summaryrefslogtreecommitdiffstats
path: root/keystone-moon/keystone
diff options
context:
space:
mode:
Diffstat (limited to 'keystone-moon/keystone')
-rw-r--r--keystone-moon/keystone/contrib/moon/core.py29
1 files changed, 17 insertions, 12 deletions
diff --git a/keystone-moon/keystone/contrib/moon/core.py b/keystone-moon/keystone/contrib/moon/core.py
index 4f8074f7..6f9832e9 100644
--- a/keystone-moon/keystone/contrib/moon/core.py
+++ b/keystone-moon/keystone/contrib/moon/core.py
@@ -411,10 +411,13 @@ class TenantManager(manager.Manager):
if 'id' not in tenant_dict:
tenant_dict['id'] = None
keystone_tenant = self.__get_keystone_tenant_dict(tenant_dict['id'], tenant_dict['name'])
- tenant_dict.update(keystone_tenant)
+ for att in keystone_tenant:
+ if keystone_tenant[att]:
+ tenant_dict[att] = keystone_tenant[att]
# Sync users between intra_authz_extension and intra_admin_extension
- if 'intra_admin_extension_id' in tenant_dict:
- if 'intra_authz_extension_id' in tenant_dict:
+ self.moonlog_api.debug("add_tenant_dict {}".format(tenant_dict))
+ if 'intra_admin_extension_id' in tenant_dict and tenant_dict['intra_admin_extension_id']:
+ if 'intra_authz_extension_id' in tenant_dict and tenant_dict['intra_authz_extension_id']:
# authz_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id'])
# admin_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id'])
# for _subject_id in authz_subjects_dict:
@@ -1239,14 +1242,14 @@ class IntraExtensionManager(manager.Manager):
def get_object_dict(self, user_id, intra_extension_id, object_id):
objects_dict = self.driver.get_objects_dict(intra_extension_id)
if object_id not in objects_dict:
- raise ObjectUnknown("Unknown object name: {}".format(object_id))
+ raise ObjectUnknown("Unknown object id: {}".format(object_id))
return objects_dict[object_id]
@filter_input
@enforce(("read", "write"), "objects")
def del_object(self, user_id, intra_extension_id, object_id):
if object_id not in self.driver.get_objects_dict(intra_extension_id):
- raise ObjectUnknown("Unknown object name: {}".format(object_id))
+ raise ObjectUnknown("Unknown object id: {}".format(object_id))
# Destroy assignments related to this category
for object_category_id in self.driver.get_object_categories_dict(intra_extension_id):
for _object_id in self.driver.get_objects_dict(intra_extension_id):
@@ -1570,7 +1573,7 @@ class IntraExtensionManager(manager.Manager):
@enforce("read", "object_categories")
def get_object_assignment_list(self, user_id, intra_extension_id, object_id, object_category_id):
if object_id not in self.driver.get_objects_dict(intra_extension_id):
- raise ObjectUnknown("Unknown object name: {}".format(object_id))
+ raise ObjectUnknown("Unknown object id: {}".format(object_id))
if object_category_id not in self.driver.get_object_categories_dict(intra_extension_id):
raise ObjectCategoryUnknown()
return self.driver.get_object_assignment_list(intra_extension_id, object_id, object_category_id)
@@ -1581,7 +1584,7 @@ class IntraExtensionManager(manager.Manager):
@enforce("read", "object_categories")
def add_object_assignment_list(self, user_id, intra_extension_id, object_id, object_category_id, object_scope_id):
if object_id not in self.driver.get_objects_dict(intra_extension_id):
- raise ObjectUnknown("Unknown object name: {}".format(object_id))
+ raise ObjectUnknown("Unknown object id: {}".format(object_id))
if object_category_id not in self.driver.get_object_categories_dict(intra_extension_id):
raise ObjectCategoryUnknown()
if object_scope_id not in self.driver.get_object_scopes_dict(intra_extension_id, object_category_id):
@@ -1597,7 +1600,7 @@ class IntraExtensionManager(manager.Manager):
@enforce("read", "object_scopes")
def del_object_assignment(self, user_id, intra_extension_id, object_id, object_category_id, object_scope_id):
if object_id not in self.driver.get_objects_dict(intra_extension_id):
- raise ObjectUnknown("Unknown object name: {}".format(object_id))
+ raise ObjectUnknown("Unknown object id: {}".format(object_id))
if object_category_id not in self.driver.get_object_categories_dict(intra_extension_id):
raise ObjectCategoryUnknown()
if object_scope_id not in self.driver.get_object_scopes_dict(intra_extension_id, object_category_id):
@@ -1820,7 +1823,9 @@ class IntraExtensionAuthzManager(IntraExtensionManager):
tenants_dict = self.tenant_api.get_tenants_dict(self.root_api.get_root_admin_id())
if tenant_id not in tenants_dict:
- raise TenantUnknown()
+ # raise TenantUnknown("Cannot authz because Tenant is unknown {}".format(tenant_id))
+ LOG.warning("Cannot authz because Tenant is not managed by Moon {}".format(tenant_id))
+ return {'authz': True, 'comment': "Cannot authz because Tenant is not managed by Moon {}".format(tenant_id)}
intra_extension_id = tenants_dict[tenant_id][genre]
if not intra_extension_id:
raise TenantNoIntraExtension()
@@ -1831,7 +1836,7 @@ class IntraExtensionAuthzManager(IntraExtensionManager):
subject_id = _subject_id
break
if not subject_id:
- raise SubjectUnknown()
+ raise SubjectUnknown("Unknown subject id: {}".format(subject_k_id))
objects_dict = self.driver.get_objects_dict(intra_extension_id)
object_id = None
for _object_id in objects_dict:
@@ -1839,7 +1844,7 @@ class IntraExtensionAuthzManager(IntraExtensionManager):
object_id = _object_id
break
if not object_id:
- raise ObjectUnknown("Unknown object name: {}".format(object_id))
+ raise ObjectUnknown("Unknown object name: {}".format(object_name))
actions_dict = self.driver.get_actions_dict(intra_extension_id)
action_id = None
@@ -1848,7 +1853,7 @@ class IntraExtensionAuthzManager(IntraExtensionManager):
action_id = _action_id
break
if not action_id:
- raise ActionUnknown()
+ raise ActionUnknown("Unknown action name: {}".format(action_name))
return super(IntraExtensionAuthzManager, self).authz(intra_extension_id, subject_id, object_id, action_id)
def add_subject_dict(self, user_id, intra_extension_id, subject_dict):