid4
-import logging
-
-LOG = logging.getLogger("moon.authz")
-
-
-class Metadata:
-
- def __init__(self):
- self.__name = ''
- self.__model = ''
- self.__genre = ''
- self.__description = ''
- self.__subject_categories = list()
- self.__object_categories = list()
- self.__meta_rule = dict()
- self.__meta_rule['sub_meta_rules'] = list()
- self.__meta_rule['aggregation'] = ''
-
- def load_from_json(self, extension_setting_dir):
- metadata_path = os.path.join(extension_setting_dir, 'metadata.json')
- f = open(metadata_path)
- json_metadata = json.load(f)
- self.__name = json_metadata['name']
- self.__model = json_metadata['model']
- self.__genre = json_metadata['genre']
- self.__description = json_metadata['description']
- self.__subject_categories = copy.deepcopy(json_metadata['subject_categories'])
- self.__object_categories = copy.deepcopy(json_metadata['object_categories'])
- self.__meta_rule = copy.deepcopy(json_metadata['meta_rule'])
-
- def get_name(self):
- return self.__name
-
- def get_genre(self):
- return self.__genre
-
- def get_model(self):
- return self.__model
-
- def get_subject_categories(self):
- return self.__subject_categories
-
- def get_object_categories(self):
- return self.__object_categories
-
- def get_meta_rule(self):
- return self.__meta_rule
-
- def get_meta_rule_aggregation(self):
- return self.__meta_rule['aggregation']
-
- def get_data(self):
- data = dict()
- data["name"] = self.get_name()
- data["model"] = self.__model
- data["genre"] = self.__genre
- data["description"] = self.__description
- data["subject_categories"] = self.get_subject_categories()
- data["object_categories"] = self.get_object_categories()
- data["meta_rule"] = dict(self.get_meta_rule())
- return data
-
- def set_data(self, data):
- self.__name = data["name"]
- self.__model = data["model"]
- self.__genre = data["genre"]
- self.__description = data["description"]
- self.__subject_categories = list(data["subject_categories"])
- self.__object_categories = list(data["object_categories"])
- self.__meta_rule = dict(data["meta_rule"])
-
-
-class Configuration:
- def __init__(self):
- self.__subject_category_values = dict()
- # examples: { "role": {"admin", "dev", }, }
- self.__object_category_values = dict()
- self.__rules = list()
-
- def load_from_json(self, extension_setting_dir):
- configuration_path = os.path.join(extension_setting_dir, 'configuration.json')
- f = open(configuration_path)
- json_configuration = json.load(f)
- self.__subject_category_values = copy.deepcopy(json_configuration['subject_category_values'])
- self.__object_category_values = copy.deepcopy(json_configuration['object_category_values'])
- self.__rules = copy.deepcopy(json_configuration['rules']) # TODO: currently a list, will be a dict with sub-meta-rule as key
-
- def get_subject_category_values(self):
- return self.__subject_category_values
-
- def get_object_category_values(self):
- return self.__object_category_values
-
- def get_rules(self):
- return self.__rules
-
- def get_data(self):
- data = dict()
- data["subject_category_values"] = self.get_subject_category_values()
- data["object_category_values"] = self.get_object_category_values()
- data["rules"] = self.get_rules()
- return data
-
- def set_data(self, data):
- self.__subject_category_values = list(data["subject_category_values"])
- self.__object_category_values = list(data["object_category_values"])
- self.__rules = list(data["rules"])
-
-
-class Perimeter:
- def __init__(self):
- self.__subjects = list()
- self.__objects = list()
-
- def load_from_json(self, extension_setting_dir):
- perimeter_path = os.path.join(extension_setting_dir, 'perimeter.json')
- f = open(perimeter_path)
- json_perimeter = json.load(f)
- self.__subjects = copy.deepcopy(json_perimeter['subjects'])
- self.__objects = copy.deepcopy(json_perimeter['objects'])
- # print(self.__subjects)
- # print(self.__objects)
-
- def get_subjects(self):
- return self.__subjects
-
- def get_objects(self):
- return self.__objects
-
- def get_data(self):
- data = dict()
- data["subjects"] = self.get_subjects()
- data["objects"] = self.get_objects()
- return data
-
- def set_data(self, data):
- self.__subjects = list(data["subjects"])
- self.__objects = list(data["objects"])
-
-
-class Assignment:
- def __init__(self):
- self.__subject_category_assignments = dict()
- # examples: { "role": {"user1": {"dev"}, "user2": {"admin",}}, } TODO: limit to one value for each attr
- self.__object_category_assignments = dict()
-
- def load_from_json(self, extension_setting_dir):
- assignment_path = os.path.join(extension_setting_dir, 'assignment.json')
- f = open(assignment_path)
- json_assignment = json.load(f)
-
- self.__subject_category_assignments = dict(copy.deepcopy(json_assignment['subject_category_assignments']))
- self.__object_category_assignments = dict(copy.deepcopy(json_assignment['object_category_assignments']))
-
- def get_subject_category_assignments(self):
- return self.__subject_category_assignments
-
- def get_object_category_assignments(self):
- return self.__object_category_assignments
-
- def get_data(self):
- data = dict()
- data["subject_category_assignments"] = self.get_subject_category_assignments()
- data["object_category_assignments"] = self.get_object_category_assignments()
- return data
-
- def set_data(self, data):
- self.__subject_category_assignments = list(data["subject_category_assignments"])
- self.__object_category_assignments = list(data["object_category_assignments"])
-
-
-class AuthzData:
- def __init__(self, sub, obj, act):
- self.validation = "False" # "OK, KO, Out of Scope" # "auth": False,
- self.subject = sub
- self.object = str(obj)
- self.action = str(act)
- self.type = "" # intra-tenant, inter-tenant, Out of Scope
- self.subject_attrs = dict()
- self.object_attrs = dict()
- self.requesting_tenant = "" # "subject_tenant": subject_tenant,
- self.requested_tenant = "" # "object_tenant": object_tenant,
-
- def __str__(self):
- return """AuthzData:
- validation={}
- subject={}
- object={}
- action={}
- """.format(self.validation, self.subject, self.object, self.action)
-
-
-class Extension:
- def __init__(self):
- self.metadata = Metadata()
- self.configuration = Configuration()
- self.perimeter = Perimeter()
- self.assignment = Assignment()
-
- def load_from_json(self, extension_setting_dir):
- self.metadata.load_from_json(extension_setting_dir)
- self.configuration.load_from_json(extension_setting_dir)
- self.perimeter.load_from_json(extension_setting_dir)
- self.assignment.load_from_json(extension_setting_dir)
-
- def get_name(self):
- return self.metadata.get_name()
-
- def get_genre(self):
- return self.metadata.get_genre()
-
- def authz(self, sub, obj, act):
- authz_data = AuthzData(sub, obj, act)
- # authz_logger.warning('extension/authz request: [sub {}, obj {}, act {}]'.format(sub, obj, act))
-
- if authz_data.subject in self.perimeter.get_subjects() and authz_data.object in self.perimeter.get_objects():
-
- for subject_category in self.metadata.get_subject_categories():
- authz_data.subject_attrs[subject_category] = copy.copy(
- # self.assignment.get_subject_category_attr(subject_category, sub)
- self.assignment.get_subject_category_assignments()[subject_category][sub]
- )
- # authz_logger.warning('extension/authz subject attribute: [subject attr: {}]'.format(
- # #self.assignment.get_subject_category_attr(subject_category, sub))
- # self.assignment.get_subject_category_assignments()[subject_category][sub])
- # )
-
- for object_category in self.metadata.get_object_categories():
- if object_category == 'action':
- authz_data.object_attrs[object_category] = [act]
- # authz_logger.warning('extension/authz object attribute: [object attr: {}]'.format([act]))
- else:
- authz_data.object_attrs[object_category] = copy.copy(
- self.assignment.get_object_category_assignments()[object_category][obj]
- )
- # authz_logger.warning('extension/authz object attribute: [object attr: {}]'.format(
- # self.assignment.get_object_category_assignments()[object_category][obj])
- # )
-
- _aggregation_data = dict()
-
- for sub_meta_rule in self.metadata.get_meta_rule()["sub_meta_rules"].values():
- _tmp_relation_args = list()
-
- for sub_subject_category in sub_meta_rule["subject_categories"]:
- _tmp_relation_args.append(authz_data.subject_attrs[sub_subject_category])
-
- for sub_object_category in sub_meta_rule["object_categories"]:
- _tmp_relation_args.append(authz_data.object_attrs[sub_object_category])
-
- _relation_args = list(itertools.product(*_tmp_relation_args))
-
- if sub_meta_rule['relation'] == 'relation_super': # TODO: replace by Prolog Engine
- _aggregation_data['relation_super'] = dict()
- _aggregation_data['relation_super']['result'] = False
- for _relation_arg in _relation_args:
- if list(_relation_arg) in self.configuration.get_rules()[sub_meta_rule['relation']]:
- # authz_logger.warning(
- # 'extension/authz relation super OK: [sub_sl: {}, obj_sl: {}, action: {}]'.format(
- # _relation_arg[0], _relation_arg[1], _relation_arg[2]
- # )
- # )
- _aggregation_data['relation_super']['result'] = True
- break
- _aggregation_data['relation_super']['status'] = 'finished'
-
- elif sub_meta_rule['relation'] == 'permission':
- _aggregation_data['permission'] = dict()
- _aggregation_data['permission']['result'] = False
- for _relation_arg in _relation_args:
- if list(_relation_arg) in self.configuration.get_rules()[sub_meta_rule['relation']]:
- # authz_logger.warning(
- # 'extension/authz relation permission OK: [role: {}, object: {}, action: {}]'.format(
- # _relation_arg[0], _relation_arg[1], _relation_arg[2]
- # )
- # )
- _aggregation_data['permission']['result'] = True
- break
- _aggregation_data['permission']['status'] = 'finished'
-
- if self.metadata.get_meta_rule_aggregation() == 'and_true_aggregation':
- authz_data.validation = "OK"
- for relation in _aggregation_data:
- if _aggregation_data[relation]['status'] == 'finished' \
- and _aggregation_data[relation]['result'] == False:
- authz_data.validation = "KO"
- else:
- authz_data.validation = 'Out of Scope'
-
- return authz_data.validation
-
- # ---------------- metadate api ----------------
-
- def get_subject_categories(self):
- return self.metadata.get_subject_categories()
-
- def add_subject_category(self, category_id):
- if category_id in self.get_subject_categories():
- return "[ERROR] Add Subject Category: Subject Category Exists"
- else:
- self.get_subject_categories().append(category_id)
- self.configuration.get_subject_category_values()[category_id] = list()
- self.assignment.get_subject_category_assignments()[category_id] = dict()
- return self.get_subject_categories()
-
- def del_subject_category(self, category_id):
- if category_id in self.get_subject_categories():
- self.configuration.get_subject_category_values().pop(category_id)
- self.assignment.get_subject_category_assignments().pop(category_id)
- self.get_subject_categories().remove(category_id)
- return self.get_subject_categories()
- else:
- return "[ERROR] Del Subject Category: Subject Category Unknown"
-
- def get_object_categories(self):
- return self.metadata.get_object_categories()
-
- def add_object_category(self, category_id):
- if category_id in self.get_object_categories():
- return "[ERROR] Add Object Category: Object Category Exists"
- else:
- self.get_object_categories().append(category_id)
- self.configuration.get_object_category_values()[category_id] = list()
- self.assignment.get_object_category_assignments()[category_id] = dict()
- return self.get_object_categories()
-
- def del_object_category(self, category_id):
- if category_id in self.get_object_categories():
- self.configuration.get_object_category_values().pop(category_id)
- self.assignment.get_object_category_assignments().pop(category_id)
- self.get_object_categories().remove(category_id)
- return self.get_object_categories()
- else:
- return "[ERROR] Del Object Category: Object Category Unknown"
-
- def get_meta_rule(self):
- return self.metadata.get_meta_rule()
-
- # ---------------- configuration api ----------------
-
- def get_subject_category_values(self, category_id):
- return self.configuration.get_subject_category_values()[category_id]
-
- def add_subject_category_value(self, category_id, category_value):
- if category_value in self.configuration.get_subject_category_values()[category_id]:
- return "[ERROR] Add Subject Category Value: Subject Category Value Exists"
- else:
- self.configuration.get_subject_category_values()[category_id].append(category_value)
- return self.configuration.get_subject_category_values()[category_id]
-
- def del_subject_category_value(self, category_id, category_value):
- if category_value in self.configuration.get_subject_category_values()[category_id]:
- self.configuration.get_subject_category_values()[category_id].remove(category_value)
- return self.configuration.get_subject_category_values()[category_id]
- else:
- return "[ERROR] Del Subject Category Value: Subject Category Value Unknown"
-
- def get_object_category_values(self, category_id):
- return self.configuration.get_object_category_values()[category_id]
-
- def add_object_category_value(self, category_id, category_value):
- if category_value in self.configuration.get_object_category_values()[category_id]:
- return "[ERROR] Add Object Category Value: Object Category Value Exists"
- else:
- self.configuration.get_object_category_values()[category_id].append(category_value)
- return self.configuration.get_object_category_values()[category_id]
-
- def del_object_category_value(self, category_id, category_value):
- if category_value in self.configuration.get_object_category_values()[category_id]:
- self.configuration.get_object_category_values()[category_id].remove(category_value)
- return self.configuration.get_object_category_values()[category_id]
- else:
- return "[ERROR] Del Object Category Value: Object Category Value Unknown"
-
- def get_meta_rules(self):
- return self.metadata.get_meta_rule()
-
- def _build_rule_from_list(self, relation, rule):
- rule = list(rule)
- _rule = dict()
- _rule["sub_cat_value"] = dict()
- _rule["obj_cat_value"] = dict()
- if relation in self.metadata.get_meta_rule()["sub_meta_rules"]:
- _rule["sub_cat_value"][relation] = dict()
- _rule["obj_cat_value"][relation] = dict()
- for s_category in self.metadata.get_meta_rule()["sub_meta_rules"][relation]["subject_categories"]:
- _rule["sub_cat_value"][relation][s_category] = rule.pop(0)
- for o_category in self.metadata.get_meta_rule()["sub_meta_rules"][relation]["object_categories"]:
- _rule["obj_cat_value"][relation][o_category] = rule.pop(0)
- return _rule
-
- def get_rules(self, full=False):
- if not full:
- return self.configuration.get_rules()
- rules = dict()
- for key in self.configuration.get_rules():
- rules[key] = map(lambda x: self._build_rule_from_list(key, x), self.configuration.get_rules()[key])
- return rules
-
- def add_rule(self, sub_cat_value_dict, obj_cat_value_dict):
- for _relation in self.metadata.get_meta_rule()["sub_meta_rules"]:
- _sub_rule = list()
- for sub_subject_category in self.metadata.get_meta_rule()["sub_meta_rules"][_relation]["subject_categories"]:
- try:
- if sub_cat_value_dict[_relation][sub_subject_category] \
- in self.configuration.get_subject_category_values()[sub_subject_category]:
- _sub_rule.append(sub_cat_value_dict[_relation][sub_subject_category])
- else:
- return "[Error] Add Rule: Subject Category Value Unknown"
- except KeyError as e:
- # DThom: sometimes relation attribute is buggy, I don't know why...
- print(e)
-
- #BUG: when adding a new category in rules despite it was previously adding
- # data = {
- # "sub_cat_value":
- # {"relation_super":
- # {"subject_security_level": "high", "AMH_CAT": "AMH_VAL"}
- # },
- # "obj_cat_value":
- # {"relation_super":
- # {"object_security_level": "medium"}
- # }
- # }
- # traceback = """
- # Traceback (most recent call last):
- # File "/moon/gui/views_json.py", line 20, in wrapped
- # result = function(*args, **kwargs)
- # File "/moon/gui/views_json.py", line 429, in rules
- # obj_cat_value=filter_input(data["obj_cat_value"]))
- # File "/usr/local/lib/python2.7/dist-packages/moon/core/pap/core.py", line 380, in add_rule
- # obj_cat_value)
- # File "/usr/local/lib/python2.7/dist-packages/moon/core/pdp/extension.py", line 414, in add_rule
- # if obj_cat_value_dict[_relation][sub_object_category] \
- # KeyError: u'action'
- # """
- for sub_object_category in self.metadata.get_meta_rule()["sub_meta_rules"][_relation]["object_categories"]:
- if obj_cat_value_dict[_relation][sub_object_category] \
- in self.configuration.get_object_category_values()[sub_object_category]:
- _sub_rule.append(obj_cat_value_dict[_relation][sub_object_category])
- else:
- return "[Error] Add Rule: Object Category Value Unknown"
-
- if _sub_rule in self.configuration.get_rules()[_relation]:
- return "[Error] Add Rule: Rule Exists"
- else:
- self.configuration.get_rules()[_relation].append(_sub_rule)
- return {
- sub_cat_value_dict.keys()[0]: ({
- "sub_cat_value": copy.deepcopy(sub_cat_value_dict),
- "obj_cat_value": copy.deepcopy(obj_cat_value_dict)
- }, )
- }
- return self.configuration.get_rules()
-
- def del_rule(self, sub_cat_value_dict, obj_cat_value_dict):
- for _relation in self.metadata.get_meta_rule()["sub_meta_rules"]:
- _sub_rule = list()
- for sub_subject_category in self.metadata.get_meta_rule()["sub_meta_rules"][_relation]["subject_categories"]:
- _sub_rule.append(sub_cat_value_dict[_relation][sub_subject_category])
-
- for sub_object_category in self.metadata.get_meta_rule()["sub_meta_rules"][_relation]["object_categories"]:
- _sub_rule.append(obj_cat_value_dict[_relation][sub_object_category])
-
- if _sub_rule in self.configuration.get_rules()[_relation]:
- self.configuration.get_rules()[_relation].remove(_sub_rule)
- else:
- return "[Error] Del Rule: Rule Unknown"
- return self.configuration.get_rules()
-
- # ---------------- perimeter api ----------------
-
- def get_subjects(self):
- return self.perimeter.get_subjects()
-
- def get_objects(self):
- return self.perimeter.get_objects()
-
- def add_subject(self, subject_id):
- if subject_id in self.perimeter.get_subjects():
- return "[ERROR] Add Subject: Subject Exists"
- else:
- self.perimeter.get_subjects().append(subject_id)
- return self.perimeter.get_subjects()
-
- def del_subject(self, subject_id):
- if subject_id in self.perimeter.get_subjects():
- self.perimeter.get_subjects().remove(subject_id)
- return self.perimeter.get_subjects()
- else:
- return "[ERROR] Del Subject: Subject Unknown"
-
- def add_object(self, object_id):
- if object_id in self.perimeter.get_objects():
- return "[ERROR] Add Object: Object Exists"
- else:
- self.perimeter.get_objects().append(object_id)
- return self.perimeter.get_objects()
-
- def del_object(self, object_id):
- if object_id in self.perimeter.get_objects():
- self.perimeter.get_objects().remove(object_id)
- return self.perimeter.get_objects()
- else:
- return "[ERROR] Del Object: Object Unknown"
-
- # ---------------- assignment api ----------------
-
- def get_subject_assignments(self, category_id):
- if category_id in self.metadata.get_subject_categories():
- return self.assignment.get_subject_category_assignments()[category_id]
- else:
- return "[ERROR] Get Subject Assignment: Subject Category Unknown"
-
- def add_subject_assignment(self, category_id, subject_id, category_value):
- if category_id in self.metadata.get_subject_categories():
- if subject_id in self.perimeter.get_subjects():
- if category_value in self.configuration.get_subject_category_values()[category_id]:
- if category_id in self.assignment.get_subject_category_assignments().keys():
- if subject_id in self.assignment.get_subject_category_assignments()[category_id].keys():
- if category_value in self.assignment.get_subject_category_assignments()[category_id][subject_id]:
- return "[ERROR] Add Subject Assignment: Subject Assignment Exists"
- else:
- self.assignment.get_subject_category_assignments()[category_id][subject_id].extend([category_value])
- else:
- self.assignment.get_subject_category_assignments()[category_id][subject_id] = [category_value]
- else:
- self.assignment.get_subject_category_assignments()[category_id] = {subject_id: [category_value]}
- return self.assignment.get_subject_category_assignments()
- else:
- return "[ERROR] Add Subject Assignment: Subject Category Value Unknown"
- else:
- return "[ERROR] Add Subject Assignment: Subject Unknown"
- else:
- return "[ERROR] Add Subject Assignment: Subject Category Unknown"
-
- def del_subject_assignment(self, category_id, subject_id, category_value):
- if category_id in self.metadata.get_subject_categories():
- if subject_id in self.perimeter.get_subjects():
- if category_value in self.configuration.get_subject_category_values()[category_id]:
- if len(self.assignment.get_subject_category_assignments()[category_id][subject_id]) >= 2:
- self.assignment.get_subject_category_assignments()[category_id][subject_id].remove(category_value)
- else:
- self.assignment.get_subject_category_assignments()[category_id].pop(subject_id)
- return self.assignment.get_subject_category_assignments()
- else:
- return "[ERROR] Del Subject Assignment: Assignment Unknown"
- else:
- return "[ERROR] Del Subject Assignment: Subject Unknown"
- else:
- return "[ERROR] Del Subject Assignment: Subject Category Unknown"
-
- def get_object_assignments(self, category_id):
- if category_id in self.metadata.get_object_categories():
- return self.assignment.get_object_category_assignments()[category_id]
- else:
- return "[ERROR] Get Object Assignment: Object Category Unknown"
-
- def add_object_assignment(self, category_id, object_id, category_value):
- if category_id in self.metadata.get_object_categories():
- if object_id in self.perimeter.get_objects():
- if category_value in self.configuration.get_object_category_values()[category_id]:
- if category_id in self.assignment.get_object_category_assignments().keys():
- if object_id in self.assignment.get_object_category_assignments()[category_id].keys():
- if category_value in self.assignment.get_object_category_assignments()[category_id][object_id]:
- return "[ERROR] Add Object Assignment: Object Assignment Exists"
- else:
- self.assignment.get_object_category_assignments()[category_id][object_id].extend([category_value])
- else:
- self.assignment.get_object_category_assignments()[category_id][object_id] = [category_value]
- else:
- self.assignment.get_object_category_assignments()[category_id] = {object_id: [category_value]}
- return self.assignment.get_object_category_assignments()
- else:
- return "[ERROR] Add Object Assignment: Object Category Value Unknown"
- else:
- return "[ERROR] Add Object Assignment: Object Unknown"
- else:
- return "[ERROR] Add Object Assignment: Object Category Unknown"
-
- def del_object_assignment(self, category_id, object_id, category_value):
- if category_id in self.metadata.get_object_categories():
- if object_id in self.perimeter.get_objects():
- if category_value in self.configuration.get_object_category_values()[category_id]:
- if len(self.assignment.get_object_category_assignments()[category_id][object_id]) >= 2:
- self.assignment.get_object_category_assignments()[category_id][object_id].remove(category_value)
- else:
- self.assignment.get_object_category_assignments()[category_id].pop(object_id)
- return self.assignment.get_object_category_assignments()
- else:
- return "[ERROR] Del Object Assignment: Assignment Unknown"
- else:
- return "[ERROR] Del Object Assignment: Object Unknown"
- else:
- return "[ERROR] Del Object Assignment: Object Category Unknown"
-
- # ---------------- inter-extension API ----------------
-
- def create_requesting_collaboration(self, sub_list, vent_uuid, act):
- _sub_cat_values = dict()
- _obj_cat_values = dict()
-
- if type(self.add_object(vent_uuid)) is not list:
- return "[Error] Create Requesting Collaboration: No Success"
- for _relation in self.get_meta_rule()["sub_meta_rules"]:
- for _sub_cat_id in self.get_meta_rule()["sub_meta_rules"][_relation]["subject_categories"]:
- _sub_cat_value = str(uuid4())
- if type(self.add_subject_category_value(_sub_cat_id, _sub_cat_value)) is not list:
- return "[Error] Create Requesting Collaboration: No Success"
- _sub_cat_values[_relation] = {_sub_cat_id: _sub_cat_value}
- for _sub in sub_list:
- if type(self.add_subject_assignment(_sub_cat_id, _sub, _sub_cat_value)) is not dict:
- return "[Error] Create Requesting Collaboration: No Success"
-
- for _obj_cat_id in self.get_meta_rule()["sub_meta_rules"][_relation]["object_categories"]:
- if _obj_cat_id == 'action':
- _obj_cat_values[_relation][_obj_cat_id] = act
- else:
- _obj_cat_value = str(uuid4())
- if type(self.add_object_category_value(_obj_cat_id, _obj_cat_value)) is not list:
- return "[Error] Create Requesting Collaboration: No Success"
- if type(self.add_object_assignment(_obj_cat_id, vent_uuid, _obj_cat_value)) is not dict:
- return "[Error] Create Requesting Collaboration: No Success"
- _obj_cat_values[_relation] = {_obj_cat_id: _obj_cat_value}
-
- _rule = self.add_rule(_sub_cat_values, _obj_cat_values)
- if type(_rule) is not dict:
- return "[Error] Create Requesting Collaboration: No Success"
- return {"subject_category_value_dict": _sub_cat_values, "object_category_value_dict": _obj_cat_values,
- "rule": _rule}
-
- def destroy_requesting_collaboration(self, sub_list, vent_uuid, sub_cat_value_dict, obj_cat_value_dict):
- for _relation in self.get_meta_rule()["sub_meta_rules"]:
- for _sub_cat_id in self.get_meta_rule()["sub_meta_rules"][_relation]["subject_categories"]:
- for _sub in sub_list:
- if type(self.del_subject_assignment(_sub_cat_id, _sub, sub_cat_value_dict[_relation][_sub_cat_id]))\
- is not dict:
- return "[Error] Destroy Requesting Collaboration: No Success"
- if type(self.del_subject_category_value(_sub_cat_id, sub_cat_value_dict[_relation][_sub_cat_id])) \
- is not list:
- return "[Error] Destroy Requesting Collaboration: No Success"
-
- for _obj_cat_id in self.get_meta_rule()["sub_meta_rules"][_relation]["object_categories"]:
- if _obj_cat_id == "action":
- pass # TODO: reconsidering the action as object attribute
- else:
- if type(self.del_object_assignment(_obj_cat_id, vent_uuid, obj_cat_value_dict[_relation][_obj_cat_id])) is not dict:
- return "[Error] Destroy Requesting Collaboration: No Success"
- if type(self.del_object_category_value(_obj_cat_id, obj_cat_value_dict[_relation][_obj_cat_id])) is not list:
- return "[Error] Destroy Requesting Collaboration: No Success"
-
- if type(self.del_rule(sub_cat_value_dict, obj_cat_value_dict)) is not dict:
- return "[Error] Destroy Requesting Collaboration: No Success"
- if type(self.del_object(vent_uuid)) is not list:
- return "[Error] Destroy Requesting Collaboration: No Success"
- return "[Destroy Requesting Collaboration] OK"
-
- def create_requested_collaboration(self, vent_uuid, obj_list, act):
- _sub_cat_values = dict()
- _obj_cat_values = dict()
-
- if type(self.add_subject(vent_uuid)) is not list:
- return "[Error] Create Requested Collaboration: No Success"
-
- for _relation in self.get_meta_rule()["sub_meta_rules"]:
- for _sub_cat_id in self.get_meta_rule()["sub_meta_rules"][_relation]["subject_categories"]:
- _sub_cat_value = str(uuid4())
- if type(self.add_subject_category_value(_sub_cat_id, _sub_cat_value)) is not list:
- return "[Error] Create Requested Collaboration: No Success"
- _sub_cat_values[_relation] = {_sub_cat_id: _sub_cat_value}
- if type(self.add_subject_assignment(_sub_cat_id, vent_uuid, _sub_cat_value)) is not dict:
- return "[Error] Create Requested Collaboration: No Success"
-
- for _obj_cat_id in self.get_meta_rule()["sub_meta_rules"][_relation]["object_categories"]:
- if _obj_cat_id == 'action':
- _obj_cat_values[_relation][_obj_cat_id] = act
- else:
- _obj_cat_value = str(uuid4())
- if type(self.add_object_category_value(_obj_cat_id, _obj_cat_value)) is not list:
- return "[Error] Create Requested Collaboration: No Success"
- _obj_cat_values[_relation] = {_obj_cat_id: _obj_cat_value}
- for _obj in obj_list:
- if type(self.add_object_assignment(_obj_cat_id, _obj, _obj_cat_value)) is not dict:
- return "[Error] Create Requested Collaboration: No Success"
-
- _rule = self.add_rule(_sub_cat_values, _obj_cat_values)
- if type(_rule) is not dict:
- return "[Error] Create Requested Collaboration: No Success"
- return {"subject_category_value_dict": _sub_cat_values, "object_category_value_dict": _obj_cat_values,
- "rule": _rule}
-
- def destroy_requested_collaboration(self, vent_uuid, obj_list, sub_cat_value_dict, obj_cat_value_dict):
- for _relation in self.get_meta_rule()["sub_meta_rules"]:
- for _sub_cat_id in self.get_meta_rule()["sub_meta_rules"][_relation]["subject_categories"]:
- if type(self.del_subject_assignment(_sub_cat_id, vent_uuid, sub_cat_value_dict[_relation][_sub_cat_id])) is not dict:
- return "[Error] Destroy Requested Collaboration: No Success"
- if type(self.del_subject_category_value(_sub_cat_id, sub_cat_value_dict[_relation][_sub_cat_id])) is not list:
- return "[Error] Destroy Requested Collaboration: No Success"
-
- for _obj_cat_id in self.get_meta_rule()["sub_meta_rules"][_relation]["object_categories"]:
- if _obj_cat_id == "action":
- pass # TODO: reconsidering the action as object attribute
- else:
- for _obj in obj_list:
- if type(self.del_object_assignment(_obj_cat_id, _obj, obj_cat_value_dict[_relation][_obj_cat_id])) is not dict:
- return "[Error] Destroy Requested Collaboration: No Success"
- if type(self.del_object_category_value(_obj_cat_id, obj_cat_value_dict[_relation][_obj_cat_id])) is not list:
- return "[Error] Destroy Requested Collaboration: No Success"
-
- if type(self.del_rule(sub_cat_value_dict, obj_cat_value_dict)) is not dict:
- return "[Error] Destroy Requested Collaboration: No Success"
- if type(self.del_subject(vent_uuid)) is not list:
- return "[Error] Destroy Requested Collaboration: No Success"
- return "[Destroy Requested Collaboration] OK"
-
- # ---------------- sync_db api ----------------
-
- def get_data(self):
- data = dict()
- data["metadata"] = self.metadata.get_data()
- data["configuration"] = self.configuration.get_data()
- data["perimeter"] = self.perimeter.get_data()
- data["assignment"] = self.assignment.get_data()
- return data
-
- def set_data(self, extension_data):
- self.metadata.set_data(extension_data["metadata"])
- self.configuration.set_data(extension_data["configuration"])
- self.perimeter.set_data(extension_data["perimeter"])
- self.assignment.set_data(extension_data["assignment"])
diff --git a/keystone-moon/keystone/contrib/moon/migrate_repo/versions/001_moon.py b/keystone-moon/keystone/contrib/moon/migrate_repo/versions/001_moon.py
index af4d80bb..4fd26bef 100644
--- a/keystone-moon/keystone/contrib/moon/migrate_repo/versions/001_moon.py
+++ b/keystone-moon/keystone/contrib/moon/migrate_repo/versions/001_moon.py
@@ -21,11 +21,11 @@ def upgrade(migrate_engine):
mysql_charset='utf8')
intra_extension_table.create(migrate_engine, checkfirst=True)
- intra_extension_table.insert().values(id=uuid4().hex, intra_extension={
- 'name': "Root Extension",
- 'description': "The root intra extension",
- 'model': 'admin'
- })
+ # intra_extension_table.insert().values(id=uuid4().hex, intra_extension={
+ # 'name': "Root Extension",
+ # 'description': "The root intra extension",
+ # 'model': 'admin'
+ # })
tenant_table = sql.Table(
'tenants',
@@ -195,8 +195,6 @@ def upgrade(migrate_engine):
mysql_charset='utf8')
rules_table.create(migrate_engine, checkfirst=True)
- # TODO: load root_extension
-
def downgrade(migrate_engine):
meta = sql.MetaData()
diff --git a/keystone-moon/keystone/tests/moon/unit/__init__.py b/keystone-moon/keystone/tests/moon/unit/__init__.py
index 0cd835ce..54c9252e 100644
--- a/keystone-moon/keystone/tests/moon/unit/__init__.py
+++ b/keystone-moon/keystone/tests/moon/unit/__init__.py
@@ -3,7 +3,6 @@
# license which can be found in the file 'LICENSE' in this package distribution
# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
import uuid
-from keystone.contrib.moon.core import ADMIN_ID
USER = {
'name': 'admin',
@@ -25,10 +24,8 @@ def create_intra_extension(self, policy_model="policy_authz"):
if "authz" in policy_model:
genre = "authz"
IE["genre"] = genre
- # force re-initialization of the ADMIN_ID variable
- from keystone.contrib.moon.core import ADMIN_ID
- self.ADMIN_ID = ADMIN_ID
- ref = self.admin_api.load_intra_extension_dict(self.ADMIN_ID, intra_extension_dict=IE)
+ ref = self.admin_api.load_intra_extension_dict(self.root_api.get_root_admin_id(),
+ intra_extension_dict=IE)
self.assertIsInstance(ref, dict)
return ref
@@ -62,7 +59,6 @@ def create_user(self, username="TestAdminIntraExtensionManagerUser"):
def create_mapping(self, tenant_name=None, authz_id=None, admin_id=None):
- from keystone.contrib.moon.core import ADMIN_ID
if not tenant_name:
tenant_name = uuid.uuid4().hex
@@ -76,7 +72,7 @@ def create_mapping(self, tenant_name=None, authz_id=None, admin_id=None):
"domain_id": "default"
}
keystone_tenant = self.resource_api.create_project(tenant["id"], tenant)
- mapping = self.tenant_api.add_tenant_dict(ADMIN_ID, tenant)
+ mapping = self.tenant_api.add_tenant_dict(self.root_api.get_root_admin_id(), tenant)
self.assertIsInstance(mapping, dict)
self.assertIn("intra_authz_extension_id", mapping[tenant["id"]])
self.assertIn("intra_admin_extension_id", mapping[tenant["id"]])
diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_configuration.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_configuration.py
index 1d612b7d..0be52c18 100644
--- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_configuration.py
+++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_configuration.py
@@ -12,7 +12,6 @@ from keystone.contrib.moon.core import ConfigurationManager
from keystone.tests.unit.ksfixtures import database
from keystone.contrib.moon.exception import *
from keystone.tests.unit import default_fixtures
-from keystone.contrib.moon.core import ADMIN_ID
from keystone.contrib.moon.core import LogManager
from keystone.contrib.moon.core import IntraExtensionAdminManager
from keystone.tests.moon.unit import *
@@ -26,15 +25,18 @@ class TestConfigurationManager(tests.TestCase):
def setUp(self):
self.useFixture(database.Database())
super(TestConfigurationManager, self).setUp()
- self.load_backends()
self.load_fixtures(default_fixtures)
+ self.load_backends()
+ domain = {'id': "default", 'name': "default"}
+ self.resource_api.create_domain(domain['id'], domain)
self.admin = create_user(self, username="admin")
self.demo = create_user(self, username="demo")
- self.root_intra_extension = create_intra_extension(self, policy_model="policy_root")
- # force re-initialization of the ADMIN_ID variable
- from keystone.contrib.moon.core import ADMIN_ID
- self.ADMIN_ID = ADMIN_ID
- self.manager = self.configuration_api
+ self.root_intra_extension = self.root_api.get_root_extension_dict()
+ self.root_intra_extension_id = self.root_intra_extension.keys()[0]
+ self.ADMIN_ID = self.root_api.get_root_admin_id()
+ self.authz_manager = self.authz_api
+ self.admin_manager = self.admin_api
+ self.configuration_manager = self.configuration_api
def load_extra_backends(self):
return {
@@ -60,10 +62,9 @@ class TestConfigurationManager(tests.TestCase):
policy_directory=self.policy_directory)
def test_get_policy_template_dict(self):
- data = self.manager.get_policy_templates_dict(self.ADMIN_ID)
+ data = self.configuration_manager.get_policy_templates_dict(self.ADMIN_ID)
self.assertIsInstance(data, dict)
- self.assertIn("authz_templates", data)
- self.assertIn("policy_root", data["authz_templates"])
+ self.assertIn("policy_root", data)
# def test_get_aggregation_algorithm_dict(self):
# admin_intra_extension = create_intra_extension(self, policy_model="policy_admin")
diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py
index 60122b9d..e76173e7 100644
--- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py
+++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py
@@ -16,7 +16,6 @@ from keystone import resource
from keystone.contrib.moon.exception import *
from keystone.tests.unit import default_fixtures
from keystone.contrib.moon.core import LogManager, TenantManager
-from keystone.contrib.moon.core import ADMIN_ID
from keystone.tests.moon.unit import *
CONF = cfg.CONF
@@ -33,6 +32,7 @@ IE = {
"description": "a simple description."
}
+
@dependency.requires('admin_api', 'authz_api', 'tenant_api', 'configuration_api', 'moonlog_api')
class TestIntraExtensionAdminManagerOK(tests.TestCase):
@@ -40,15 +40,16 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
def setUp(self):
self.useFixture(database.Database())
super(TestIntraExtensionAdminManagerOK, self).setUp()
- self.load_backends()
self.load_fixtures(default_fixtures)
+ self.load_backends()
+ domain = {'id': "default", 'name': "default"}
+ self.resource_api.create_domain(domain['id'], domain)
self.admin = create_user(self, username="admin")
self.demo = create_user(self, username="demo")
- self.root_intra_extension = create_intra_extension(self, policy_model="policy_root")
- # force re-initialization of the ADMIN_ID variable
- from keystone.contrib.moon.core import ADMIN_ID
- self.ADMIN_ID = ADMIN_ID
- self.manager = self.authz_api
+ self.root_intra_extension = self.root_api.get_root_extension_dict()
+ self.root_intra_extension_id = self.root_intra_extension.keys()[0]
+ self.ADMIN_ID = self.root_api.get_root_admin_id()
+ self.authz_manager = self.authz_api
self.admin_manager = self.admin_api
def __get_key_from_value(self, value, values_dict):
@@ -74,7 +75,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
policy_directory=self.policy_directory)
def delete_admin_intra_extension(self):
- self.manager.del_intra_extension(self.ref["id"])
+ self.authz_manager.del_intra_extension(self.ref["id"])
def test_subjects(self):
authz_ie_dict = create_intra_extension(self, "policy_authz")
@@ -82,12 +83,10 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
- subjects = self.manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"])
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ subjects = self.authz_manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"])
self.assertIsInstance(subjects, dict)
for key, value in subjects.iteritems():
self.assertIsInstance(value, dict)
@@ -112,7 +111,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
# Delete the new subject
self.admin_manager.del_subject(admin_subject_id, authz_ie_dict["id"], new_subject["id"])
- subjects = self.manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"])
+ subjects = self.authz_manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"])
for key, value in subjects.iteritems():
self.assertIsInstance(value, dict)
self.assertIn("name", value)
@@ -125,12 +124,10 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
- objects = self.manager.get_objects_dict(admin_subject_id, authz_ie_dict["id"])
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ objects = self.authz_manager.get_objects_dict(admin_subject_id, authz_ie_dict["id"])
objects_id_list = []
self.assertIsInstance(objects, dict)
for key, value in objects.iteritems():
@@ -145,12 +142,10 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
- actions = self.manager.get_actions_dict(admin_subject_id, authz_ie_dict["id"])
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ actions = self.authz_manager.get_actions_dict(admin_subject_id, authz_ie_dict["id"])
actions_id_list = []
self.assertIsInstance(actions, dict)
for key, value in actions.iteritems():
@@ -165,12 +160,10 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
- subject_categories = self.manager.get_subject_categories_dict(admin_subject_id, authz_ie_dict["id"])
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ subject_categories = self.authz_manager.get_subject_categories_dict(admin_subject_id, authz_ie_dict["id"])
self.assertIsInstance(subject_categories, dict)
for key, value in subject_categories.iteritems():
self.assertIsInstance(value, dict)
@@ -192,7 +185,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
# Delete the new subject_category
self.admin_manager.del_subject_category(admin_subject_id, authz_ie_dict["id"], new_subject_category["id"])
- subject_categories = self.manager.get_subject_categories_dict(admin_subject_id, authz_ie_dict["id"])
+ subject_categories = self.authz_manager.get_subject_categories_dict(admin_subject_id, authz_ie_dict["id"])
for key, value in subject_categories.iteritems():
self.assertIsInstance(value, dict)
self.assertIn("name", value)
@@ -205,12 +198,10 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
- object_categories = self.manager.get_object_categories_dict(admin_subject_id, authz_ie_dict["id"])
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ object_categories = self.authz_manager.get_object_categories_dict(admin_subject_id, authz_ie_dict["id"])
self.assertIsInstance(object_categories, dict)
for key, value in object_categories.iteritems():
self.assertIsInstance(value, dict)
@@ -233,7 +224,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
# Delete the new object_category
self.admin_manager.del_object_category(admin_subject_id, authz_ie_dict["id"], new_object_category["id"])
- object_categories = self.manager.get_object_categories_dict(admin_subject_id, authz_ie_dict["id"])
+ object_categories = self.authz_manager.get_object_categories_dict(admin_subject_id, authz_ie_dict["id"])
for key, value in object_categories.iteritems():
self.assertIsInstance(value, dict)
self.assertIn("name", value)
@@ -246,12 +237,10 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
- action_categories = self.manager.get_action_categories_dict(admin_subject_id, authz_ie_dict["id"])
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ action_categories = self.authz_manager.get_action_categories_dict(admin_subject_id, authz_ie_dict["id"])
self.assertIsInstance(action_categories, dict)
for key, value in action_categories.iteritems():
self.assertIsInstance(value, dict)
@@ -274,7 +263,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
# Delete the new action_category
self.admin_manager.del_action_category(admin_subject_id, authz_ie_dict["id"], new_action_category["id"])
- action_categories = self.manager.get_action_categories_dict(admin_subject_id, authz_ie_dict["id"])
+ action_categories = self.authz_manager.get_action_categories_dict(admin_subject_id, authz_ie_dict["id"])
for key, value in action_categories.iteritems():
self.assertIsInstance(value, dict)
self.assertIn("name", value)
@@ -287,11 +276,11 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
+ # demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
+ # {"name": "demo", "description": "demo"})
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
subject_categories = self.admin_manager.add_subject_category_dict(
admin_subject_id,
@@ -304,7 +293,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
for subject_category_id in subject_categories:
- subject_category_scope = self.manager.get_subject_scopes_dict(
+ subject_category_scope = self.authz_manager.get_subject_scopes_dict(
admin_subject_id,
authz_ie_dict["id"],
subject_category_id)
@@ -350,11 +339,11 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
+ # demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
+ # {"name": "demo", "description": "demo"})
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
object_categories = self.admin_manager.add_object_category_dict(
admin_subject_id,
@@ -367,7 +356,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
for object_category_id in object_categories:
- object_category_scope = self.manager.get_object_scopes_dict(
+ object_category_scope = self.authz_manager.get_object_scopes_dict(
admin_subject_id,
authz_ie_dict["id"],
object_category_id)
@@ -413,11 +402,11 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
+ # demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
+ # {"name": "demo", "description": "demo"})
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
action_categories = self.admin_manager.add_action_category_dict(
admin_subject_id,
@@ -430,7 +419,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
for action_category_id in action_categories:
- action_category_scope = self.manager.get_action_scopes_dict(
+ action_category_scope = self.authz_manager.get_action_scopes_dict(
admin_subject_id,
authz_ie_dict["id"],
action_category_id)
@@ -476,17 +465,17 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
admin_authz_subject_id, admin_authz_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], authz_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], authz_ie_dict['id'], 'admin').iteritems().next()
+ # demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
+ # {"name": "demo", "description": "demo"})
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
demo_authz_subject_id, demo_authz_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], authz_ie_dict['id'], 'demo').iteritems().next()
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], authz_ie_dict['id'], 'demo').iteritems().next()
- subjects_dict = self.manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"])
+ subjects_dict = self.authz_manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"])
subject_categories = self.admin_manager.add_subject_category_dict(
admin_subject_id,
@@ -498,7 +487,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
)
for subject_category_id in subject_categories:
- subject_category_scope = self.manager.get_subject_scopes_dict(
+ subject_category_scope = self.authz_manager.get_subject_scopes_dict(
admin_subject_id,
authz_ie_dict["id"],
subject_category_id)
@@ -529,7 +518,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
new_subject_category_scope_2)
subject_category_scope_2_id = subject_category_scope_2.keys()[0]
- subject_category_assignments = self.manager.get_subject_assignment_list(
+ subject_category_assignments = self.authz_manager.get_subject_assignment_list(
admin_subject_id,
authz_ie_dict["id"],
admin_authz_subject_id,
@@ -538,7 +527,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
self.assertIsInstance(subject_category_assignments, list)
self.assertEqual([], subject_category_assignments)
- subject_category_assignments = self.manager.get_subject_assignment_list(
+ subject_category_assignments = self.authz_manager.get_subject_assignment_list(
admin_subject_id,
authz_ie_dict["id"],
demo_authz_subject_id,
@@ -599,13 +588,13 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
+ # demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
+ # {"name": "demo", "description": "demo"})
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
- objects_dict = self.manager.get_objects_dict(admin_subject_id, authz_ie_dict["id"])
+ objects_dict = self.authz_manager.get_objects_dict(admin_subject_id, authz_ie_dict["id"])
object_vm1_id = None
object_vm2_id = None
@@ -627,7 +616,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
)
for object_category_id in object_categories:
- object_category_scope = self.manager.get_object_scopes_dict(
+ object_category_scope = self.authz_manager.get_object_scopes_dict(
admin_subject_id,
authz_ie_dict["id"],
object_category_id)
@@ -658,7 +647,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
new_object_category_scope_2)
object_category_scope_2_id = object_category_scope_2.keys()[0]
- object_category_assignments = self.manager.get_object_assignment_list(
+ object_category_assignments = self.authz_manager.get_object_assignment_list(
admin_subject_id,
authz_ie_dict["id"],
object_vm1_id,
@@ -667,7 +656,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
self.assertIsInstance(object_category_assignments, list)
self.assertEqual([], object_category_assignments)
- object_category_assignments = self.manager.get_object_assignment_list(
+ object_category_assignments = self.authz_manager.get_object_assignment_list(
admin_subject_id,
authz_ie_dict["id"],
object_vm2_id,
@@ -728,13 +717,13 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
+ # demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
+ # {"name": "demo", "description": "demo"})
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
- actions_dict = self.manager.get_actions_dict(admin_subject_id, authz_ie_dict["id"])
+ actions_dict = self.authz_manager.get_actions_dict(admin_subject_id, authz_ie_dict["id"])
action_upload_id = None
action_list_id = None
@@ -756,7 +745,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
)
for action_category_id in action_categories:
- action_category_scope = self.manager.get_action_scopes_dict(
+ action_category_scope = self.authz_manager.get_action_scopes_dict(
admin_subject_id,
authz_ie_dict["id"],
action_category_id)
@@ -787,7 +776,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
new_action_category_scope_2)
action_category_scope_2_id = action_category_scope_2.keys()[0]
- action_category_assignments = self.manager.get_action_assignment_list(
+ action_category_assignments = self.authz_manager.get_action_assignment_list(
admin_subject_id,
authz_ie_dict["id"],
action_upload_id,
@@ -796,7 +785,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
self.assertIsInstance(action_category_assignments, list)
self.assertEqual([], action_category_assignments)
- action_category_assignments = self.manager.get_action_assignment_list(
+ action_category_assignments = self.authz_manager.get_action_assignment_list(
admin_subject_id,
authz_ie_dict["id"],
action_list_id,
@@ -857,11 +846,11 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.admin_manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
+ # demo_subject_dict = self.admin_manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
+ # {"name": "demo", "description": "demo"})
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
aggregation_algorithms = self.admin_manager.get_aggregation_algorithm_dict(admin_subject_id, authz_ie_dict["id"])
for key, value in aggregation_algorithms.iteritems():
@@ -899,11 +888,11 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.admin_manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
+ # demo_subject_dict = self.admin_manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
+ # {"name": "demo", "description": "demo"})
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
sub_meta_rules = self.admin_manager.get_sub_meta_rules_dict(admin_subject_id, authz_ie_dict["id"])
self.assertIsInstance(sub_meta_rules, dict)
@@ -978,15 +967,16 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
def setUp(self):
self.useFixture(database.Database())
super(TestIntraExtensionAdminManagerKO, self).setUp()
- self.load_backends()
self.load_fixtures(default_fixtures)
+ self.load_backends()
+ domain = {'id': "default", 'name': "default"}
+ self.resource_api.create_domain(domain['id'], domain)
self.admin = create_user(self, username="admin")
self.demo = create_user(self, username="demo")
- self.root_intra_extension = create_intra_extension(self, policy_model="policy_root")
- # force re-initialization of the ADMIN_ID variable
- from keystone.contrib.moon.core import ADMIN_ID
- self.ADMIN_ID = ADMIN_ID
- self.manager = self.authz_api
+ self.root_intra_extension = self.root_api.get_root_extension_dict()
+ self.root_intra_extension_id = self.root_intra_extension.keys()[0]
+ self.ADMIN_ID = self.root_api.get_root_admin_id()
+ self.authz_manager = self.authz_api
self.admin_manager = self.admin_api
def __get_key_from_value(self, value, values_dict):
@@ -1017,12 +1007,12 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
+ # demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
+ # {"name": "demo", "description": "demo"})
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
- subjects = self.manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"])
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ subjects = self.authz_manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"])
self.assertIsInstance(subjects, dict)
for key, value in subjects.iteritems():
self.assertIsInstance(value, dict)
@@ -1035,7 +1025,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
new_subject = {"name": "subject_test", "description": "subject_test"}
self.assertRaises(
AuthzException,
- self.manager.add_subject_dict,
+ self.authz_manager.add_subject_dict,
demo_subject_id, admin_ie_dict["id"], new_subject)
subjects = self.admin_manager.add_subject_dict(admin_subject_id, authz_ie_dict["id"], new_subject)
@@ -1052,11 +1042,11 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
# Delete the new subject
self.assertRaises(
AuthzException,
- self.manager.del_subject,
+ self.authz_manager.del_subject,
demo_subject_id, authz_ie_dict["id"], new_subject["id"])
self.admin_manager.del_subject(admin_subject_id, authz_ie_dict["id"], new_subject["id"])
- subjects = self.manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"])
+ subjects = self.authz_manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"])
for key, value in subjects.iteritems():
self.assertIsInstance(value, dict)
self.assertIn("name", value)
@@ -1069,12 +1059,12 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
+ # demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
+ # {"name": "demo", "description": "demo"})
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
- objects = self.manager.get_objects_dict(admin_subject_id, authz_ie_dict["id"])
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ objects = self.authz_manager.get_objects_dict(admin_subject_id, authz_ie_dict["id"])
objects_id_list = []
self.assertIsInstance(objects, dict)
for key, value in objects.iteritems():
@@ -1087,35 +1077,35 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
new_object = {"name": "object_test", "description": "object_test"}
self.assertRaises(
AuthzException,
- self.manager.add_object_dict,
+ self.authz_manager.add_object_dict,
demo_subject_id, admin_ie_dict["id"], new_object)
self.assertRaises(
ObjectsWriteNoAuthorized,
self.admin_manager.add_object_dict,
- admin_subject_id, authz_ie_dict["id"], new_object
+ admin_subject_id, admin_ie_dict["id"], new_object
)
# Delete the new object
for key in objects_id_list:
self.assertRaises(
AuthzException,
- self.manager.del_object,
+ self.authz_manager.del_object,
demo_subject_id, authz_ie_dict["id"], key)
self.assertRaises(
AuthzException,
- self.manager.del_object,
+ self.authz_manager.del_object,
admin_subject_id, authz_ie_dict["id"], key)
for key in objects_id_list:
self.assertRaises(
ObjectsWriteNoAuthorized,
self.admin_manager.del_object,
- demo_subject_id, authz_ie_dict["id"], key)
+ demo_subject_id, admin_ie_dict["id"], key)
self.assertRaises(
ObjectsWriteNoAuthorized,
self.admin_manager.del_object,
- admin_subject_id, authz_ie_dict["id"], key)
+ admin_subject_id, admin_ie_dict["id"], key)
def test_actions(self):
authz_ie_dict = create_intra_extension(self, "policy_authz")
@@ -1123,12 +1113,12 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
+ # demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
+ # {"name": "demo", "description": "demo"})
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
- actions = self.manager.get_actions_dict(admin_subject_id, authz_ie_dict["id"])
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ actions = self.authz_manager.get_actions_dict(admin_subject_id, authz_ie_dict["id"])
actions_id_list = []
self.assertIsInstance(actions, dict)
for key, value in actions.iteritems():
@@ -1141,35 +1131,35 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
new_action = {"name": "action_test", "description": "action_test"}
self.assertRaises(
AuthzException,
- self.manager.add_action_dict,
+ self.authz_manager.add_action_dict,
demo_subject_id, admin_ie_dict["id"], new_action)
self.assertRaises(
ActionsWriteNoAuthorized,
self.admin_manager.add_action_dict,
- admin_subject_id, authz_ie_dict["id"], new_action
+ admin_subject_id, admin_ie_dict["id"], new_action
)
# Delete all actions
for key in actions_id_list:
self.assertRaises(
AuthzException,
- self.manager.del_action,
+ self.authz_manager.del_action,
demo_subject_id, authz_ie_dict["id"], key)
self.assertRaises(
AuthzException,
- self.manager.del_action,
+ self.authz_manager.del_action,
admin_subject_id, authz_ie_dict["id"], key)
for key in actions_id_list:
self.assertRaises(
ActionsWriteNoAuthorized,
self.admin_manager.del_action,
- demo_subject_id, authz_ie_dict["id"], key)
+ demo_subject_id, admin_ie_dict["id"], key)
self.assertRaises(
ActionsWriteNoAuthorized,
self.admin_manager.del_action,
- admin_subject_id, authz_ie_dict["id"], key)
+ admin_subject_id, admin_ie_dict["id"], key)
def test_subject_categories(self):
authz_ie_dict = create_intra_extension(self, "policy_authz")
@@ -1177,12 +1167,12 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
+ # demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
+ # {"name": "demo", "description": "demo"})
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
- subject_categories = self.manager.get_subject_categories_dict(admin_subject_id, authz_ie_dict["id"])
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ subject_categories = self.authz_manager.get_subject_categories_dict(admin_subject_id, authz_ie_dict["id"])
self.assertIsInstance(subject_categories, dict)
for key, value in subject_categories.iteritems():
self.assertIsInstance(value, dict)
@@ -1192,7 +1182,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
new_subject_category = {"name": "subject_category_test", "description": "subject_category_test"}
self.assertRaises(
AuthzException,
- self.manager.add_subject_category_dict,
+ self.authz_manager.add_subject_category_dict,
demo_subject_id, admin_ie_dict["id"], new_subject_category)
subject_categories = self.admin_manager.add_subject_category_dict(admin_subject_id, authz_ie_dict["id"], new_subject_category)
@@ -1209,11 +1199,11 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
# Delete the new subject_category
self.assertRaises(
AuthzException,
- self.manager.del_subject_category,
+ self.authz_manager.del_subject_category,
demo_subject_id, authz_ie_dict["id"], new_subject_category["id"])
self.admin_manager.del_subject_category(admin_subject_id, authz_ie_dict["id"], new_subject_category["id"])
- subject_categories = self.manager.get_subject_categories_dict(admin_subject_id, authz_ie_dict["id"])
+ subject_categories = self.authz_manager.get_subject_categories_dict(admin_subject_id, authz_ie_dict["id"])
for key, value in subject_categories.iteritems():
self.assertIsInstance(value, dict)
self.assertIn("name", value)
@@ -1226,12 +1216,12 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
+ # demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
+ # {"name": "demo", "description": "demo"})
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
- object_categories = self.manager.get_object_categories_dict(admin_subject_id, authz_ie_dict["id"])
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ object_categories = self.authz_manager.get_object_categories_dict(admin_subject_id, authz_ie_dict["id"])
self.assertIsInstance(object_categories, dict)
for key, value in object_categories.iteritems():
self.assertIsInstance(value, dict)
@@ -1241,7 +1231,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
new_object_category = {"name": "object_category_test", "description": "object_category_test"}
self.assertRaises(
AuthzException,
- self.manager.add_object_category_dict,
+ self.authz_manager.add_object_category_dict,
demo_subject_id, admin_ie_dict["id"], new_object_category)
object_categories = self.admin_manager.add_object_category_dict(admin_subject_id, authz_ie_dict["id"], new_object_category)
@@ -1258,11 +1248,11 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
# Delete the new object_category
self.assertRaises(
AuthzException,
- self.manager.del_object_category,
+ self.authz_manager.del_object_category,
demo_subject_id, authz_ie_dict["id"], new_object_category["id"])
self.admin_manager.del_object_category(admin_subject_id, authz_ie_dict["id"], new_object_category["id"])
- object_categories = self.manager.get_object_categories_dict(admin_subject_id, authz_ie_dict["id"])
+ object_categories = self.authz_manager.get_object_categories_dict(admin_subject_id, authz_ie_dict["id"])
for key, value in object_categories.iteritems():
self.assertIsInstance(value, dict)
self.assertIn("name", value)
@@ -1275,12 +1265,12 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
+ # demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
+ # {"name": "demo", "description": "demo"})
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
- action_categories = self.manager.get_action_categories_dict(admin_subject_id, authz_ie_dict["id"])
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ action_categories = self.authz_manager.get_action_categories_dict(admin_subject_id, authz_ie_dict["id"])
self.assertIsInstance(action_categories, dict)
for key, value in action_categories.iteritems():
self.assertIsInstance(value, dict)
@@ -1290,7 +1280,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
new_action_category = {"name": "action_category_test", "description": "action_category_test"}
self.assertRaises(
AuthzException,
- self.manager.add_action_category_dict,
+ self.authz_manager.add_action_category_dict,
demo_subject_id, admin_ie_dict["id"], new_action_category)
action_categories = self.admin_manager.add_action_category_dict(admin_subject_id, authz_ie_dict["id"], new_action_category)
@@ -1307,11 +1297,11 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
# Delete the new action_category
self.assertRaises(
AuthzException,
- self.manager.del_action_category,
+ self.authz_manager.del_action_category,
demo_subject_id, authz_ie_dict["id"], new_action_category["id"])
self.admin_manager.del_action_category(admin_subject_id, authz_ie_dict["id"], new_action_category["id"])
- action_categories = self.manager.get_action_categories_dict(admin_subject_id, authz_ie_dict["id"])
+ action_categories = self.authz_manager.get_action_categories_dict(admin_subject_id, authz_ie_dict["id"])
for key, value in action_categories.iteritems():
self.assertIsInstance(value, dict)
self.assertIn("name", value)
@@ -1324,11 +1314,11 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
+ # demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
+ # {"name": "demo", "description": "demo"})
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
subject_categories = self.admin_manager.add_subject_category_dict(
admin_subject_id,
@@ -1341,7 +1331,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
for subject_category_id in subject_categories:
- subject_category_scope = self.manager.get_subject_scopes_dict(
+ subject_category_scope = self.authz_manager.get_subject_scopes_dict(
admin_subject_id,
authz_ie_dict["id"],
subject_category_id)
@@ -1396,11 +1386,11 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
+ # demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
+ # {"name": "demo", "description": "demo"})
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
object_categories = self.admin_manager.add_object_category_dict(
admin_subject_id,
@@ -1413,7 +1403,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
for object_category_id in object_categories:
- object_category_scope = self.manager.get_object_scopes_dict(
+ object_category_scope = self.authz_manager.get_object_scopes_dict(
admin_subject_id,
authz_ie_dict["id"],
object_category_id)
@@ -1468,11 +1458,11 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
+ # demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
+ # {"name": "demo", "description": "demo"})
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
action_categories = self.admin_manager.add_action_category_dict(
admin_subject_id,
@@ -1485,7 +1475,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
for action_category_id in action_categories:
- action_category_scope = self.manager.get_action_scopes_dict(
+ action_category_scope = self.authz_manager.get_action_scopes_dict(
admin_subject_id,
authz_ie_dict["id"],
action_category_id)
@@ -1540,17 +1530,17 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
admin_authz_subject_id, admin_authz_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], authz_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], authz_ie_dict['id'], 'admin').iteritems().next()
+ # demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
+ # {"name": "demo", "description": "demo"})
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
demo_authz_subject_id, demo_authz_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], authz_ie_dict['id'], 'demo').iteritems().next()
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], authz_ie_dict['id'], 'demo').iteritems().next()
- subjects_dict = self.manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"])
+ subjects_dict = self.authz_manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"])
subject_categories = self.admin_manager.add_subject_category_dict(
admin_subject_id,
@@ -1562,7 +1552,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
)
for subject_category_id in subject_categories:
- subject_category_scope = self.manager.get_subject_scopes_dict(
+ subject_category_scope = self.authz_manager.get_subject_scopes_dict(
admin_subject_id,
authz_ie_dict["id"],
subject_category_id)
@@ -1593,7 +1583,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
new_subject_category_scope_2)
subject_category_scope_2_id = subject_category_scope_2.keys()[0]
- subject_category_assignments = self.manager.get_subject_assignment_list(
+ subject_category_assignments = self.authz_manager.get_subject_assignment_list(
admin_subject_id,
authz_ie_dict["id"],
admin_authz_subject_id,
@@ -1602,7 +1592,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
self.assertIsInstance(subject_category_assignments, list)
self.assertEqual([], subject_category_assignments)
- subject_category_assignments = self.manager.get_subject_assignment_list(
+ subject_category_assignments = self.authz_manager.get_subject_assignment_list(
admin_subject_id,
authz_ie_dict["id"],
demo_authz_subject_id,
@@ -1613,14 +1603,14 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
self.assertRaises(
AuthzException,
- self.manager.add_subject_assignment_list,
+ self.authz_manager.add_subject_assignment_list,
demo_subject_id, authz_ie_dict["id"],
admin_authz_subject_id, subject_category_id, subject_category_scope_1_id
)
self.assertRaises(
AuthzException,
- self.manager.add_subject_assignment_list,
+ self.authz_manager.add_subject_assignment_list,
demo_subject_id, authz_ie_dict["id"],
demo_authz_subject_id, subject_category_id, subject_category_scope_2_id
)
@@ -1692,13 +1682,13 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
+ # demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
+ # {"name": "demo", "description": "demo"})
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
- objects_dict = self.manager.get_objects_dict(admin_subject_id, authz_ie_dict["id"])
+ objects_dict = self.authz_manager.get_objects_dict(admin_subject_id, authz_ie_dict["id"])
object_vm1_id = None
object_vm2_id = None
@@ -1720,7 +1710,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
)
for object_category_id in object_categories:
- object_category_scope = self.manager.get_object_scopes_dict(
+ object_category_scope = self.authz_manager.get_object_scopes_dict(
admin_subject_id,
authz_ie_dict["id"],
object_category_id)
@@ -1751,7 +1741,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
new_object_category_scope_2)
object_category_scope_2_id = object_category_scope_2.keys()[0]
- object_category_assignments = self.manager.get_object_assignment_list(
+ object_category_assignments = self.authz_manager.get_object_assignment_list(
admin_subject_id,
authz_ie_dict["id"],
object_vm1_id,
@@ -1760,7 +1750,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
self.assertIsInstance(object_category_assignments, list)
self.assertEqual([], object_category_assignments)
- object_category_assignments = self.manager.get_object_assignment_list(
+ object_category_assignments = self.authz_manager.get_object_assignment_list(
admin_subject_id,
authz_ie_dict["id"],
object_vm2_id,
@@ -1771,14 +1761,14 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
self.assertRaises(
AuthzException,
- self.manager.add_object_assignment_list,
+ self.authz_manager.add_object_assignment_list,
demo_subject_id, authz_ie_dict["id"],
object_vm1_id, object_category_id, object_category_scope_1_id
)
self.assertRaises(
AuthzException,
- self.manager.add_object_assignment_list,
+ self.authz_manager.add_object_assignment_list,
demo_subject_id, authz_ie_dict["id"],
object_vm2_id, object_category_id, object_category_scope_2_id
)
@@ -1850,13 +1840,13 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
+ # demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
+ # {"name": "demo", "description": "demo"})
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
- actions_dict = self.manager.get_actions_dict(admin_subject_id, authz_ie_dict["id"])
+ actions_dict = self.authz_manager.get_actions_dict(admin_subject_id, authz_ie_dict["id"])
action_upload_id = None
action_list_id = None
@@ -1878,7 +1868,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
)
for action_category_id in action_categories:
- action_category_scope = self.manager.get_action_scopes_dict(
+ action_category_scope = self.authz_manager.get_action_scopes_dict(
admin_subject_id,
authz_ie_dict["id"],
action_category_id)
@@ -1909,7 +1899,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
new_action_category_scope_2)
action_category_scope_2_id = action_category_scope_2.keys()[0]
- action_category_assignments = self.manager.get_action_assignment_list(
+ action_category_assignments = self.authz_manager.get_action_assignment_list(
admin_subject_id,
authz_ie_dict["id"],
action_upload_id,
@@ -1918,7 +1908,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
self.assertIsInstance(action_category_assignments, list)
self.assertEqual([], action_category_assignments)
- action_category_assignments = self.manager.get_action_assignment_list(
+ action_category_assignments = self.authz_manager.get_action_assignment_list(
admin_subject_id,
authz_ie_dict["id"],
action_list_id,
@@ -1929,14 +1919,14 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
self.assertRaises(
AuthzException,
- self.manager.add_action_assignment_list,
+ self.authz_manager.add_action_assignment_list,
demo_subject_id, authz_ie_dict["id"],
action_upload_id, action_category_id, action_category_scope_1_id
)
self.assertRaises(
AuthzException,
- self.manager.add_action_assignment_list,
+ self.authz_manager.add_action_assignment_list,
demo_subject_id, authz_ie_dict["id"],
action_list_id, action_category_id, action_category_scope_2_id
)
@@ -2008,11 +1998,11 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.admin_manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
+ # demo_subject_dict = self.admin_manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
+ # {"name": "demo", "description": "demo"})
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
aggregation_algorithms = self.admin_manager.get_aggregation_algorithm_dict(admin_subject_id, authz_ie_dict["id"])
for key, value in aggregation_algorithms.iteritems():
@@ -2050,11 +2040,11 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.admin_manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
+ # demo_subject_dict = self.admin_manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
+ # {"name": "demo", "description": "demo"})
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
sub_meta_rules = self.admin_manager.get_sub_meta_rules_dict(admin_subject_id, authz_ie_dict["id"])
self.assertIsInstance(sub_meta_rules, dict)
diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py
index 2f75acaf..c96c00b5 100644
--- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py
+++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py
@@ -10,12 +10,12 @@ import os
import uuid
from oslo_config import cfg
from keystone.tests import unit as tests
-from keystone.contrib.moon.core import IntraExtensionAdminManager, IntraExtensionAuthzManager
+from keystone.contrib.moon.core import IntraExtensionAdminManager, IntraExtensionAuthzManager, IntraExtensionRootManager
from keystone.tests.unit.ksfixtures import database
from keystone import resource
from keystone.contrib.moon.exception import *
from keystone.tests.unit import default_fixtures
-from keystone.contrib.moon.core import LogManager, TenantManager, ADMIN_ID
+from keystone.contrib.moon.core import LogManager, TenantManager
from keystone.tests.moon.unit import *
CONF = cfg.CONF
@@ -38,15 +38,16 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase):
def setUp(self):
self.useFixture(database.Database())
super(TestIntraExtensionAuthzManagerAuthzOK, self).setUp()
- self.load_backends()
self.load_fixtures(default_fixtures)
+ self.load_backends()
+ domain = {'id': "default", 'name': "default"}
+ self.resource_api.create_domain(domain['id'], domain)
self.admin = create_user(self, username="admin")
self.demo = create_user(self, username="demo")
- self.root_intra_extension = create_intra_extension(self, policy_model="policy_root")
- # force re-initialization of the ADMIN_ID variable
- from keystone.contrib.moon.core import ADMIN_ID
- self.ADMIN_ID = ADMIN_ID
- self.manager = self.authz_api
+ self.root_intra_extension = self.root_api.get_root_extension_dict()
+ self.root_intra_extension_id = self.root_intra_extension.keys()[0]
+ self.ADMIN_ID = self.root_api.get_root_admin_id()
+ self.authz_manager = self.authz_api
self.admin_manager = self.admin_api
def __get_key_from_value(self, value, values_dict):
@@ -72,7 +73,7 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase):
policy_directory=self.policy_directory)
def delete_admin_intra_extension(self):
- self.manager.del_intra_extension(self.ref["id"])
+ self.authz_manager.del_intra_extension(self.ref["id"])
def test_subjects(self):
authz_ie_dict = create_intra_extension(self, "policy_authz")
@@ -80,12 +81,10 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
- subjects = self.manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"])
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ subjects = self.authz_manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"])
self.assertIsInstance(subjects, dict)
for key, value in subjects.iteritems():
self.assertIsInstance(value, dict)
@@ -110,7 +109,7 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase):
# Delete the new subject
self.admin_manager.del_subject(admin_subject_id, authz_ie_dict["id"], new_subject["id"])
- subjects = self.manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"])
+ subjects = self.authz_manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"])
for key, value in subjects.iteritems():
self.assertIsInstance(value, dict)
self.assertIn("name", value)
@@ -123,12 +122,10 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
- objects = self.manager.get_objects_dict(admin_subject_id, authz_ie_dict["id"])
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ objects = self.authz_manager.get_objects_dict(admin_subject_id, authz_ie_dict["id"])
objects_id_list = []
self.assertIsInstance(objects, dict)
for key, value in objects.iteritems():
@@ -143,12 +140,10 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
- actions = self.manager.get_actions_dict(admin_subject_id, authz_ie_dict["id"])
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ actions = self.authz_manager.get_actions_dict(admin_subject_id, authz_ie_dict["id"])
actions_id_list = []
self.assertIsInstance(actions, dict)
for key, value in actions.iteritems():
@@ -163,12 +158,10 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
- subject_categories = self.manager.get_subject_categories_dict(admin_subject_id, authz_ie_dict["id"])
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ subject_categories = self.authz_manager.get_subject_categories_dict(admin_subject_id, authz_ie_dict["id"])
self.assertIsInstance(subject_categories, dict)
for key, value in subject_categories.iteritems():
self.assertIsInstance(value, dict)
@@ -190,7 +183,7 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase):
# Delete the new subject_category
self.admin_manager.del_subject_category(admin_subject_id, authz_ie_dict["id"], new_subject_category["id"])
- subject_categories = self.manager.get_subject_categories_dict(admin_subject_id, authz_ie_dict["id"])
+ subject_categories = self.authz_manager.get_subject_categories_dict(admin_subject_id, authz_ie_dict["id"])
for key, value in subject_categories.iteritems():
self.assertIsInstance(value, dict)
self.assertIn("name", value)
@@ -203,12 +196,10 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
- object_categories = self.manager.get_object_categories_dict(admin_subject_id, authz_ie_dict["id"])
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ object_categories = self.authz_manager.get_object_categories_dict(admin_subject_id, authz_ie_dict["id"])
self.assertIsInstance(object_categories, dict)
for key, value in object_categories.iteritems():
self.assertIsInstance(value, dict)
@@ -231,7 +222,7 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase):
# Delete the new object_category
self.admin_manager.del_object_category(admin_subject_id, authz_ie_dict["id"], new_object_category["id"])
- object_categories = self.manager.get_object_categories_dict(admin_subject_id, authz_ie_dict["id"])
+ object_categories = self.authz_manager.get_object_categories_dict(admin_subject_id, authz_ie_dict["id"])
for key, value in object_categories.iteritems():
self.assertIsInstance(value, dict)
self.assertIn("name", value)
@@ -244,12 +235,10 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
- action_categories = self.manager.get_action_categories_dict(admin_subject_id, authz_ie_dict["id"])
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ action_categories = self.authz_manager.get_action_categories_dict(admin_subject_id, authz_ie_dict["id"])
self.assertIsInstance(action_categories, dict)
for key, value in action_categories.iteritems():
self.assertIsInstance(value, dict)
@@ -272,7 +261,7 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase):
# Delete the new action_category
self.admin_manager.del_action_category(admin_subject_id, authz_ie_dict["id"], new_action_category["id"])
- action_categories = self.manager.get_action_categories_dict(admin_subject_id, authz_ie_dict["id"])
+ action_categories = self.authz_manager.get_action_categories_dict(admin_subject_id, authz_ie_dict["id"])
for key, value in action_categories.iteritems():
self.assertIsInstance(value, dict)
self.assertIn("name", value)
@@ -285,11 +274,9 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
subject_categories = self.admin_manager.add_subject_category_dict(
admin_subject_id,
@@ -302,7 +289,7 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase):
for subject_category_id in subject_categories:
- subject_category_scope = self.manager.get_subject_scopes_dict(
+ subject_category_scope = self.authz_manager.get_subject_scopes_dict(
admin_subject_id,
authz_ie_dict["id"],
subject_category_id)
@@ -348,11 +335,9 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
object_categories = self.admin_manager.add_object_category_dict(
admin_subject_id,
@@ -365,7 +350,7 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase):
for object_category_id in object_categories:
- object_category_scope = self.manager.get_object_scopes_dict(
+ object_category_scope = self.authz_manager.get_object_scopes_dict(
admin_subject_id,
authz_ie_dict["id"],
object_category_id)
@@ -411,11 +396,9 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
action_categories = self.admin_manager.add_action_category_dict(
admin_subject_id,
@@ -428,7 +411,7 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase):
for action_category_id in action_categories:
- action_category_scope = self.manager.get_action_scopes_dict(
+ action_category_scope = self.authz_manager.get_action_scopes_dict(
admin_subject_id,
authz_ie_dict["id"],
action_category_id)
@@ -474,17 +457,15 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
admin_authz_subject_id, admin_authz_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], authz_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], authz_ie_dict['id'], 'admin').iteritems().next()
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
demo_authz_subject_id, demo_authz_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], authz_ie_dict['id'], 'demo').iteritems().next()
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], authz_ie_dict['id'], 'demo').iteritems().next()
- subjects_dict = self.manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"])
+ subjects_dict = self.authz_manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"])
subject_categories = self.admin_manager.add_subject_category_dict(
admin_subject_id,
@@ -496,7 +477,7 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase):
)
for subject_category_id in subject_categories:
- subject_category_scope = self.manager.get_subject_scopes_dict(
+ subject_category_scope = self.authz_manager.get_subject_scopes_dict(
admin_subject_id,
authz_ie_dict["id"],
subject_category_id)
@@ -527,7 +508,7 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase):
new_subject_category_scope_2)
subject_category_scope_2_id = subject_category_scope_2.keys()[0]
- subject_category_assignments = self.manager.get_subject_assignment_list(
+ subject_category_assignments = self.authz_manager.get_subject_assignment_list(
admin_subject_id,
authz_ie_dict["id"],
admin_authz_subject_id,
@@ -536,7 +517,7 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase):
self.assertIsInstance(subject_category_assignments, list)
self.assertEqual([], subject_category_assignments)
- subject_category_assignments = self.manager.get_subject_assignment_list(
+ subject_category_assignments = self.authz_manager.get_subject_assignment_list(
admin_subject_id,
authz_ie_dict["id"],
demo_authz_subject_id,
@@ -597,13 +578,11 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
- objects_dict = self.manager.get_objects_dict(admin_subject_id, authz_ie_dict["id"])
+ objects_dict = self.authz_manager.get_objects_dict(admin_subject_id, authz_ie_dict["id"])
object_vm1_id = None
object_vm2_id = None
@@ -625,7 +604,7 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase):
)
for object_category_id in object_categories:
- object_category_scope = self.manager.get_object_scopes_dict(
+ object_category_scope = self.authz_manager.get_object_scopes_dict(
admin_subject_id,
authz_ie_dict["id"],
object_category_id)
@@ -656,7 +635,7 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase):
new_object_category_scope_2)
object_category_scope_2_id = object_category_scope_2.keys()[0]
- object_category_assignments = self.manager.get_object_assignment_list(
+ object_category_assignments = self.authz_manager.get_object_assignment_list(
admin_subject_id,
authz_ie_dict["id"],
object_vm1_id,
@@ -665,7 +644,7 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase):
self.assertIsInstance(object_category_assignments, list)
self.assertEqual([], object_category_assignments)
- object_category_assignments = self.manager.get_object_assignment_list(
+ object_category_assignments = self.authz_manager.get_object_assignment_list(
admin_subject_id,
authz_ie_dict["id"],
object_vm2_id,
@@ -726,13 +705,11 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
- actions_dict = self.manager.get_actions_dict(admin_subject_id, authz_ie_dict["id"])
+ actions_dict = self.authz_manager.get_actions_dict(admin_subject_id, authz_ie_dict["id"])
action_upload_id = None
action_list_id = None
@@ -754,7 +731,7 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase):
)
for action_category_id in action_categories:
- action_category_scope = self.manager.get_action_scopes_dict(
+ action_category_scope = self.authz_manager.get_action_scopes_dict(
admin_subject_id,
authz_ie_dict["id"],
action_category_id)
@@ -785,7 +762,7 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase):
new_action_category_scope_2)
action_category_scope_2_id = action_category_scope_2.keys()[0]
- action_category_assignments = self.manager.get_action_assignment_list(
+ action_category_assignments = self.authz_manager.get_action_assignment_list(
admin_subject_id,
authz_ie_dict["id"],
action_upload_id,
@@ -794,7 +771,7 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase):
self.assertIsInstance(action_category_assignments, list)
self.assertEqual([], action_category_assignments)
- action_category_assignments = self.manager.get_action_assignment_list(
+ action_category_assignments = self.authz_manager.get_action_assignment_list(
admin_subject_id,
authz_ie_dict["id"],
action_list_id,
@@ -855,11 +832,9 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.admin_manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
aggregation_algorithms = self.admin_manager.get_aggregation_algorithm_dict(admin_subject_id, authz_ie_dict["id"])
for key, value in aggregation_algorithms.iteritems():
@@ -897,11 +872,9 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.admin_manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
sub_meta_rules = self.admin_manager.get_sub_meta_rules_dict(admin_subject_id, authz_ie_dict["id"])
self.assertIsInstance(sub_meta_rules, dict)
@@ -969,23 +942,28 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase):
# TODO: add test for the delete function
-@dependency.requires('admin_api', 'authz_api', 'tenant_api', 'configuration_api', 'moonlog_api')
+@dependency.requires('admin_api', 'authz_api', 'tenant_api', 'configuration_api', 'moonlog_api', 'identity_api', 'root_api')
class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
def setUp(self):
self.useFixture(database.Database())
super(TestIntraExtensionAuthzManagerAuthzKO, self).setUp()
- self.load_backends()
self.load_fixtures(default_fixtures)
+ self.load_backends()
+ domain = {'id': "default", 'name': "default"}
+ self.resource_api.create_domain(domain['id'], domain)
self.admin = create_user(self, username="admin")
self.demo = create_user(self, username="demo")
- self.root_intra_extension = create_intra_extension(self, policy_model="policy_root")
- # force re-initialization of the ADMIN_ID variable
- from keystone.contrib.moon.core import ADMIN_ID
- self.ADMIN_ID = ADMIN_ID
- self.manager = self.authz_api
+ self.root_intra_extension = self.root_api.get_root_extension_dict()
+ self.root_intra_extension_id = self.root_intra_extension.keys()[0]
+ self.ADMIN_ID = self.root_api.get_root_admin_id()
+ self.authz_manager = self.authz_api
self.admin_manager = self.admin_api
+ def tearDown(self):
+ # self.admin_manager.del_intra_extension(self.ADMIN_ID, self.root_intra_extension["id"])
+ tests.TestCase.tearDown(self)
+
def __get_key_from_value(self, value, values_dict):
return filter(lambda v: v[1] == value, values_dict.iteritems())[0][0]
@@ -995,70 +973,41 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
"tenant_api": TenantManager(),
"admin_api": IntraExtensionAdminManager(),
"authz_api": IntraExtensionAuthzManager(),
+ "root_api": IntraExtensionRootManager(),
# "resource_api": resource.Manager(),
}
def config_overrides(self):
super(TestIntraExtensionAuthzManagerAuthzKO, self).config_overrides()
self.policy_directory = 'examples/moon/policies'
+ self.root_policy_directory = 'policy_root'
self.config_fixture.config(
group='moon',
intraextension_driver='keystone.contrib.moon.backends.sql.IntraExtensionConnector')
self.config_fixture.config(
group='moon',
policy_directory=self.policy_directory)
-
- def test_tenant_exceptions(self):
- self.assertRaises(
- TenantUnknown,
- self.manager.get_tenant_dict
- )
- self.assertRaises(
- TenantUnknown,
- self.manager.get_tenant_name,
- uuid.uuid4().hex
- )
- self.assertRaises(
- TenantUnknown,
- self.manager.set_tenant_name,
- uuid.uuid4().hex, uuid.uuid4().hex
- )
- self.assertRaises(
- TenantUnknown,
- self.manager.get_extension_uuid,
- uuid.uuid4().hex, "authz"
- )
- self.assertRaises(
- TenantUnknown,
- self.manager.get_extension_uuid,
- uuid.uuid4().hex, "admin"
- )
-
- def test_intra_extension_exceptions(self):
-
- tenant = self.create_tenant()
- self.assertRaises(
- IntraExtensionUnknown,
- self.manager.get_extension_uuid,
- tenant["id"], "authz"
- )
- self.assertRaises(
- IntraExtensionUnknown,
- self.manager.get_extension_uuid,
- tenant["id"], "admin"
- )
- # TODO
+ self.config_fixture.config(
+ group='moon',
+ root_policy_directory=self.root_policy_directory)
def test_delete_admin_intra_extension(self):
+ authz_ie_dict = create_intra_extension(self, "policy_authz")
+ admin_ie_dict = create_intra_extension(self, "policy_admin")
+ tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
+
+ admin_subject_id, admin_subject_dict = \
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
self.assertRaises(
- AdminException,
- self.manager.del_intra_extension,
- self.ref["id"])
+ SubjectUnknown,
+ self.authz_manager.del_intra_extension,
+ uuid.uuid4().hex,
+ admin_ie_dict["id"])
def test_authz_exceptions(self):
self.assertRaises(
TenantUnknown,
- self.manager.authz,
+ self.authz_manager.authz,
uuid.uuid4().hex, uuid.uuid4().hex, uuid.uuid4().hex, uuid.uuid4().hex
)
@@ -1067,19 +1016,17 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
# Test when subject is unknown
self.assertRaises(
SubjectUnknown,
- self.manager.authz,
+ self.authz_manager.authz,
tenant["name"], uuid.uuid4().hex, uuid.uuid4().hex, uuid.uuid4().hex
)
# Test when subject is known but not the object
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], authz_ie_dict['id'], 'demo').iteritems().next()
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], authz_ie_dict['id'], 'demo').iteritems().next()
# self.manager.add_subject_dict(
# admin_subject_id,
@@ -1089,13 +1036,13 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
self.assertRaises(
ObjectUnknown,
- self.manager.authz,
+ self.authz_manager.authz,
tenant["name"], demo_subject_dict["name"], uuid.uuid4().hex, uuid.uuid4().hex
)
# Test when subject and object are known but not the action
my_object = {"name": "my_object", "description": "my_object description"}
- _tmp = self.manager.add_object_dict(
+ _tmp = self.admin_manager.add_object_dict(
admin_subject_id,
authz_ie_dict["id"],
my_object
@@ -1104,13 +1051,13 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
self.assertRaises(
ActionUnknown,
- self.manager.authz,
+ self.authz_manager.authz,
tenant["name"], demo_subject_dict["name"], my_object["name"], uuid.uuid4().hex
)
# Test when subject and object and action are known
my_action = {"name": "my_action", "description": "my_action description"}
- _tmp = self.manager.add_action_dict(
+ _tmp = self.admin_manager.add_action_dict(
admin_subject_id,
authz_ie_dict["id"],
my_action
@@ -1119,13 +1066,13 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
self.assertRaises(
AuthzException,
- self.manager.authz,
+ self.authz_manager.authz,
tenant["name"], demo_subject_dict["name"], my_object["name"], my_action["name"]
)
# Add a subject scope and test ObjectCategoryAssignmentOutOfScope
my_subject_category = {"name": "my_subject_category", "description": "my_subject_category description"}
- _tmp = self.manager.add_subject_category_dict(
+ _tmp = self.admin_manager.add_subject_category_dict(
admin_subject_id,
authz_ie_dict["id"],
my_subject_category
@@ -1133,7 +1080,7 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
my_subject_category["id"] = _tmp.keys()[0]
my_subject_scope = {"name": "my_subject_scope", "description": "my_subject_scope description"}
- _tmp = self.manager.add_subject_scope_dict(
+ _tmp = self.admin_manager.add_subject_scope_dict(
admin_subject_id,
authz_ie_dict["id"],
my_subject_category["id"],
@@ -1143,13 +1090,13 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
self.assertRaises(
AuthzException,
- self.manager.authz,
+ self.authz_manager.authz,
tenant["name"], demo_subject_dict["name"], my_object["name"], my_action["name"]
)
# Add an object scope and test ActionCategoryAssignmentOutOfScope
my_object_category = {"name": "my_object_category", "description": "my_object_category description"}
- _tmp = self.manager.add_object_category_dict(
+ _tmp = self.admin_manager.add_object_category_dict(
admin_subject_id,
authz_ie_dict["id"],
my_object_category
@@ -1157,7 +1104,7 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
my_object_category["id"] = _tmp.keys()[0]
my_object_scope = {"name": "my_object_scope", "description": "my_object_scope description"}
- _tmp = self.manager.add_object_scope_dict(
+ _tmp = self.admin_manager.add_object_scope_dict(
admin_subject_id,
authz_ie_dict["id"],
my_object_category["id"],
@@ -1167,13 +1114,13 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
self.assertRaises(
AuthzException,
- self.manager.authz,
+ self.authz_manager.authz,
tenant["name"], demo_subject_dict["name"], my_object["name"], my_action["name"]
)
# Add an action scope and test SubjectCategoryAssignmentUnknown
my_action_category = {"name": "my_action_category", "description": "my_action_category description"}
- _tmp = self.manager.add_action_category_dict(
+ _tmp = self.admin_manager.add_action_category_dict(
admin_subject_id,
authz_ie_dict["id"],
my_action_category
@@ -1181,7 +1128,7 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
my_action_category["id"] = _tmp.keys()[0]
my_action_scope = {"name": "my_action_scope", "description": "my_action_scope description"}
- _tmp = self.manager.add_action_scope_dict(
+ _tmp = self.admin_manager.add_action_scope_dict(
admin_subject_id,
authz_ie_dict["id"],
my_action_category["id"],
@@ -1191,12 +1138,12 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
self.assertRaises(
AuthzException,
- self.manager.authz,
+ self.authz_manager.authz,
tenant["name"], demo_subject_dict["name"], my_object["name"], my_action["name"]
)
# Add a subject assignment and test ObjectCategoryAssignmentUnknown
- self.manager.add_subject_assignment_list(
+ self.admin_manager.add_subject_assignment_list(
admin_subject_id,
authz_ie_dict["id"],
demo_subject_id,
@@ -1206,12 +1153,12 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
self.assertRaises(
AuthzException,
- self.manager.authz,
+ self.authz_manager.authz,
tenant["name"], demo_subject_dict["name"], my_object["name"], my_action["name"]
)
# Add an object assignment and test ActionCategoryAssignmentUnknown
- self.manager.add_object_assignment_list(
+ self.admin_manager.add_object_assignment_list(
admin_subject_id,
authz_ie_dict["id"],
my_object["id"],
@@ -1221,12 +1168,12 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
self.assertRaises(
AuthzException,
- self.manager.authz,
+ self.authz_manager.authz,
tenant["name"], demo_subject_dict["name"], my_object["name"], my_action["name"]
)
# Add an action assignment and test RuleUnknown
- self.manager.add_action_assignment_list(
+ self.admin_manager.add_action_assignment_list(
admin_subject_id,
authz_ie_dict["id"],
my_action["id"],
@@ -1236,7 +1183,7 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
self.assertRaises(
AuthzException,
- self.manager.authz,
+ self.authz_manager.authz,
tenant["name"], admin_subject_dict["name"], my_object["name"], my_action["name"]
)
@@ -1248,15 +1195,15 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
"action_categories": [my_action_category["id"], ],
"object_categories": [my_object_category["id"], ]
}
- print("my_meta_rule", my_meta_rule)
- sub_meta_rules_dict = self.manager.get_sub_meta_rules_dict(
+ sub_meta_rules_dict = self.authz_manager.get_sub_meta_rules_dict(
admin_subject_id,
authz_ie_dict["id"]
)
+ print("authz_ie_dict[\"id\"]", authz_ie_dict["id"])
self.assertRaises(
SubMetaRuleAlgorithmNotExisting,
- self.manager.add_sub_meta_rule_dict,
+ self.admin_manager.add_sub_meta_rule_dict,
admin_subject_id,
authz_ie_dict["id"],
my_meta_rule
@@ -1264,19 +1211,31 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
# TODO: the next request should be called with demo_subject_id
# but the demo user has no right in the root intra_extension
- algorithms = self.configuration_api.get_sub_meta_rule_algorithms_dict(admin_subject_id)
- for algorithm_id in algorithms:
- if algorithms[algorithm_id]["name"] == "inclusion":
- my_meta_rule["algorithm"] = algorithm_id
+ # algorithms = self.configuration_api.get_sub_meta_rule_algorithms_dict(admin_subject_id)
+ # for algorithm_id in algorithms:
+ # if algorithms[algorithm_id]["name"] == "inclusion":
+ # my_meta_rule["algorithm"] = algorithm_id
+ my_meta_rule['algorithm'] = 'inclusion'
- sub_meta_rule = self.manager.add_sub_meta_rule_dict(
+ sub_meta_rule = self.admin_manager.add_sub_meta_rule_dict(
admin_subject_id,
authz_ie_dict["id"],
my_meta_rule
)
- sub_meta_rule_id, sub_meta_rule_dict = sub_meta_rule.iteritems().next()
-
- rule = self.manager.add_rule_dict(
+ sub_meta_rule_id, sub_meta_rule_dict = None, None
+ for key, value in sub_meta_rule.iteritems():
+ if value["name"] == my_meta_rule["name"]:
+ sub_meta_rule_id, sub_meta_rule_dict = key, value
+ break
+
+ aggregation_algorithms = self.configuration_api.get_aggregation_algorithms_dict(admin_subject_id)
+ for _id in aggregation_algorithms:
+ if aggregation_algorithms[_id]["name"] == "one_true":
+ agg = self.admin_manager.set_aggregation_algorithm_dict(admin_subject_id, authz_ie_dict["id"],
+ _id,
+ aggregation_algorithms[_id])
+
+ rule = self.admin_manager.add_rule_dict(
admin_subject_id,
authz_ie_dict["id"],
sub_meta_rule_id,
@@ -1285,11 +1244,11 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
self.assertRaises(
AuthzException,
- self.manager.authz,
+ self.authz_manager.authz,
tenant["name"], admin_subject_dict["name"], my_object["name"], my_action["name"]
)
- result = self.manager.authz(tenant["name"], demo_subject_dict["name"], my_object["name"], my_action["name"])
+ result = self.authz_manager.authz(tenant["name"], demo_subject_dict["name"], my_object["name"], my_action["name"])
self.assertEqual(True, result)
def test_subjects(self):
@@ -1298,12 +1257,10 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
- subjects = self.manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"])
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ subjects = self.authz_manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"])
self.assertIsInstance(subjects, dict)
for key, value in subjects.iteritems():
self.assertIsInstance(value, dict)
@@ -1316,7 +1273,7 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
new_subject = {"name": "subject_test", "description": "subject_test"}
self.assertRaises(
AuthzException,
- self.manager.add_subject_dict,
+ self.admin_manager.add_subject_dict,
demo_subject_id, admin_ie_dict["id"], new_subject)
subjects = self.admin_manager.add_subject_dict(admin_subject_id, authz_ie_dict["id"], new_subject)
@@ -1333,11 +1290,11 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
# Delete the new subject
self.assertRaises(
AuthzException,
- self.manager.del_subject,
+ self.authz_manager.del_subject,
demo_subject_id, authz_ie_dict["id"], new_subject["id"])
self.admin_manager.del_subject(admin_subject_id, authz_ie_dict["id"], new_subject["id"])
- subjects = self.manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"])
+ subjects = self.authz_manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"])
for key, value in subjects.iteritems():
self.assertIsInstance(value, dict)
self.assertIn("name", value)
@@ -1350,12 +1307,10 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
- objects = self.manager.get_objects_dict(admin_subject_id, authz_ie_dict["id"])
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ objects = self.authz_manager.get_objects_dict(admin_subject_id, authz_ie_dict["id"])
objects_id_list = []
self.assertIsInstance(objects, dict)
for key, value in objects.iteritems():
@@ -1364,39 +1319,39 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
self.assertIn("name", value)
self.assertIn("description", value)
- create_user(self, "subject_test")
+ # create_user(self, "subject_test")
new_object = {"name": "object_test", "description": "object_test"}
self.assertRaises(
AuthzException,
- self.manager.add_object_dict,
+ self.authz_manager.add_object_dict,
demo_subject_id, admin_ie_dict["id"], new_object)
self.assertRaises(
ObjectsWriteNoAuthorized,
self.admin_manager.add_object_dict,
- admin_subject_id, authz_ie_dict["id"], new_object
+ admin_subject_id, admin_ie_dict["id"], new_object
)
# Delete the new object
for key in objects_id_list:
self.assertRaises(
AuthzException,
- self.manager.del_object,
+ self.authz_manager.del_object,
demo_subject_id, authz_ie_dict["id"], key)
self.assertRaises(
AuthzException,
- self.manager.del_object,
+ self.authz_manager.del_object,
admin_subject_id, authz_ie_dict["id"], key)
for key in objects_id_list:
self.assertRaises(
ObjectsWriteNoAuthorized,
self.admin_manager.del_object,
- demo_subject_id, authz_ie_dict["id"], key)
+ demo_subject_id, admin_ie_dict["id"], key)
self.assertRaises(
ObjectsWriteNoAuthorized,
self.admin_manager.del_object,
- admin_subject_id, authz_ie_dict["id"], key)
+ admin_subject_id, admin_ie_dict["id"], key)
def test_actions(self):
authz_ie_dict = create_intra_extension(self, "policy_authz")
@@ -1404,12 +1359,10 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
- actions = self.manager.get_actions_dict(admin_subject_id, authz_ie_dict["id"])
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ actions = self.authz_manager.get_actions_dict(admin_subject_id, authz_ie_dict["id"])
actions_id_list = []
self.assertIsInstance(actions, dict)
for key, value in actions.iteritems():
@@ -1422,35 +1375,35 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
new_action = {"name": "action_test", "description": "action_test"}
self.assertRaises(
AuthzException,
- self.manager.add_action_dict,
+ self.authz_manager.add_action_dict,
demo_subject_id, admin_ie_dict["id"], new_action)
self.assertRaises(
ActionsWriteNoAuthorized,
self.admin_manager.add_action_dict,
- admin_subject_id, authz_ie_dict["id"], new_action
+ admin_subject_id, admin_ie_dict["id"], new_action
)
# Delete all actions
for key in actions_id_list:
self.assertRaises(
AuthzException,
- self.manager.del_action,
+ self.authz_manager.del_action,
demo_subject_id, authz_ie_dict["id"], key)
self.assertRaises(
AuthzException,
- self.manager.del_action,
+ self.authz_manager.del_action,
admin_subject_id, authz_ie_dict["id"], key)
for key in actions_id_list:
self.assertRaises(
ActionsWriteNoAuthorized,
self.admin_manager.del_action,
- demo_subject_id, authz_ie_dict["id"], key)
+ demo_subject_id, admin_ie_dict["id"], key)
self.assertRaises(
ActionsWriteNoAuthorized,
self.admin_manager.del_action,
- admin_subject_id, authz_ie_dict["id"], key)
+ admin_subject_id, admin_ie_dict["id"], key)
def test_subject_categories(self):
authz_ie_dict = create_intra_extension(self, "policy_authz")
@@ -1458,12 +1411,10 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
- subject_categories = self.manager.get_subject_categories_dict(admin_subject_id, authz_ie_dict["id"])
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ subject_categories = self.authz_manager.get_subject_categories_dict(admin_subject_id, authz_ie_dict["id"])
self.assertIsInstance(subject_categories, dict)
for key, value in subject_categories.iteritems():
self.assertIsInstance(value, dict)
@@ -1473,7 +1424,7 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
new_subject_category = {"name": "subject_category_test", "description": "subject_category_test"}
self.assertRaises(
AuthzException,
- self.manager.add_subject_category_dict,
+ self.authz_manager.add_subject_category_dict,
demo_subject_id, admin_ie_dict["id"], new_subject_category)
subject_categories = self.admin_manager.add_subject_category_dict(admin_subject_id, authz_ie_dict["id"], new_subject_category)
@@ -1490,11 +1441,11 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
# Delete the new subject_category
self.assertRaises(
AuthzException,
- self.manager.del_subject_category,
+ self.authz_manager.del_subject_category,
demo_subject_id, authz_ie_dict["id"], new_subject_category["id"])
self.admin_manager.del_subject_category(admin_subject_id, authz_ie_dict["id"], new_subject_category["id"])
- subject_categories = self.manager.get_subject_categories_dict(admin_subject_id, authz_ie_dict["id"])
+ subject_categories = self.authz_manager.get_subject_categories_dict(admin_subject_id, authz_ie_dict["id"])
for key, value in subject_categories.iteritems():
self.assertIsInstance(value, dict)
self.assertIn("name", value)
@@ -1507,12 +1458,10 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
- object_categories = self.manager.get_object_categories_dict(admin_subject_id, authz_ie_dict["id"])
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ object_categories = self.authz_manager.get_object_categories_dict(admin_subject_id, authz_ie_dict["id"])
self.assertIsInstance(object_categories, dict)
for key, value in object_categories.iteritems():
self.assertIsInstance(value, dict)
@@ -1522,7 +1471,7 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
new_object_category = {"name": "object_category_test", "description": "object_category_test"}
self.assertRaises(
AuthzException,
- self.manager.add_object_category_dict,
+ self.authz_manager.add_object_category_dict,
demo_subject_id, admin_ie_dict["id"], new_object_category)
object_categories = self.admin_manager.add_object_category_dict(admin_subject_id, authz_ie_dict["id"], new_object_category)
@@ -1539,11 +1488,11 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
# Delete the new object_category
self.assertRaises(
AuthzException,
- self.manager.del_object_category,
+ self.authz_manager.del_object_category,
demo_subject_id, authz_ie_dict["id"], new_object_category["id"])
self.admin_manager.del_object_category(admin_subject_id, authz_ie_dict["id"], new_object_category["id"])
- object_categories = self.manager.get_object_categories_dict(admin_subject_id, authz_ie_dict["id"])
+ object_categories = self.authz_manager.get_object_categories_dict(admin_subject_id, authz_ie_dict["id"])
for key, value in object_categories.iteritems():
self.assertIsInstance(value, dict)
self.assertIn("name", value)
@@ -1556,12 +1505,10 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
- action_categories = self.manager.get_action_categories_dict(admin_subject_id, authz_ie_dict["id"])
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ action_categories = self.authz_manager.get_action_categories_dict(admin_subject_id, authz_ie_dict["id"])
self.assertIsInstance(action_categories, dict)
for key, value in action_categories.iteritems():
self.assertIsInstance(value, dict)
@@ -1571,7 +1518,7 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
new_action_category = {"name": "action_category_test", "description": "action_category_test"}
self.assertRaises(
AuthzException,
- self.manager.add_action_category_dict,
+ self.authz_manager.add_action_category_dict,
demo_subject_id, admin_ie_dict["id"], new_action_category)
action_categories = self.admin_manager.add_action_category_dict(admin_subject_id, authz_ie_dict["id"], new_action_category)
@@ -1588,11 +1535,11 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
# Delete the new action_category
self.assertRaises(
AuthzException,
- self.manager.del_action_category,
+ self.authz_manager.del_action_category,
demo_subject_id, authz_ie_dict["id"], new_action_category["id"])
self.admin_manager.del_action_category(admin_subject_id, authz_ie_dict["id"], new_action_category["id"])
- action_categories = self.manager.get_action_categories_dict(admin_subject_id, authz_ie_dict["id"])
+ action_categories = self.authz_manager.get_action_categories_dict(admin_subject_id, authz_ie_dict["id"])
for key, value in action_categories.iteritems():
self.assertIsInstance(value, dict)
self.assertIn("name", value)
@@ -1605,11 +1552,9 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
subject_categories = self.admin_manager.add_subject_category_dict(
admin_subject_id,
@@ -1622,7 +1567,7 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
for subject_category_id in subject_categories:
- subject_category_scope = self.manager.get_subject_scopes_dict(
+ subject_category_scope = self.authz_manager.get_subject_scopes_dict(
admin_subject_id,
authz_ie_dict["id"],
subject_category_id)
@@ -1677,11 +1622,9 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
object_categories = self.admin_manager.add_object_category_dict(
admin_subject_id,
@@ -1694,7 +1637,7 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
for object_category_id in object_categories:
- object_category_scope = self.manager.get_object_scopes_dict(
+ object_category_scope = self.authz_manager.get_object_scopes_dict(
admin_subject_id,
authz_ie_dict["id"],
object_category_id)
@@ -1749,11 +1692,9 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
action_categories = self.admin_manager.add_action_category_dict(
admin_subject_id,
@@ -1766,7 +1707,7 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
for action_category_id in action_categories:
- action_category_scope = self.manager.get_action_scopes_dict(
+ action_category_scope = self.authz_manager.get_action_scopes_dict(
admin_subject_id,
authz_ie_dict["id"],
action_category_id)
@@ -1821,17 +1762,15 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
admin_authz_subject_id, admin_authz_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], authz_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], authz_ie_dict['id'], 'admin').iteritems().next()
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
demo_authz_subject_id, demo_authz_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], authz_ie_dict['id'], 'demo').iteritems().next()
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], authz_ie_dict['id'], 'demo').iteritems().next()
- subjects_dict = self.manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"])
+ subjects_dict = self.authz_manager.get_subjects_dict(admin_subject_id, authz_ie_dict["id"])
subject_categories = self.admin_manager.add_subject_category_dict(
admin_subject_id,
@@ -1843,7 +1782,7 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
)
for subject_category_id in subject_categories:
- subject_category_scope = self.manager.get_subject_scopes_dict(
+ subject_category_scope = self.authz_manager.get_subject_scopes_dict(
admin_subject_id,
authz_ie_dict["id"],
subject_category_id)
@@ -1874,7 +1813,7 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
new_subject_category_scope_2)
subject_category_scope_2_id = subject_category_scope_2.keys()[0]
- subject_category_assignments = self.manager.get_subject_assignment_list(
+ subject_category_assignments = self.authz_manager.get_subject_assignment_list(
admin_subject_id,
authz_ie_dict["id"],
admin_authz_subject_id,
@@ -1883,7 +1822,7 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
self.assertIsInstance(subject_category_assignments, list)
self.assertEqual([], subject_category_assignments)
- subject_category_assignments = self.manager.get_subject_assignment_list(
+ subject_category_assignments = self.authz_manager.get_subject_assignment_list(
admin_subject_id,
authz_ie_dict["id"],
demo_authz_subject_id,
@@ -1894,14 +1833,14 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
self.assertRaises(
AuthzException,
- self.manager.add_subject_assignment_list,
+ self.authz_manager.add_subject_assignment_list,
demo_subject_id, authz_ie_dict["id"],
admin_authz_subject_id, subject_category_id, subject_category_scope_1_id
)
self.assertRaises(
AuthzException,
- self.manager.add_subject_assignment_list,
+ self.authz_manager.add_subject_assignment_list,
demo_subject_id, authz_ie_dict["id"],
demo_authz_subject_id, subject_category_id, subject_category_scope_2_id
)
@@ -1973,13 +1912,11 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
- objects_dict = self.manager.get_objects_dict(admin_subject_id, authz_ie_dict["id"])
+ objects_dict = self.authz_manager.get_objects_dict(admin_subject_id, authz_ie_dict["id"])
object_vm1_id = None
object_vm2_id = None
@@ -2001,7 +1938,7 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
)
for object_category_id in object_categories:
- object_category_scope = self.manager.get_object_scopes_dict(
+ object_category_scope = self.authz_manager.get_object_scopes_dict(
admin_subject_id,
authz_ie_dict["id"],
object_category_id)
@@ -2032,7 +1969,7 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
new_object_category_scope_2)
object_category_scope_2_id = object_category_scope_2.keys()[0]
- object_category_assignments = self.manager.get_object_assignment_list(
+ object_category_assignments = self.authz_manager.get_object_assignment_list(
admin_subject_id,
authz_ie_dict["id"],
object_vm1_id,
@@ -2041,7 +1978,7 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
self.assertIsInstance(object_category_assignments, list)
self.assertEqual([], object_category_assignments)
- object_category_assignments = self.manager.get_object_assignment_list(
+ object_category_assignments = self.authz_manager.get_object_assignment_list(
admin_subject_id,
authz_ie_dict["id"],
object_vm2_id,
@@ -2052,14 +1989,14 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
self.assertRaises(
AuthzException,
- self.manager.add_object_assignment_list,
+ self.authz_manager.add_object_assignment_list,
demo_subject_id, authz_ie_dict["id"],
object_vm1_id, object_category_id, object_category_scope_1_id
)
self.assertRaises(
AuthzException,
- self.manager.add_object_assignment_list,
+ self.authz_manager.add_object_assignment_list,
demo_subject_id, authz_ie_dict["id"],
object_vm2_id, object_category_id, object_category_scope_2_id
)
@@ -2131,13 +2068,11 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
- actions_dict = self.manager.get_actions_dict(admin_subject_id, authz_ie_dict["id"])
+ actions_dict = self.authz_manager.get_actions_dict(admin_subject_id, authz_ie_dict["id"])
action_upload_id = None
action_list_id = None
@@ -2159,7 +2094,7 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
)
for action_category_id in action_categories:
- action_category_scope = self.manager.get_action_scopes_dict(
+ action_category_scope = self.authz_manager.get_action_scopes_dict(
admin_subject_id,
authz_ie_dict["id"],
action_category_id)
@@ -2190,7 +2125,7 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
new_action_category_scope_2)
action_category_scope_2_id = action_category_scope_2.keys()[0]
- action_category_assignments = self.manager.get_action_assignment_list(
+ action_category_assignments = self.authz_manager.get_action_assignment_list(
admin_subject_id,
authz_ie_dict["id"],
action_upload_id,
@@ -2199,7 +2134,7 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
self.assertIsInstance(action_category_assignments, list)
self.assertEqual([], action_category_assignments)
- action_category_assignments = self.manager.get_action_assignment_list(
+ action_category_assignments = self.authz_manager.get_action_assignment_list(
admin_subject_id,
authz_ie_dict["id"],
action_list_id,
@@ -2210,14 +2145,14 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
self.assertRaises(
AuthzException,
- self.manager.add_action_assignment_list,
+ self.authz_manager.add_action_assignment_list,
demo_subject_id, authz_ie_dict["id"],
action_upload_id, action_category_id, action_category_scope_1_id
)
self.assertRaises(
AuthzException,
- self.manager.add_action_assignment_list,
+ self.authz_manager.add_action_assignment_list,
demo_subject_id, authz_ie_dict["id"],
action_list_id, action_category_id, action_category_scope_2_id
)
@@ -2289,11 +2224,9 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.admin_manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
aggregation_algorithms = self.admin_manager.get_aggregation_algorithm_dict(admin_subject_id, authz_ie_dict["id"])
for key, value in aggregation_algorithms.iteritems():
@@ -2331,11 +2264,9 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
tenant, mapping = create_mapping(self, "demo", authz_ie_dict['id'], admin_ie_dict['id'])
admin_subject_id, admin_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
- demo_subject_dict = self.admin_manager.add_subject_dict(admin_subject_id, admin_ie_dict["id"],
- {"name": "demo", "description": "demo"})
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'admin').iteritems().next()
demo_subject_id, demo_subject_dict = \
- self.tenant_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
+ self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
sub_meta_rules = self.admin_manager.get_sub_meta_rules_dict(admin_subject_id, authz_ie_dict["id"])
self.assertIsInstance(sub_meta_rules, dict)
diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_log.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_log.py
index 17e70018..37d210aa 100644
--- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_log.py
+++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_log.py
@@ -17,7 +17,7 @@ from keystone import resource
from keystone.contrib.moon.exception import *
from keystone.tests.unit import default_fixtures
from keystone.contrib.moon.core import LogManager, TenantManager
-from keystone.contrib.moon.core import ADMIN_ID
+from keystone.tests.moon.unit import *
CONF = cfg.CONF
@@ -41,15 +41,18 @@ class TestIntraExtensionAdminManager(tests.TestCase):
def setUp(self):
self.useFixture(database.Database())
super(TestIntraExtensionAdminManager, self).setUp()
- self.load_backends()
self.load_fixtures(default_fixtures)
- self.admin = self.create_user(username="admin")
- self.demo = self.create_user(username="demo")
- self.root_intra_extension = self.create_intra_extension(policy_model="policy_root")
- # force re-initialization of the ADMIN_ID variable
- from keystone.contrib.moon.core import ADMIN_ID
- self.ADMIN_ID = ADMIN_ID
- self.manager = IntraExtensionAdminManager()
+ self.load_backends()
+ domain = {'id': "default", 'name': "default"}
+ self.resource_api.create_domain(domain['id'], domain)
+ self.admin = create_user(self, username="admin")
+ self.demo = create_user(self, username="demo")
+ self.root_intra_extension = self.root_api.get_root_extension_dict()
+ self.root_intra_extension_id = self.root_intra_extension.keys()[0]
+ self.ADMIN_ID = self.root_api.get_root_admin_id()
+ self.authz_manager = self.authz_api
+ self.admin_manager = self.admin_api
+ self.tenant_manager = self.tenant_api
def __get_key_from_value(self, value, values_dict):
return filter(lambda v: v[1] == value, values_dict.iteritems())[0][0]
@@ -71,43 +74,6 @@ class TestIntraExtensionAdminManager(tests.TestCase):
group='moon',
policy_directory=self.policy_directory)
- def create_intra_extension(self, policy_model="policy_rbac_admin"):
- # Create the admin user because IntraExtension needs it
- self.admin = self.identity_api.create_user(USER_ADMIN)
- IE["policymodel"] = policy_model
- self.ref = self.manager.load_intra_extension_dict(ADMIN_ID, intra_extension_dict=IE)
- self.assertIsInstance(self.ref, dict)
- self.create_tenant(self.ref["id"])
-
- def create_tenant(self, authz_uuid):
- tenant = {
- "id": uuid.uuid4().hex,
- "name": "TestAuthzIntraExtensionManager",
- "enabled": True,
- "description": "",
- "domain_id": "default"
- }
- project = self.resource_api.create_project(tenant["id"], tenant)
- mapping = self.tenant_api.set_tenant_dict(project["id"], project["name"], authz_uuid, None)
- self.assertIsInstance(mapping, dict)
- self.assertIn("authz", mapping)
- self.assertEqual(mapping["authz"], authz_uuid)
- return mapping
-
- def create_user(self, username="TestAdminIntraExtensionManagerUser"):
- user = {
- "id": uuid.uuid4().hex,
- "name": username,
- "enabled": True,
- "description": "",
- "domain_id": "default"
- }
- _user = self.identity_api.create_user(user)
- return _user
-
- def delete_admin_intra_extension(self):
- self.manager.del_intra_extension(self.ref["id"])
-
def send_logs(self):
log_authz = "Test for authz " + uuid.uuid4().hex
logs = []
diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py
index 995b6a54..3c136ccd 100644
--- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py
+++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py
@@ -14,8 +14,8 @@ from keystone.contrib.moon.exception import *
from keystone.tests.unit import default_fixtures
from keystone.contrib.moon.core import LogManager
from keystone.contrib.moon.core import ConfigurationManager
-from keystone.contrib.moon.core import ADMIN_ID
from keystone.common import dependency
+from keystone.tests.moon.unit import *
CONF = cfg.CONF
@@ -37,17 +37,18 @@ class TestTenantManager(tests.TestCase):
def setUp(self):
self.useFixture(database.Database())
super(TestTenantManager, self).setUp()
- self.load_backends()
self.load_fixtures(default_fixtures)
- self.admin = self.create_user(username="admin")
- self.demo = self.create_user(username="demo")
- self.root_intra_extension = self.create_intra_extension(policy_model="policy_root")
- # force re-initialization of the ADMIN_ID variable
- from keystone.contrib.moon.core import ADMIN_ID
- self.ADMIN_ID = ADMIN_ID
- self.manager = self.tenant_api
- # self.configuration_api = self.configuration_api
- # self.configuration_api.init_default_variables()
+ self.load_backends()
+ domain = {'id': "default", 'name': "default"}
+ self.resource_api.create_domain(domain['id'], domain)
+ self.admin = create_user(self, username="admin")
+ self.demo = create_user(self, username="demo")
+ self.root_intra_extension = self.root_api.get_root_extension_dict()
+ self.root_intra_extension_id = self.root_intra_extension.keys()[0]
+ self.ADMIN_ID = self.root_api.get_root_admin_id()
+ self.authz_manager = self.authz_api
+ self.admin_manager = self.admin_api
+ self.tenant_manager = self.tenant_api
def load_extra_backends(self):
return {
@@ -67,30 +68,9 @@ class TestTenantManager(tests.TestCase):
group='moon',
policy_directory=self.policy_directory)
- def create_user(self, username="admin"):
-
- _USER = dict(USER)
- _USER["name"] = username
- return self.identity_api.create_user(_USER)
-
- def create_intra_extension(self, policy_model="policy_authz"):
-
- IE["model"] = policy_model
- IE["name"] = uuid.uuid4().hex
- genre = "admin"
- if "authz" in policy_model:
- genre = "authz"
- IE["genre"] = genre
- # force re-initialization of the ADMIN_ID variable
- from keystone.contrib.moon.core import ADMIN_ID
- self.ADMIN_ID = ADMIN_ID
- ref = self.admin_api.load_intra_extension_dict(self.ADMIN_ID, intra_extension_dict=IE)
- self.assertIsInstance(ref, dict)
- return ref
-
def test_add_tenant(self):
- authz_intra_extension = self.create_intra_extension(policy_model="policy_authz")
- admin_intra_extension = self.create_intra_extension(policy_model="policy_admin")
+ authz_intra_extension = create_intra_extension(self, policy_model="policy_authz")
+ admin_intra_extension = create_intra_extension(self, policy_model="policy_admin")
new_tenant = {
"id": uuid.uuid4().hex,
"name": "demo",
@@ -98,129 +78,128 @@ class TestTenantManager(tests.TestCase):
"intra_authz_extension_id": authz_intra_extension['id'],
"intra_admin_extension_id": admin_intra_extension['id'],
}
- data = self.manager.add_tenant_dict(user_id=self.ADMIN_ID, tenant_dict=new_tenant)
- self.assertEquals(new_tenant["id"], data["id"])
- self.assertEquals(new_tenant["name"], data['tenant']["name"])
- self.assertEquals(new_tenant["intra_authz_extension_id"], data['tenant']["intra_authz_extension_id"])
- self.assertEquals(new_tenant["intra_admin_extension_id"], data['tenant']["intra_admin_extension_id"])
- data = self.manager.get_tenants_dict(self.ADMIN_ID)
+ data = self.tenant_manager.add_tenant_dict(user_id=self.ADMIN_ID, tenant_dict=new_tenant)
+ data_id = data.keys()[0]
+ self.assertEquals(new_tenant["id"], data_id)
+ self.assertEquals(new_tenant["name"], data[data_id]["name"])
+ self.assertEquals(new_tenant["intra_authz_extension_id"], data[data_id]["intra_authz_extension_id"])
+ self.assertEquals(new_tenant["intra_admin_extension_id"], data[data_id]["intra_admin_extension_id"])
+ data = self.tenant_manager.get_tenants_dict(self.ADMIN_ID)
self.assertNotEqual(data, {})
data = self.admin_api.get_intra_extension_dict(self.ADMIN_ID, new_tenant["intra_authz_extension_id"])
- self.assertEquals(new_tenant["intra_authz_extension_id"], data["id"])
+ data_id = data["id"]
+ self.assertEquals(new_tenant["intra_authz_extension_id"], data_id)
data = self.admin_api.get_intra_extension_dict(self.ADMIN_ID, new_tenant["intra_admin_extension_id"])
- self.assertEquals(new_tenant["intra_admin_extension_id"], data["id"])
+ data_id = data["id"]
+ self.assertEquals(new_tenant["intra_admin_extension_id"], data_id)
def test_del_tenant(self):
- authz_intra_extension = self.create_intra_extension(policy_model="policy_authz")
- admin_intra_extension = self.create_intra_extension(policy_model="policy_admin")
+ authz_intra_extension = create_intra_extension(self, policy_model="policy_authz")
+ admin_intra_extension = create_intra_extension(self, policy_model="policy_admin")
new_tenant = {
- "id": uuid.uuid4().hex,
"name": "demo",
"description": uuid.uuid4().hex,
"intra_authz_extension_id": authz_intra_extension['id'],
"intra_admin_extension_id": admin_intra_extension['id'],
}
- data = self.manager.add_tenant_dict(user_id=self.ADMIN_ID, tenant_dict=new_tenant)
- self.assertEquals(new_tenant["id"], data["id"])
- self.assertEquals(new_tenant["name"], data['tenant']["name"])
- self.assertEquals(new_tenant["intra_authz_extension_id"], data['tenant']["intra_authz_extension_id"])
- self.assertEquals(new_tenant["intra_admin_extension_id"], data['tenant']["intra_admin_extension_id"])
- data = self.manager.get_tenants_dict(self.ADMIN_ID)
+ data = self.tenant_manager.add_tenant_dict(user_id=self.ADMIN_ID, tenant_dict=new_tenant)
+ data_id = data.keys()[0]
+ self.assertEquals(new_tenant["name"], data[data_id]["name"])
+ self.assertEquals(new_tenant["intra_authz_extension_id"], data[data_id]["intra_authz_extension_id"])
+ self.assertEquals(new_tenant["intra_admin_extension_id"], data[data_id]["intra_admin_extension_id"])
+ data = self.tenant_manager.get_tenants_dict(self.ADMIN_ID)
self.assertNotEqual(data, {})
- self.manager.del_tenant(self.ADMIN_ID, new_tenant["id"])
- data = self.manager.get_tenants_dict(self.ADMIN_ID)
+ self.tenant_manager.del_tenant(self.ADMIN_ID, data_id)
+ data = self.tenant_manager.get_tenants_dict(self.ADMIN_ID)
self.assertEqual(data, {})
def test_set_tenant(self):
- authz_intra_extension = self.create_intra_extension(policy_model="policy_authz")
- admin_intra_extension = self.create_intra_extension(policy_model="policy_admin")
+ authz_intra_extension = create_intra_extension(self, policy_model="policy_authz")
+ admin_intra_extension = create_intra_extension(self, policy_model="policy_admin")
new_tenant = {
- "id": uuid.uuid4().hex,
"name": "demo",
"description": uuid.uuid4().hex,
"intra_authz_extension_id": authz_intra_extension['id'],
"intra_admin_extension_id": admin_intra_extension['id'],
}
- data = self.manager.add_tenant_dict(user_id=self.ADMIN_ID, tenant_dict=new_tenant)
- self.assertEquals(new_tenant["id"], data["id"])
- self.assertEquals(new_tenant["name"], data['tenant']["name"])
- self.assertEquals(new_tenant["intra_authz_extension_id"], data['tenant']["intra_authz_extension_id"])
- self.assertEquals(new_tenant["intra_admin_extension_id"], data['tenant']["intra_admin_extension_id"])
- data = self.manager.get_tenants_dict(self.ADMIN_ID)
+ data = self.tenant_manager.add_tenant_dict(user_id=self.ADMIN_ID, tenant_dict=new_tenant)
+ data_id = data.keys()[0]
+ self.assertEquals(new_tenant["name"], data[data_id]["name"])
+ self.assertEquals(new_tenant["intra_authz_extension_id"], data[data_id]["intra_authz_extension_id"])
+ self.assertEquals(new_tenant["intra_admin_extension_id"], data[data_id]["intra_admin_extension_id"])
+ data = self.tenant_manager.get_tenants_dict(self.ADMIN_ID)
self.assertNotEqual(data, {})
new_tenant["name"] = "demo2"
- data = self.manager.set_tenant_dict(user_id=self.ADMIN_ID, tenant_id=new_tenant["id"], tenant_dict=new_tenant)
- self.assertEquals(new_tenant["id"], data["id"])
- self.assertEquals(new_tenant["name"], data['tenant']["name"])
- self.assertEquals(new_tenant["intra_authz_extension_id"], data['tenant']["intra_authz_extension_id"])
- self.assertEquals(new_tenant["intra_admin_extension_id"], data['tenant']["intra_admin_extension_id"])
+ print(new_tenant)
+ data = self.tenant_manager.set_tenant_dict(user_id=self.ADMIN_ID, tenant_id=data_id, tenant_dict=new_tenant)
+ data_id = data.keys()[0]
+ self.assertEquals(new_tenant["name"], data[data_id]["name"])
+ self.assertEquals(new_tenant["intra_authz_extension_id"], data[data_id]["intra_authz_extension_id"])
+ self.assertEquals(new_tenant["intra_admin_extension_id"], data[data_id]["intra_admin_extension_id"])
def test_exception_tenant_unknown(self):
- self.assertRaises(TenantUnknown, self.manager.get_tenant_dict, self.ADMIN_ID, uuid.uuid4().hex)
- self.assertRaises(TenantUnknown, self.manager.del_tenant, self.ADMIN_ID, uuid.uuid4().hex)
- self.assertRaises(TenantUnknown, self.manager.set_tenant_dict, self.ADMIN_ID, uuid.uuid4().hex, {})
+ self.assertRaises(TenantUnknown, self.tenant_manager.get_tenant_dict, self.ADMIN_ID, uuid.uuid4().hex)
+ self.assertRaises(TenantUnknown, self.tenant_manager.del_tenant, self.ADMIN_ID, uuid.uuid4().hex)
+ self.assertRaises(TenantUnknown, self.tenant_manager.set_tenant_dict, self.ADMIN_ID, uuid.uuid4().hex, {})
- authz_intra_extension = self.create_intra_extension(policy_model="policy_authz")
- admin_intra_extension = self.create_intra_extension(policy_model="policy_admin")
+ authz_intra_extension = create_intra_extension(self, policy_model="policy_authz")
+ admin_intra_extension = create_intra_extension(self, policy_model="policy_admin")
new_tenant = {
- "id": uuid.uuid4().hex,
"name": "demo",
"description": uuid.uuid4().hex,
"intra_authz_extension_id": authz_intra_extension['id'],
"intra_admin_extension_id": admin_intra_extension['id'],
}
- data = self.manager.add_tenant_dict(user_id=self.ADMIN_ID, tenant_dict=new_tenant)
- self.assertEquals(new_tenant["id"], data["id"])
- self.assertEquals(new_tenant["name"], data['tenant']["name"])
- self.assertEquals(new_tenant["intra_authz_extension_id"], data['tenant']["intra_authz_extension_id"])
- self.assertEquals(new_tenant["intra_admin_extension_id"], data['tenant']["intra_admin_extension_id"])
- data = self.manager.get_tenants_dict(self.ADMIN_ID)
+ data = self.tenant_manager.add_tenant_dict(user_id=self.ADMIN_ID, tenant_dict=new_tenant)
+ data_id = data.keys()[0]
+ self.assertEquals(new_tenant["name"], data[data_id]["name"])
+ self.assertEquals(new_tenant["intra_authz_extension_id"], data[data_id]["intra_authz_extension_id"])
+ self.assertEquals(new_tenant["intra_admin_extension_id"], data[data_id]["intra_admin_extension_id"])
+ data = self.tenant_manager.get_tenants_dict(self.ADMIN_ID)
self.assertNotEqual(data, {})
- self.assertRaises(TenantUnknown, self.manager.get_tenant_dict, self.ADMIN_ID, uuid.uuid4().hex)
+ self.assertRaises(TenantUnknown, self.tenant_manager.get_tenant_dict, self.ADMIN_ID, uuid.uuid4().hex)
def test_exception_tenant_added_name_existing(self):
- authz_intra_extension = self.create_intra_extension(policy_model="policy_authz")
- admin_intra_extension = self.create_intra_extension(policy_model="policy_admin")
+ authz_intra_extension = create_intra_extension(self, policy_model="policy_authz")
+ admin_intra_extension = create_intra_extension(self, policy_model="policy_admin")
new_tenant = {
- "id": uuid.uuid4().hex,
"name": "demo",
"description": uuid.uuid4().hex,
"intra_authz_extension_id": authz_intra_extension['id'],
"intra_admin_extension_id": admin_intra_extension['id'],
}
- data = self.manager.add_tenant_dict(user_id=self.ADMIN_ID, tenant_dict=new_tenant)
- self.assertEquals(new_tenant["id"], data["id"])
- self.assertEquals(new_tenant["name"], data['tenant']["name"])
- self.assertEquals(new_tenant["intra_authz_extension_id"], data['tenant']["intra_authz_extension_id"])
- self.assertEquals(new_tenant["intra_admin_extension_id"], data['tenant']["intra_admin_extension_id"])
- data = self.manager.get_tenants_dict(self.ADMIN_ID)
+ data = self.tenant_manager.add_tenant_dict(user_id=self.ADMIN_ID, tenant_dict=new_tenant)
+ data_id = data.keys()[0]
+ self.assertEquals(new_tenant["name"], data[data_id]["name"])
+ self.assertEquals(new_tenant["intra_authz_extension_id"], data[data_id]["intra_authz_extension_id"])
+ self.assertEquals(new_tenant["intra_admin_extension_id"], data[data_id]["intra_admin_extension_id"])
+ data = self.tenant_manager.get_tenants_dict(self.ADMIN_ID)
self.assertNotEqual(data, {})
- self.assertRaises(TenantAddedNameExisting, self.manager.add_tenant_dict, self.ADMIN_ID, new_tenant)
+ self.assertRaises(TenantAddedNameExisting, self.tenant_manager.add_tenant_dict, self.ADMIN_ID, new_tenant)
def test_exception_tenant_no_intra_extension(self):
- authz_intra_extension = self.create_intra_extension(policy_model="policy_authz")
- admin_intra_extension = self.create_intra_extension(policy_model="policy_admin")
+ authz_intra_extension = create_intra_extension(self, policy_model="policy_authz")
+ admin_intra_extension = create_intra_extension(self, policy_model="policy_admin")
new_tenant = {
- "id": uuid.uuid4().hex,
"name": "demo",
"description": uuid.uuid4().hex,
"intra_authz_extension_id": authz_intra_extension['id'],
"intra_admin_extension_id": admin_intra_extension['id'],
}
new_tenant['intra_authz_extension_id'] = None
- self.assertRaises(TenantNoIntraAuthzExtension, self.manager.add_tenant_dict, self.ADMIN_ID, new_tenant)
+ self.assertRaises(TenantNoIntraAuthzExtension, self.tenant_manager.add_tenant_dict, self.ADMIN_ID, new_tenant)
new_tenant['intra_authz_extension_id'] = authz_intra_extension['id']
- data = self.manager.add_tenant_dict(user_id=self.ADMIN_ID, tenant_dict=new_tenant)
- self.assertEquals(new_tenant["id"], data["id"])
- self.assertEquals(new_tenant["name"], data['tenant']["name"])
- self.assertEquals(new_tenant["intra_authz_extension_id"], data['tenant']["intra_authz_extension_id"])
- self.assertEquals(new_tenant["intra_admin_extension_id"], data['tenant']["intra_admin_extension_id"])
- data = self.manager.get_tenants_dict(self.ADMIN_ID)
+ data = self.tenant_manager.add_tenant_dict(user_id=self.ADMIN_ID, tenant_dict=new_tenant)
+ data_id = data.keys()[0]
+ self.assertEquals(new_tenant["name"], data[data_id]["name"])
+ self.assertEquals(new_tenant["intra_authz_extension_id"], data[data_id]["intra_authz_extension_id"])
+ self.assertEquals(new_tenant["intra_admin_extension_id"], data[data_id]["intra_admin_extension_id"])
+ data = self.tenant_manager.get_tenants_dict(self.ADMIN_ID)
self.assertNotEqual(data, {})
new_tenant['intra_authz_extension_id'] = None
new_tenant['name'] = "demo2"
- self.assertRaises(TenantNoIntraAuthzExtension, self.manager.set_tenant_dict, self.ADMIN_ID, new_tenant["id"], new_tenant)
+ self.assertRaises(TenantNoIntraAuthzExtension, self.tenant_manager.set_tenant_dict, self.ADMIN_ID, data_id, new_tenant)