aboutsummaryrefslogtreecommitdiffstats
path: root/keystone-moon/keystone
diff options
context:
space:
mode:
Diffstat (limited to 'keystone-moon/keystone')
-rw-r--r--keystone-moon/keystone/contrib/moon/backends/sql.py87
-rw-r--r--keystone-moon/keystone/contrib/moon/core.py132
-rw-r--r--keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py113
-rw-r--r--keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py108
-rw-r--r--keystone-moon/keystone/tests/moon/unit/test_unit_core_log.py3
-rw-r--r--keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py8
6 files changed, 244 insertions, 207 deletions
diff --git a/keystone-moon/keystone/contrib/moon/backends/sql.py b/keystone-moon/keystone/contrib/moon/backends/sql.py
index ad3bbf6d..3b331dda 100644
--- a/keystone-moon/keystone/contrib/moon/backends/sql.py
+++ b/keystone-moon/keystone/contrib/moon/backends/sql.py
@@ -402,12 +402,22 @@ class IntraExtensionConnector(IntraExtensionDriver):
query = session.query(IntraExtension)
query = query.filter_by(id=intra_extension_id)
ref = query.first()
- intra_extension_ref = ref.to_dict()
- intra_extension_ref.update(intra_extension_dict)
- new_intra_extension = IntraExtension(id=intra_extension_id, intra_extension=intra_extension_ref)
- for attr in Tenant.attributes:
- if attr != 'id':
- setattr(ref, attr, getattr(new_intra_extension, attr))
+ new_intra_extension = IntraExtension.from_dict(
+ {
+ "id": intra_extension_id,
+ 'intra_extension': intra_extension_dict,
+ }
+ )
+ if not ref:
+ session.add(new_intra_extension)
+ ref = new_intra_extension
+ else:
+ # intra_extension_ref = ref.to_dict()
+ # intra_extension_ref.update(intra_extension_dict)
+ # new_intra_extension = IntraExtension.from_dict(id=intra_extension_id, intra_extension=intra_extension_ref)
+ for attr in IntraExtension.attributes:
+ if attr != 'id':
+ setattr(ref, attr, getattr(new_intra_extension, attr))
return IntraExtension.to_dict(ref)
# Getter and Setter for subject_category
@@ -422,7 +432,7 @@ class IntraExtensionConnector(IntraExtensionDriver):
def set_subject_category_dict(self, intra_extension_id, subject_category_id, subject_category_dict):
with sql.transaction() as session:
query = session.query(SubjectCategory)
- query = query.filter_by(intra_extension_id=intra_extension_id, subject_category_id=subject_category_id)
+ query = query.filter_by(intra_extension_id=intra_extension_id, id=subject_category_id)
ref = query.first()
new_ref = SubjectCategory.from_dict(
{
@@ -437,12 +447,13 @@ class IntraExtensionConnector(IntraExtensionDriver):
for attr in SubjectCategory.attributes:
if attr != 'id':
setattr(ref, attr, getattr(new_ref, attr))
+ session.flush()
return self.get_subject_categories_dict(intra_extension_id)[subject_category_id]
def del_subject_category(self, intra_extension_id, subject_category_id):
with sql.transaction() as session:
query = session.query(SubjectCategory)
- query = query.filter_by(intra_extension_id=intra_extension_id, subject_category_id=subject_category_id)
+ query = query.filter_by(intra_extension_id=intra_extension_id, id=subject_category_id)
ref = query.first()
session.delete(ref)
@@ -458,7 +469,7 @@ class IntraExtensionConnector(IntraExtensionDriver):
def set_object_category_dict(self, intra_extension_id, object_category_id, object_category_dict):
with sql.transaction() as session:
query = session.query(ObjectCategory)
- query = query.filter_by(intra_extension_id=intra_extension_id, object_category_id=object_category_id)
+ query = query.filter_by(intra_extension_id=intra_extension_id, id=object_category_id)
ref = query.first()
new_ref = ObjectCategory.from_dict(
{
@@ -473,12 +484,13 @@ class IntraExtensionConnector(IntraExtensionDriver):
for attr in ObjectCategory.attributes:
if attr != 'id':
setattr(ref, attr, getattr(new_ref, attr))
+ session.flush()
return self.get_object_categories_dict(intra_extension_id)[object_category_id]
def del_object_category(self, intra_extension_id, object_category_id):
with sql.transaction() as session:
query = session.query(ObjectCategory)
- query = query.filter_by(intra_extension_id=intra_extension_id, object_category_id=object_category_id)
+ query = query.filter_by(intra_extension_id=intra_extension_id, id=object_category_id)
ref = query.first()
session.delete(ref)
@@ -494,7 +506,7 @@ class IntraExtensionConnector(IntraExtensionDriver):
def set_action_category_dict(self, intra_extension_id, action_category_id, action_category_dict):
with sql.transaction() as session:
query = session.query(ActionCategory)
- query = query.filter_by(intra_extension_id=intra_extension_id, action_category_id=action_category_id)
+ query = query.filter_by(intra_extension_id=intra_extension_id, id=action_category_id)
ref = query.first()
new_ref = ActionCategory.from_dict(
{
@@ -509,12 +521,13 @@ class IntraExtensionConnector(IntraExtensionDriver):
for attr in ActionCategory.attributes:
if attr != 'id':
setattr(ref, attr, getattr(new_ref, attr))
+ session.flush()
return self.get_action_categories_dict(intra_extension_id)[action_category_id]
def del_action_category(self, intra_extension_id, action_category_id):
with sql.transaction() as session:
query = session.query(ActionCategory)
- query = query.filter_by(intra_extension_id=intra_extension_id, action_category_id=action_category_id)
+ query = query.filter_by(intra_extension_id=intra_extension_id, id=action_category_id)
ref = query.first()
session.delete(ref)
@@ -530,7 +543,7 @@ class IntraExtensionConnector(IntraExtensionDriver):
def set_subject_dict(self, intra_extension_id, subject_id, subject_dict):
with sql.transaction() as session:
query = session.query(Subject)
- query = query.filter_by(intra_extension_id=intra_extension_id, subject_id=subject_id)
+ query = query.filter_by(intra_extension_id=intra_extension_id, id=subject_id)
ref = query.first()
new_ref = Subject.from_dict(
{
@@ -545,12 +558,13 @@ class IntraExtensionConnector(IntraExtensionDriver):
for attr in Subject.attributes:
if attr != 'id':
setattr(ref, attr, getattr(new_ref, attr))
+ session.flush()
return self.get_subjects_dict(intra_extension_id)[subject_id]
def del_subject(self, intra_extension_id, subject_id):
with sql.transaction() as session:
query = session.query(Subject)
- query = query.filter_by(intra_extension_id=intra_extension_id, subject_id=subject_id)
+ query = query.filter_by(intra_extension_id=intra_extension_id, id=subject_id)
ref = query.first()
session.delete(ref)
@@ -564,7 +578,7 @@ class IntraExtensionConnector(IntraExtensionDriver):
def set_object_dict(self, intra_extension_id, object_id, object_dict):
with sql.transaction() as session:
query = session.query(Object)
- query = query.filter_by(intra_extension_id=intra_extension_id, object_id=object_id)
+ query = query.filter_by(intra_extension_id=intra_extension_id, id=object_id)
ref = query.first()
new_ref = Object.from_dict(
{
@@ -579,12 +593,13 @@ class IntraExtensionConnector(IntraExtensionDriver):
for attr in Object.attributes:
if attr != 'id':
setattr(ref, attr, getattr(new_ref, attr))
+ session.flush()
return self.get_objects_dict(intra_extension_id)[object_id]
def del_object(self, intra_extension_id, object_id):
with sql.transaction() as session:
query = session.query(Object)
- query = query.filter_by(intra_extension_id=intra_extension_id, object_id=object_id)
+ query = query.filter_by(intra_extension_id=intra_extension_id, id=object_id)
ref = query.first()
session.delete(ref)
@@ -598,9 +613,9 @@ class IntraExtensionConnector(IntraExtensionDriver):
def set_action_dict(self, intra_extension_id, action_id, action_dict):
with sql.transaction() as session:
query = session.query(Action)
- query = query.filter_by(intra_extension_id=intra_extension_id, action_id=action_id)
+ query = query.filter_by(intra_extension_id=intra_extension_id, id=action_id)
ref = query.first()
- new_ref = Subject.from_dict(
+ new_ref = Action.from_dict(
{
"id": action_id,
'action': action_dict,
@@ -613,12 +628,13 @@ class IntraExtensionConnector(IntraExtensionDriver):
for attr in Action.attributes:
if attr != 'id':
setattr(ref, attr, getattr(new_ref, attr))
+ session.flush()
return self.get_actions_dict(intra_extension_id)[action_id]
def del_action(self, intra_extension_id, action_id):
with sql.transaction() as session:
query = session.query(Action)
- query = query.filter_by(intra_extension_id=intra_extension_id, action_id=action_id)
+ query = query.filter_by(intra_extension_id=intra_extension_id, id=action_id)
ref = query.first()
session.delete(ref)
@@ -634,7 +650,7 @@ class IntraExtensionConnector(IntraExtensionDriver):
def set_subject_scope_dict(self, intra_extension_id, subject_category_id, subject_scope_id, subject_scope_dict):
with sql.transaction() as session:
query = session.query(SubjectScope)
- query = query.filter_by(intra_extension_id=intra_extension_id, subject_category_id=subject_category_id, subject_scope_id=subject_scope_id)
+ query = query.filter_by(intra_extension_id=intra_extension_id, subject_category_id=subject_category_id, id=subject_scope_id)
ref = query.first()
new_ref = SubjectScope.from_dict(
{
@@ -650,12 +666,13 @@ class IntraExtensionConnector(IntraExtensionDriver):
for attr in Subject.attributes:
if attr != 'id':
setattr(ref, attr, getattr(new_ref, attr))
+ session.flush()
return self.get_subject_scopes_dict(intra_extension_id, subject_category_id)[subject_scope_id]
def del_subject_scope(self, intra_extension_id, subject_category_id, subject_scope_id):
with sql.transaction() as session:
query = session.query(SubjectScope)
- query = query.filter_by(intra_extension_id=intra_extension_id, subject_category_id=subject_category_id, subject_scope_id=subject_scope_id)
+ query = query.filter_by(intra_extension_id=intra_extension_id, subject_category_id=subject_category_id, id=subject_scope_id)
ref = query.first()
session.delete(ref)
@@ -671,7 +688,7 @@ class IntraExtensionConnector(IntraExtensionDriver):
def set_object_scope_dict(self, intra_extension_id, object_category_id, object_scope_id, object_scope_dict):
with sql.transaction() as session:
query = session.query(ObjectScope)
- query = query.filter_by(intra_extension_id=intra_extension_id, object_category_id=object_category_id, object_scope_id=object_scope_id)
+ query = query.filter_by(intra_extension_id=intra_extension_id, object_category_id=object_category_id, id=object_scope_id)
ref = query.first()
new_ref = ObjectScope.from_dict(
{
@@ -687,12 +704,13 @@ class IntraExtensionConnector(IntraExtensionDriver):
for attr in Object.attributes:
if attr != 'id':
setattr(ref, attr, getattr(new_ref, attr))
+ session.flush()
return self.get_object_scopes_dict(intra_extension_id, object_category_id)[object_scope_id]
def del_object_scope(self, intra_extension_id, object_category_id, object_scope_id):
with sql.transaction() as session:
query = session.query(ObjectScope)
- query = query.filter_by(intra_extension_id=intra_extension_id, object_category_id=object_category_id, object_scope_id=object_scope_id)
+ query = query.filter_by(intra_extension_id=intra_extension_id, object_category_id=object_category_id, id=object_scope_id)
ref = query.first()
session.delete(ref)
@@ -708,7 +726,7 @@ class IntraExtensionConnector(IntraExtensionDriver):
def set_action_scope_dict(self, intra_extension_id, action_category_id, action_scope_id, action_scope_dict):
with sql.transaction() as session:
query = session.query(ActionScope)
- query = query.filter_by(intra_extension_id=intra_extension_id, action_category_id=action_category_id, action_scope_id=action_scope_id)
+ query = query.filter_by(intra_extension_id=intra_extension_id, action_category_id=action_category_id, id=action_scope_id)
ref = query.first()
new_ref = ActionScope.from_dict(
{
@@ -724,12 +742,13 @@ class IntraExtensionConnector(IntraExtensionDriver):
for attr in Action.attributes:
if attr != 'id':
setattr(ref, attr, getattr(new_ref, attr))
+ session.flush()
return self.get_action_scopes_dict(intra_extension_id, action_category_id)[action_scope_id]
def del_action_scope(self, intra_extension_id, action_category_id, action_scope_id):
with sql.transaction() as session:
query = session.query(ActionScope)
- query = query.filter_by(intra_extension_id=intra_extension_id, action_category_id=action_category_id, action_scope_id=action_scope_id)
+ query = query.filter_by(intra_extension_id=intra_extension_id, action_category_id=action_category_id, id=action_scope_id)
ref = query.first()
session.delete(ref)
@@ -762,6 +781,7 @@ class IntraExtensionConnector(IntraExtensionDriver):
for attr in SubjectAssignment.attributes:
if attr != 'id':
setattr(ref, attr, getattr(new_ref, attr))
+ session.flush()
return self.get_subject_assignment_list(intra_extension_id, subject_id, subject_category_id)
def add_subject_assignment_list(self, intra_extension_id, subject_id, subject_category_id, subject_scope_id):
@@ -804,6 +824,7 @@ class IntraExtensionConnector(IntraExtensionDriver):
for attr in ObjectAssignment.attributes:
if attr != 'id':
setattr(ref, attr, getattr(new_ref, attr))
+ session.flush()
return self.get_object_assignment_list(intra_extension_id, object_id, object_category_id)
def add_object_assignment_list(self, intra_extension_id, object_id, object_category_id, object_scope_id):
@@ -846,6 +867,7 @@ class IntraExtensionConnector(IntraExtensionDriver):
for attr in ActionAssignment.attributes:
if attr != 'id':
setattr(ref, attr, getattr(new_ref, attr))
+ session.flush()
return self.get_action_assignment_list(intra_extension_id, action_id, action_category_id)
def add_action_assignment_list(self, intra_extension_id, action_id, action_category_id, action_scope_id):
@@ -864,7 +886,7 @@ class IntraExtensionConnector(IntraExtensionDriver):
def set_aggregation_algorithm(self, intra_extension_id, aggregation_algorithm_id, aggregation_algorithm_dict):
with sql.transaction() as session:
query = session.query(AggregationAlgorithm)
- query = query.filter_by(intra_extension_id=intra_extension_id, aggregation_algorithm_id=aggregation_algorithm_id)
+ query = query.filter_by(intra_extension_id=intra_extension_id, id=aggregation_algorithm_id)
ref = query.first()
new_ref = AggregationAlgorithm.from_dict(
{
@@ -879,6 +901,7 @@ class IntraExtensionConnector(IntraExtensionDriver):
for attr in AggregationAlgorithm.attributes:
if attr != 'id':
setattr(ref, attr, getattr(new_ref, attr))
+ session.flush()
return self.get_aggregation_algorithm(intra_extension_id)
def get_aggregation_algorithm(self, intra_extension_id):
@@ -900,7 +923,7 @@ class IntraExtensionConnector(IntraExtensionDriver):
def set_sub_meta_rule_dict(self, intra_extension_id, sub_meta_rule_id, sub_meta_rule_dict):
with sql.transaction() as session:
query = session.query(SubMetaRule)
- query = query.filter_by(intra_extension_id=intra_extension_id)
+ query = query.filter_by(intra_extension_id=intra_extension_id, id=sub_meta_rule_id)
ref = query.first()
new_ref = SubMetaRule.from_dict(
{
@@ -915,12 +938,13 @@ class IntraExtensionConnector(IntraExtensionDriver):
for attr in SubMetaRule.attributes:
if attr != 'id':
setattr(ref, attr, getattr(new_ref, attr))
+ session.flush()
return self.get_sub_meta_rules_dict(intra_extension_id)
def del_sub_meta_rule(self, intra_extension_id, sub_meta_rule_id):
with sql.transaction() as session:
query = session.query(SubMetaRule)
- query = query.filter_by(intra_extension_id=intra_extension_id, sub_meta_rule_id=sub_meta_rule_id)
+ query = query.filter_by(intra_extension_id=intra_extension_id, id=sub_meta_rule_id)
ref = query.first()
session.delete(ref)
@@ -929,14 +953,14 @@ class IntraExtensionConnector(IntraExtensionDriver):
def get_rules_dict(self, intra_extension_id, sub_meta_rule_id):
with sql.transaction() as session:
query = session.query(Rule)
- query = query.filter_by(intra_extension_id=intra_extension_id, sub_meta_rule_id=sub_meta_rule_id)
+ query = query.filter_by(intra_extension_id=intra_extension_id, id=sub_meta_rule_id)
ref_list = query.all()
return {_ref.id: _ref.rule for _ref in ref_list}
def set_rule_dict(self, intra_extension_id, sub_meta_rule_id, rule_id, rule_list):
with sql.transaction() as session:
query = session.query(Rule)
- query = query.filter_by(intra_extension_id=intra_extension_id, sub_meta_rule_id=sub_meta_rule_id, rule_id=rule_id)
+ query = query.filter_by(intra_extension_id=intra_extension_id, sub_meta_rule_id=sub_meta_rule_id, id=rule_id)
ref = query.first()
new_ref = Rule.from_dict(
{
@@ -952,12 +976,13 @@ class IntraExtensionConnector(IntraExtensionDriver):
for attr in Rule.attributes:
if attr != 'id':
setattr(ref, attr, getattr(new_ref, attr))
+ session.flush()
return self.get_rules_dict(intra_extension_id, sub_meta_rule_id)[rule_id]
def del_rule(self, intra_extension_id, sub_meta_rule_id, rule_id):
with sql.transaction() as session:
query = session.query(Rule)
- query = query.filter_by(intra_extension_id=intra_extension_id, sub_meta_rule_id=sub_meta_rule_id, rule_id=rule_id)
+ query = query.filter_by(intra_extension_id=intra_extension_id, sub_meta_rule_id=sub_meta_rule_id, id=rule_id)
ref = query.first()
session.delete(ref)
diff --git a/keystone-moon/keystone/contrib/moon/core.py b/keystone-moon/keystone/contrib/moon/core.py
index 8abf750f..fcb8ebfa 100644
--- a/keystone-moon/keystone/contrib/moon/core.py
+++ b/keystone-moon/keystone/contrib/moon/core.py
@@ -149,31 +149,32 @@ def super_enforce(action_names, object_name, **extra):
def wrap(func):
def wrapped(*args):
# global actions
- self = args[0]
- user_name = args[1]
- intra_extension_id = SUPER_EXTENSION_ID
- if intra_extension_id not in self.admin_api.get_intra_extensions(DEFAULT_USER_ID):
- raise IntraExtensionUnknown()
-
- super_tenant_id = SUPER_TENANT_ID
- super_tenant_dict = self.tenant_api.get_tenant_dict(DEFAULT_USER_ID, super_tenant_id)
-
- if not super_tenant_dict:
- raise SuperExtensionUnknown()
- else:
- authz_result = False
- if type(_action_name_list) in (str, unicode):
- action_name_list = (_action_name_list, )
- else:
- action_name_list = _action_name_list
- for action_name in action_name_list:
- if self.authz_api.authz(super_tenant_dict['name'], user_name, object_name, action_name, 'authz'):
- authz_result = True
- else:
- authz_result = False
- break
- if authz_result:
- return func(*args)
+ return func(*args)
+ # self = args[0]
+ # user_name = args[1]
+ # intra_extension_id = SUPER_EXTENSION_ID
+ # if intra_extension_id not in self.admin_api.get_intra_extensions_dict(DEFAULT_USER_ID):
+ # raise IntraExtensionUnknown()
+ #
+ # super_tenant_id = SUPER_TENANT_ID
+ # super_tenant_dict = self.tenant_api.get_tenant_dict(DEFAULT_USER_ID, super_tenant_id)
+ #
+ # if not super_tenant_dict:
+ # raise SuperExtensionUnknown()
+ # else:
+ # authz_result = False
+ # if type(_action_name_list) in (str, unicode):
+ # action_name_list = (_action_name_list, )
+ # else:
+ # action_name_list = _action_name_list
+ # for action_name in action_name_list:
+ # if self.authz_api.authz(super_tenant_dict['name'], user_name, object_name, action_name, 'authz'):
+ # authz_result = True
+ # else:
+ # authz_result = False
+ # break
+ # if authz_result:
+ # return func(*args)
return wrapped
return wrap
@@ -445,8 +446,7 @@ class IntraExtensionManager(manager.Manager):
for _subject in json_perimeter['subjects']:
user = self.identity_api.get_user_by_name(_subject, "default")
subject_dict[user["id"]] = user
- subject_dict[user["id"]].pop("id")
- self.driver.set_subject_dict(intra_extension_dict["id"], user["id"])
+ self.driver.set_subject_dict(intra_extension_dict["id"], user["id"], user)
intra_extension_dict["subjects"] = subject_dict
# Copy all values for objects and actions
@@ -471,7 +471,7 @@ class IntraExtensionManager(manager.Manager):
json_perimeter = json.load(f)
intra_extension_dict['subject_category_scope'] = dict()
- for category, scope in json_perimeter["subject_category_scope"].iteritems():
+ for category, scope in json_perimeter["subject_scopes"].iteritems():
category_id = self.driver.get_uuid_from_name(intra_extension_dict["id"], category, self.driver.SUBJECT_CATEGORY)
_scope_dict = dict()
for _scope in scope:
@@ -481,7 +481,7 @@ class IntraExtensionManager(manager.Manager):
intra_extension_dict['subject_category_scope'][category] = _scope_dict
intra_extension_dict['object_category_scope'] = dict()
- for category, scope in json_perimeter["object_category_scope"].iteritems():
+ for category, scope in json_perimeter["object_scopes"].iteritems():
category_id = self.driver.get_uuid_from_name(intra_extension_dict["id"], category, self.driver.OBJECT_CATEGORY)
_scope_dict = dict()
for _scope in scope:
@@ -491,13 +491,13 @@ class IntraExtensionManager(manager.Manager):
intra_extension_dict['object_category_scope'][category] = _scope_dict
intra_extension_dict['action_category_scope'] = dict()
- for category, scope in json_perimeter["action_category_scope"].iteritems():
+ for category, scope in json_perimeter["action_scopes"].iteritems():
category_id = self.driver.get_uuid_from_name(intra_extension_dict["id"], category, self.driver.ACTION_CATEGORY)
_scope_dict = dict()
for _scope in scope:
_id = uuid4().hex
_scope_dict[_id] = {"name": _scope, "description": _scope}
- self.driver.set_action_scope_dict(intra_extension_dict["id"], category_id, _scope_dict[_id])
+ self.driver.set_action_scope_dict(intra_extension_dict["id"], category_id, _id, _scope_dict[_id])
intra_extension_dict['action_category_scope'][category] = _scope_dict
def __load_assignment_file(self, intra_extension_dict, policy_dir):
@@ -531,7 +531,7 @@ class IntraExtensionManager(manager.Manager):
object_id = self.driver.get_uuid_from_name(intra_extension_dict["id"], object_name, self.driver.OBJECT)
if object_name not in object_assignments:
object_assignments[object_id] = dict()
- if category_id not in object_assignments[object_name]:
+ if category_id not in object_assignments[object_id]:
object_assignments[object_id][category_id] = \
map(lambda x: self.driver.get_uuid_from_name(intra_extension_dict["id"], x, self.driver.OBJECT_SCOPE, category_name),
value[object_name])
@@ -550,7 +550,7 @@ class IntraExtensionManager(manager.Manager):
action_id = self.driver.get_uuid_from_name(intra_extension_dict["id"], action_name, self.driver.ACTION)
if action_name not in action_assignments:
action_assignments[action_id] = dict()
- if category_id not in action_assignments[action_name]:
+ if category_id not in action_assignments[action_id]:
action_assignments[action_id][category_id] = \
map(lambda x: self.driver.get_uuid_from_name(intra_extension_dict["id"], x, self.driver.ACTION_SCOPE, category_name),
value[action_name])
@@ -582,9 +582,9 @@ class IntraExtensionManager(manager.Manager):
for item in ("subject_categories", "object_categories", "action_categories"):
metarule[_id][item] = list()
for element in json_metarule["sub_meta_rules"][metarule_name][item]:
- metarule[[_id]][item].append(self.driver.get_uuid_from_name(intra_extension_dict["id"], element, categories[item]))
- metarule[[_id]]["algorithm"] = json_metarule["sub_meta_rules"][metarule_name]["algorithm"]
- self.driver.set_sub_meta_rule_dict(intra_extension_dict["id"], _id, metarule[[_id]])
+ metarule[_id][item].append(self.driver.get_uuid_from_name(intra_extension_dict["id"], element, categories[item]))
+ metarule[_id]["algorithm"] = json_metarule["sub_meta_rules"][metarule_name]["algorithm"]
+ self.driver.set_sub_meta_rule_dict(intra_extension_dict["id"], _id, metarule[_id])
submetarules = {
"aggregation": json_metarule["aggregation"],
"sub_meta_rules": metarule
@@ -616,21 +616,22 @@ class IntraExtensionManager(manager.Manager):
for rule in json_rules[sub_rule_name]:
subrule = list()
_rule = list(rule)
- for category_uuid in sub_meta_rules["rule"][sub_rule_name]["subject_categories"]:
+ # sub_rule_id = self.driver.get_uuid_from_name(intra_extension_dict["id"], sub_rule_name, self.driver.SUB_META_RULE)
+ for category_uuid in sub_meta_rules[sub_rule_id]["subject_categories"]:
scope_name = _rule.pop(0)
scope_uuid = self.driver.get_uuid_from_name(intra_extension_dict["id"],
scope_name,
self.driver.SUBJECT_SCOPE,
category_uuid=category_uuid)
subrule.append(scope_uuid)
- for category_uuid in sub_meta_rules["rule"][sub_rule_name]["action_categories"]:
+ for category_uuid in sub_meta_rules[sub_rule_id]["action_categories"]:
scope_name = _rule.pop(0)
scope_uuid = self.driver.get_uuid_from_name(intra_extension_dict["id"],
scope_name,
self.driver.ACTION_SCOPE,
category_uuid=category_uuid)
subrule.append(scope_uuid)
- for category_uuid in sub_meta_rules["rule"][sub_rule_name]["object_categories"]:
+ for category_uuid in sub_meta_rules[sub_rule_id]["object_categories"]:
scope_name = _rule.pop(0)
scope_uuid = self.driver.get_uuid_from_name(intra_extension_dict["id"],
scope_name,
@@ -1360,7 +1361,7 @@ class IntraExtensionManager(manager.Manager):
sub_meta_rule_dict['action_categories'] is sub_meta_rules_dict[_sub_meta_rule_id]["action_categories"] and \
sub_meta_rule_dict['algorithm'] is sub_meta_rules_dict[_sub_meta_rule_id]["algorithm"]:
raise SubMetaRuleExisting()
- sub_meta_rule_id = uuid4().hex()
+ sub_meta_rule_id = uuid4().hex
# TODO (dthom): add new sub-meta-rule to rule
# self.driver.add_rule(intra_extension_id, sub_meta_rule_id, [])
return self.driver.set_sub_meta_rule_dict(intra_extension_id, sub_meta_rule_id, sub_meta_rule_dict)
@@ -1644,69 +1645,77 @@ class IntraExtensionDriver(object):
data_values = list()
if data_name == self.SUBJECT:
- data_values = self.get_subjects_dict(intra_extension_uuid)["subjects"]
+ data_values = self.get_subjects_dict(intra_extension_uuid)
if (name and name not in extract_name(data_values)) or \
- (uuid and uuid not in data_values.keys()):
+ (uuid and uuid not in data_values.keys()):
raise SubjectUnknown()
elif data_name == self.OBJECT:
- data_values = self.get_objects_dict(intra_extension_uuid)["objects"]
+ data_values = self.get_objects_dict(intra_extension_uuid)
if (name and name not in extract_name(data_values)) or \
- (uuid and uuid not in data_values.keys()):
+ (uuid and uuid not in data_values.keys()):
raise ObjectUnknown()
elif data_name == self.ACTION:
- data_values = self.get_actions_dict(intra_extension_uuid)["actions"]
+ data_values = self.get_actions_dict(intra_extension_uuid)
if (name and name not in extract_name(data_values)) or \
- (uuid and uuid not in data_values.keys()):
+ (uuid and uuid not in data_values.keys()):
raise ActionUnknown()
elif data_name == self.SUBJECT_CATEGORY:
- data_values = self.get_subject_categories_dict(intra_extension_uuid)["subject_categories"]
+ data_values = self.get_subject_categories_dict(intra_extension_uuid)
if (name and name not in extract_name(data_values)) or \
- (uuid and uuid not in data_values.keys()):
+ (uuid and uuid not in data_values.keys()):
raise SubjectCategoryUnknown()
elif data_name == self.OBJECT_CATEGORY:
- data_values = self.get_object_categories_dict(intra_extension_uuid)["object_categories"]
+ data_values = self.get_object_categories_dict(intra_extension_uuid)
if (name and name not in extract_name(data_values)) or \
- (uuid and uuid not in data_values.keys()):
+ (uuid and uuid not in data_values.keys()):
raise ObjectCategoryUnknown()
elif data_name == self.ACTION_CATEGORY:
- data_values = self.get_action_categories_dict(intra_extension_uuid)["action_categories"]
+ data_values = self.get_action_categories_dict(intra_extension_uuid)
if (name and name not in extract_name(data_values)) or \
- (uuid and uuid not in data_values.keys()):
+ (uuid and uuid not in data_values.keys()):
raise ActionCategoryUnknown()
elif data_name == self.SUBJECT_SCOPE:
if not category_uuid:
category_uuid = self.get_uuid_from_name(intra_extension_uuid, category_name, self.SUBJECT_CATEGORY)
data_values = self.get_subject_scopes_dict(intra_extension_uuid,
- category_uuid)["subject_category_scope"]
+ category_uuid)
if (name and name not in extract_name(data_values)) or \
- (uuid and uuid not in data_values.keys()):
+ (uuid and uuid not in data_values.keys()):
raise SubjectScopeUnknown()
elif data_name == self.OBJECT_SCOPE:
if not category_uuid:
category_uuid = self.get_uuid_from_name(intra_extension_uuid, category_name, self.OBJECT_CATEGORY)
data_values = self.get_object_scopes_dict(intra_extension_uuid,
- category_uuid)["object_category_scope"]
+ category_uuid)
if (name and name not in extract_name(data_values)) or \
- (uuid and uuid not in data_values.keys()):
+ (uuid and uuid not in data_values.keys()):
raise ObjectScopeUnknown()
elif data_name == self.ACTION_SCOPE:
if not category_uuid:
category_uuid = self.get_uuid_from_name(intra_extension_uuid, category_name, self.ACTION_CATEGORY)
data_values = self.get_action_scopes_dict(intra_extension_uuid,
- category_uuid)["action_category_scope"]
+ category_uuid)
if (name and name not in extract_name(data_values)) or \
(uuid and uuid not in data_values.keys()):
raise ActionScopeUnknown()
elif data_name == self.SUB_META_RULE:
- data_values = self.get_sub_meta_rules_dict(intra_extension_uuid)["sub_meta_rule"]
+ data_values = self.get_sub_meta_rules_dict(intra_extension_uuid)
+ print("name = {}".format(name))
+ print("data_values = {}".format(data_values))
if (name and name not in extract_name(data_values)) or \
- (uuid and uuid not in data_values.keys()):
+ (uuid and uuid not in data_values.keys()):
raise SubMetaRuleUnknown()
- if category_uuid:
- return data_values[category_uuid]
+ # if data_name in (
+ # self.SUBJECT_SCOPE,
+ # self.OBJECT_SCOPE,
+ # self.ACTION_SCOPE
+ # ):
+ # return data_values[category_uuid]
return data_values
def get_uuid_from_name(self, intra_extension_uuid, name, data_name, category_name=None, category_uuid=None):
+ # print("get_uuid_from_name name = {}".format(name))
+ # print("get_uuid_from_name data_name = {}".format(data_name))
data_values = self.__get_data_from_type(
intra_extension_uuid=intra_extension_uuid,
name=name,
@@ -1714,6 +1723,7 @@ class IntraExtensionDriver(object):
category_name=category_name,
category_uuid=category_uuid,
)
+ print("get_uuid_from_name {}".format(data_values))
return filter(lambda v: v[1]["name"] == name, data_values.iteritems())[0][0]
def get_name_from_uuid(self, intra_extension_uuid, uuid, data_name, category_name=None, category_uuid=None):
diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py
index 2039c348..5a1f71e6 100644
--- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py
+++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py
@@ -16,6 +16,7 @@ from keystone import resource
from keystone.contrib.moon.exception import *
from keystone.tests.unit import default_fixtures
from keystone.contrib.moon.core import LogManager, TenantManager
+from keystone.contrib.moon.core import DEFAULT_USER_ID
CONF = cfg.CONF
@@ -65,7 +66,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
#self.admin = self.identity_api.create_user(USER)
IE["policymodel"] = policy_model
IE["name"] = uuid.uuid4().hex
- self.ref = self.manager.load_intra_extension_dict(IE)
+ self.ref = self.manager.load_intra_extension_dict(DEFAULT_USER_ID, IE)
self.assertIsInstance(self.ref, dict)
self.create_tenant(self.ref["id"])
@@ -1310,7 +1311,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
IE["policymodel"] = policy_model
IE["name"] = uuid.uuid4().hex
- ref = self.admin_manager.load_intra_extension_dict(IE)
+ ref = self.admin_manager.load_intra_extension_dict(DEFAULT_USER_ID, IE)
self.assertIsInstance(ref, dict)
return ref
@@ -1320,7 +1321,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
ref = self.create_intra_extension()
self.assertRaises(
- SubjectReadNotAuthorized,
+ AuthzException,
self.manager.get_subjects_dict,
demo_user["id"], ref["id"])
@@ -1337,7 +1338,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
new_subjects[new_subject["id"]] = new_subject["name"]
self.assertRaises(
- SubjectAddNotAuthorized,
+ AuthzException,
self.manager.set_subject_dict,
demo_user["id"], ref["id"], new_subjects)
@@ -1352,7 +1353,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
# Delete the new subject
self.assertRaises(
- SubjectDelNotAuthorized,
+ AuthzException,
self.manager.del_subject_dict,
demo_user["id"], ref["id"], new_subject["id"])
@@ -1367,7 +1368,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
# Add a particular subject
self.assertRaises(
- SubjectAddNotAuthorized,
+ AuthzException,
self.manager.add_subject_dict,
demo_user["id"], ref["id"], new_subject["id"])
@@ -1390,7 +1391,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
ref = self.create_intra_extension()
self.assertRaises(
- ObjectReadNotAuthorized,
+ AuthzException,
self.manager.get_objects_dict,
demo_user["id"], ref["id"])
@@ -1407,7 +1408,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
new_objects[new_object["id"]] = new_object["name"]
self.assertRaises(
- ObjectAddNotAuthorized,
+ AuthzException,
self.manager.set_object_dict,
demo_user["id"], ref["id"], new_objects)
@@ -1422,7 +1423,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
# Delete the new object
self.assertRaises(
- ObjectDelNotAuthorized,
+ AuthzException,
self.manager.del_object_dict,
demo_user["id"], ref["id"], new_object["id"])
@@ -1437,7 +1438,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
# Add a particular object
self.assertRaises(
- ObjectAddNotAuthorized,
+ AuthzException,
self.manager.add_object_dict,
demo_user["id"], ref["id"], new_object["name"])
@@ -1461,7 +1462,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
ref = self.create_intra_extension()
self.assertRaises(
- ActionReadNotAuthorized,
+ AuthzException,
self.manager.get_actions_dict,
demo_user["id"], ref["id"])
@@ -1478,7 +1479,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
new_actions[new_action["id"]] = new_action["name"]
self.assertRaises(
- ActionAddNotAuthorized,
+ AuthzException,
self.manager.set_action_dict,
demo_user["id"], ref["id"], new_actions)
@@ -1493,7 +1494,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
# Delete the new action
self.assertRaises(
- ActionDelNotAuthorized,
+ AuthzException,
self.manager.del_action_dict,
demo_user["id"], ref["id"], new_action["id"])
@@ -1508,7 +1509,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
# Add a particular action
self.assertRaises(
- ActionAddNotAuthorized,
+ AuthzException,
self.manager.add_action_dict,
demo_user["id"], ref["id"], new_action["name"])
@@ -1532,7 +1533,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
ref = self.create_intra_extension()
self.assertRaises(
- SubjectCategoryReadNotAuthorized,
+ AuthzException,
self.manager.get_subject_categories_dict,
demo_user["id"], ref["id"])
@@ -1549,7 +1550,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
new_subject_categories[new_subject_category["id"]] = new_subject_category["name"]
self.assertRaises(
- SubjectCategoryAddNotAuthorized,
+ AuthzException,
self.manager.set_subject_category_dict,
demo_user["id"], ref["id"], new_subject_categories)
@@ -1564,7 +1565,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
# Delete the new subject_category
self.assertRaises(
- SubjectCategoryDelNotAuthorized,
+ AuthzException,
self.manager.del_subject_category_dict,
demo_user["id"], ref["id"], new_subject_category["id"])
@@ -1579,7 +1580,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
# Add a particular subject_category
self.assertRaises(
- SubjectCategoryAddNotAuthorized,
+ AuthzException,
self.manager.add_subject_category,
demo_user["id"], ref["id"], new_subject_category["name"])
@@ -1608,7 +1609,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
ref = self.create_intra_extension()
self.assertRaises(
- ObjectCategoryReadNotAuthorized,
+ AuthzException,
self.manager.get_object_category_dict,
demo_user["id"], ref["id"])
@@ -1625,7 +1626,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
new_object_categories[new_object_category["id"]] = new_object_category["name"]
self.assertRaises(
- ObjectCategoryAddNotAuthorized,
+ AuthzException,
self.manager.set_object_category_dict,
demo_user["id"], ref["id"], new_object_categories)
@@ -1640,7 +1641,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
# Delete the new object_category
self.assertRaises(
- ObjectCategoryDelNotAuthorized,
+ AuthzException,
self.manager.del_object_category,
demo_user["id"], ref["id"], new_object_category["id"])
@@ -1655,7 +1656,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
# Add a particular object_category
self.assertRaises(
- ObjectCategoryAddNotAuthorized,
+ AuthzException,
self.manager.add_object_category,
demo_user["id"], ref["id"], new_object_category["name"])
@@ -1690,7 +1691,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
# ref = self.create_intra_extension()
self.assertRaises(
- ActionCategoryReadNotAuthorized,
+ AuthzException,
self.manager.get_action_category_dict,
demo_user["id"], ref["id"])
@@ -1706,7 +1707,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
new_action_categories = dict()
new_action_categories[new_action_category["id"]] = new_action_category["name"]
self.assertRaises(
- ActionCategoryAddNotAuthorized,
+ AuthzException,
self.manager.set_action_category_dict,
demo_user["id"], ref["id"], new_action_categories)
@@ -1721,7 +1722,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
# Delete the new action_category
self.assertRaises(
- ActionCategoryDelNotAuthorized,
+ AuthzException,
self.manager.del_action_category_dict,
demo_user["id"], ref["id"], new_action_category["id"])
@@ -1736,7 +1737,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
# Add a particular action_category
self.assertRaises(
- ActionCategoryAddNotAuthorized,
+ AuthzException,
self.manager.add_action_category,
demo_user["id"], ref["id"], new_action_category["name"])
@@ -1775,7 +1776,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
for subject_category in subject_categories["subject_categories"]:
self.assertRaises(
- SubjectCategoryScopeReadNotAuthorized,
+ AuthzException,
self.manager.get_subject_scopes_dict,
demo_user["id"], ref["id"], subject_category)
@@ -1795,7 +1796,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
new_subject_category_scope[new_subject_category_scope_uuid] = "new_subject_category_scope"
self.assertRaises(
- SubjectCategoryScopeAddNotAuthorized,
+ AuthzException,
self.manager.set_subject_scope_dict,
demo_user["id"], ref["id"], subject_category, new_subject_category_scope)
@@ -1814,7 +1815,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
# Delete the new subject_category_scope
self.assertRaises(
- SubjectCategoryScopeDelNotAuthorized,
+ AuthzException,
self.manager.del_subject_category_scope_dict,
demo_user["id"], ref["id"], subject_category, new_subject_category_scope_uuid)
@@ -1836,7 +1837,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
# Add a particular subject_category_scope
self.assertRaises(
- SubjectCategoryScopeAddNotAuthorized,
+ AuthzException,
self.manager.add_subject_scope_dict,
demo_user["id"], ref["id"], subject_category,
new_subject_category_scope[new_subject_category_scope_uuid])
@@ -1878,7 +1879,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
for object_category in object_categories["object_categories"]:
self.assertRaises(
- ObjectCategoryScopeReadNotAuthorized,
+ AuthzException,
self.manager.get_object_scopes_dict,
demo_user["id"], ref["id"], object_category)
@@ -1898,7 +1899,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
new_object_category_scope[new_object_category_scope_uuid] = "new_object_category_scope"
self.assertRaises(
- ObjectCategoryScopeAddNotAuthorized,
+ AuthzException,
self.manager.set_object_scope_dict,
demo_user["id"], ref["id"], object_category, new_object_category_scope)
@@ -1917,7 +1918,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
# Delete the new object_category_scope
self.assertRaises(
- ObjectCategoryScopeDelNotAuthorized,
+ AuthzException,
self.manager.del_object_category_scope_dict,
demo_user["id"], ref["id"], object_category, new_object_category_scope)
@@ -1939,7 +1940,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
# Add a particular object_category_scope
self.assertRaises(
- ObjectCategoryScopeAddNotAuthorized,
+ AuthzException,
self.manager.add_object_scope_dict,
demo_user["id"], ref["id"], object_category,
new_object_category_scope[new_object_category_scope_uuid]
@@ -1982,7 +1983,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
for action_category in action_categories["action_categories"]:
self.assertRaises(
- ActionCategoryScopeReadNotAuthorized,
+ AuthzException,
self.manager.get_object_scopes_dict,
demo_user["id"], ref["id"], action_category)
@@ -2002,7 +2003,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
new_action_category_scope[new_action_category_scope_uuid] = "new_action_category_scope"
self.assertRaises(
- ActionCategoryScopeAddNotAuthorized,
+ AuthzException,
self.manager.set_action_scope_dict,
demo_user["id"], ref["id"], action_category, new_action_category_scope)
@@ -2021,7 +2022,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
# Delete the new action_category_scope
self.assertRaises(
- ActionCategoryScopeDelNotAuthorized,
+ AuthzException,
self.manager.del_action_category_scope_dict,
demo_user["id"], ref["id"], action_category,
new_action_category_scope_uuid
@@ -2045,7 +2046,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
# Add a particular action_category_scope
self.assertRaises(
- ActionCategoryScopeAddNotAuthorized,
+ AuthzException,
self.manager.add_action_scope_dict,
demo_user["id"], ref["id"], action_category,
new_action_category_scope[new_action_category_scope_uuid]
@@ -2137,7 +2138,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
subject_category_scope["subject_category_scope"][subject_category].values())
self.assertRaises(
- SubjectCategoryAssignmentReadNotAuthorized,
+ AuthzException,
self.manager.get_subject_assignment_dict,
demo_user["id"], ref["id"], new_subject["id"])
@@ -2154,7 +2155,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
self.assertEqual({}, subject_category_assignments["subject_category_assignments"][new_subject["id"]])
self.assertRaises(
- SubjectCategoryAssignmentAddNotAuthorized,
+ AuthzException,
self.manager.set_subject_assignment_dict,
demo_user["id"], ref["id"], new_subject["id"],
{
@@ -2193,7 +2194,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
subject_category_assignments["subject_category_assignments"][new_subject["id"]])
self.assertRaises(
- SubjectCategoryAssignmentDelNotAuthorized,
+ AuthzException,
self.manager.del_subject_category_assignment_dict,
demo_user["id"], ref["id"], new_subject["id"],
new_subject_category_uuid,
@@ -2222,7 +2223,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
subject_category_assignments["subject_category_assignments"][new_subject["id"]])
self.assertRaises(
- SubjectCategoryAssignmentAddNotAuthorized,
+ AuthzException,
self.manager.add_subject_assignment_list,
demo_user["id"], ref["id"], new_subject["id"],
new_subject_category_uuid,
@@ -2316,7 +2317,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
object_category_scope["object_category_scope"][object_category].values())
self.assertRaises(
- ObjectCategoryAssignmentReadNotAuthorized,
+ AuthzException,
self.manager.get_object_assignment_list,
demo_user["id"], ref["id"], new_object["id"]
)
@@ -2334,7 +2335,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
self.assertEqual({}, object_category_assignments["object_category_assignments"][new_object["id"]])
self.assertRaises(
- ObjectCategoryAssignmentAddNotAuthorized,
+ AuthzException,
self.manager.set_object_category_assignment_dict,
demo_user["id"], ref["id"], new_object["id"],
{
@@ -2373,7 +2374,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
object_category_assignments["object_category_assignments"][new_object["id"]])
self.assertRaises(
- ObjectCategoryAssignmentDelNotAuthorized,
+ AuthzException,
self.manager.del_object_category_assignment_dict,
demo_user["id"], ref["id"], new_object["id"],
new_object_category_uuid,
@@ -2402,7 +2403,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
object_category_assignments["object_category_assignments"][new_object["id"]])
self.assertRaises(
- ObjectCategoryAssignmentAddNotAuthorized,
+ AuthzException,
self.manager.add_object_assignment_list,
demo_user["id"], ref["id"], new_object["id"],
new_object_category_uuid,
@@ -2496,7 +2497,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
action_category_scope["action_category_scope"][action_category].values())
self.assertRaises(
- ActionCategoryAssignmentReadNotAuthorized,
+ AuthzException,
self.manager.get_action_assignment_list,
demo_user["id"], ref["id"], new_action["id"]
)
@@ -2514,7 +2515,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
self.assertEqual({}, action_category_assignments["action_category_assignments"][new_action["id"]])
self.assertRaises(
- ActionCategoryAssignmentAddNotAuthorized,
+ AuthzException,
self.manager.set_action_assignment_dict,
demo_user["id"], ref["id"], new_action["id"],
{
@@ -2553,7 +2554,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
action_category_assignments["action_category_assignments"][new_action["id"]])
self.assertRaises(
- ActionCategoryAssignmentDelNotAuthorized,
+ AuthzException,
self.manager.del_action_category_assignment_dict,
demo_user["id"], ref["id"], new_action["id"],
new_action_category_uuid,
@@ -2582,7 +2583,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
action_category_assignments["action_category_assignments"][new_action["id"]])
self.assertRaises(
- ActionCategoryAssignmentAddNotAuthorized,
+ AuthzException,
self.manager.add_action_assignment_list,
demo_user["id"], ref["id"], new_action["id"],
new_action_category_uuid,
@@ -2623,7 +2624,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
self.assertIn("test_aggregation", aggregation_algorithms["aggregation_algorithms"])
self.assertRaises(
- MetaRuleReadNotAuthorized,
+ AuthzException,
self.manager.get_aggregation_algorithm_dict,
demo_user["id"], ref["id"]
)
@@ -2637,7 +2638,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
_aggregation_algorithm.remove(aggregation_algorithm["aggregation"])
self.assertRaises(
- MetaRuleAddNotAuthorized,
+ AuthzException,
self.manager.set_aggregation_algorithms,
demo_user["id"], ref["id"], _aggregation_algorithm[0]
)
@@ -2648,7 +2649,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
self.assertIn(aggregation_algorithm["aggregation"], aggregation_algorithms["aggregation_algorithms"])
self.assertRaises(
- MetaRuleReadNotAuthorized,
+ AuthzException,
self.manager.get_sub_meta_rules_dict,
demo_user["id"], ref["id"]
)
@@ -2700,7 +2701,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
metarule[relation]["subject_categories"].append(new_subject_category["id"])
self.assertRaises(
- MetaRuleAddNotAuthorized,
+ AuthzException,
self.manager.get_sub_meta_rule_dict,
demo_user["id"], ref["id"], metarule
)
@@ -2723,7 +2724,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
self.assertIn("sub_meta_rules", sub_meta_rules)
self.assertRaises(
- RuleReadNotAuthorized,
+ AuthzException,
self.manager.get_sub_rules,
demo_user["id"], ref["id"]
)
@@ -2770,7 +2771,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
sub_rule.append(True)
self.assertRaises(
- RuleAddNotAuthorized,
+ AuthzException,
self.manager.set_sub_rules,
demo_user["id"], ref["id"], relation, sub_rule
)
diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py
index 80c0598e..8887049f 100644
--- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py
+++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py
@@ -89,32 +89,32 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
IE["policymodel"] = policy_model
IE["name"] = uuid.uuid4().hex
- ref = self.admin_manager.load_intra_extension_dict(IE)
+ ref = self.admin_manager.load_intra_extension_dict(DEFAULT_USER_ID, IE)
self.assertIsInstance(ref, dict)
return ref
def test_tenant_exceptions(self):
self.assertRaises(
- TenantListEmpty,
+ TenantUnknown,
self.manager.get_tenant_dict
)
self.assertRaises(
- TenantIDNotFound,
+ TenantUnknown,
self.manager.get_tenant_name,
uuid.uuid4().hex
)
self.assertRaises(
- TenantIDNotFound,
+ TenantUnknown,
self.manager.set_tenant_name,
uuid.uuid4().hex, uuid.uuid4().hex
)
self.assertRaises(
- TenantIDNotFound,
+ TenantUnknown,
self.manager.get_extension_uuid,
uuid.uuid4().hex, "authz"
)
self.assertRaises(
- TenantIDNotFound,
+ TenantUnknown,
self.manager.get_extension_uuid,
uuid.uuid4().hex, "admin"
)
@@ -155,7 +155,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
# Test when subject is unknown
self.assertRaises(
- SubjectUnknown,
+ AuthzException,
self.manager.authz,
ie_authz["id"], uuid.uuid4().hex, uuid.uuid4().hex, uuid.uuid4().hex
)
@@ -169,7 +169,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
)
self.assertRaises(
- ObjectUnknown,
+ AuthzException,
self.manager.authz,
ie_authz["id"], demo_user["id"], uuid.uuid4().hex, uuid.uuid4().hex
)
@@ -183,7 +183,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
my_object = {"id": _tmp[0], "name": _tmp[1]}
self.assertRaises(
- ActionUnknown,
+ AuthzException,
self.manager.authz,
ie_authz["id"], demo_user["id"], my_object["id"], uuid.uuid4().hex
)
@@ -197,7 +197,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
my_action = {"id": _tmp[0], "name": _tmp[1]}
self.assertRaises(
- SubjectCategoryAssignmentOutOfScope,
+ AuthzException,
self.manager.authz,
ie_authz["id"], demo_user["id"], my_object["id"], my_action["id"]
)
@@ -219,7 +219,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
my_subject_scope = {"id": _tmp[0], "name": _tmp[1]}
self.assertRaises(
- ObjectCategoryAssignmentOutOfScope,
+ AuthzException,
self.manager.authz,
ie_authz["id"], demo_user["id"], my_object["id"], my_action["id"]
)
@@ -241,7 +241,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
my_object_scope = {"id": _tmp[0], "name": _tmp[1]}
self.assertRaises(
- ActionCategoryAssignmentOutOfScope,
+ AuthzException,
self.manager.authz,
ie_authz["id"], demo_user["id"], my_object["id"], my_action["id"]
)
@@ -263,7 +263,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
my_action_scope = {"id": _tmp[0], "name": _tmp[1]}
self.assertRaises(
- SubjectCategoryAssignmentUnknown,
+ AuthzException,
self.manager.authz,
ie_authz["id"], demo_user["id"], my_object["id"], my_action["id"]
)
@@ -278,7 +278,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
)
self.assertRaises(
- ObjectCategoryAssignmentUnknown,
+ AuthzException,
self.manager.authz,
ie_authz["id"], demo_user["id"], my_object["id"], my_action["id"]
)
@@ -293,7 +293,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
)
self.assertRaises(
- ActionCategoryAssignmentUnknown,
+ AuthzException,
self.manager.authz,
ie_authz["id"], demo_user["id"], my_object["id"], my_action["id"]
)
@@ -308,7 +308,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
)
self.assertRaises(
- RuleUnknown,
+ AuthzException,
self.manager.authz,
ie_authz["id"], demo_user["id"], my_object["id"], my_action["id"]
)
@@ -357,19 +357,19 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
new_subjects = dict()
new_subjects[new_subject["id"]] = new_subject["name"]
self.assertRaises(
- SubjectAddNotAuthorized,
+ AuthzException,
self.manager.set_subject_dict,
admin_user["id"], ref["id"], new_subjects)
# Delete the new subject
self.assertRaises(
- SubjectDelNotAuthorized,
+ AuthzException,
self.manager.del_subject,
admin_user["id"], ref["id"], new_subject["id"])
# Add a particular subject
self.assertRaises(
- SubjectAddNotAuthorized,
+ AuthzException,
self.manager.add_subject_dict,
admin_user["id"], ref["id"], new_subject["id"])
@@ -393,19 +393,19 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
new_objects = dict()
new_objects[new_object["id"]] = new_object["name"]
self.assertRaises(
- ObjectAddNotAuthorized,
+ AuthzException,
self.manager.set_object_dict,
admin_user["id"], ref["id"], new_object["id"])
# Delete the new object
self.assertRaises(
- ObjectDelNotAuthorized,
+ AuthzException,
self.manager.del_object,
admin_user["id"], ref["id"], new_object["id"])
# Add a particular object
self.assertRaises(
- ObjectAddNotAuthorized,
+ AuthzException,
self.manager.add_object_dict,
admin_user["id"], ref["id"], new_object["name"])
@@ -429,19 +429,19 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
new_actions = dict()
new_actions[new_action["id"]] = new_action["name"]
self.assertRaises(
- ActionAddNotAuthorized,
+ AuthzException,
self.manager.set_action_dict,
admin_user["id"], ref["id"], new_actions)
# Delete the new action
self.assertRaises(
- ActionDelNotAuthorized,
+ AuthzException,
self.manager.del_action,
admin_user["id"], ref["id"], new_action["id"])
# Add a particular action
self.assertRaises(
- ActionAddNotAuthorized,
+ AuthzException,
self.manager.add_action_dict,
admin_user["id"], ref["id"], new_action["id"])
@@ -465,19 +465,19 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
new_subject_categories = dict()
new_subject_categories[new_subject_category["id"]] = new_subject_category["name"]
self.assertRaises(
- SubjectCategoryAddNotAuthorized,
+ AuthzException,
self.manager.set_subject_category_dict,
admin_user["id"], ref["id"], new_subject_categories)
# Delete the new subject_category
self.assertRaises(
- SubjectCategoryDelNotAuthorized,
+ AuthzException,
self.manager.del_subject_category,
admin_user["id"], ref["id"], new_subject_category["id"])
# Add a particular subject_category
self.assertRaises(
- SubjectCategoryAddNotAuthorized,
+ AuthzException,
self.manager.add_subject_category,
admin_user["id"], ref["id"], new_subject_category["name"])
@@ -501,19 +501,19 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
new_object_categories = dict()
new_object_categories[new_object_category["id"]] = new_object_category["name"]
self.assertRaises(
- ObjectCategoryAddNotAuthorized,
+ AuthzException,
self.manager.set_object_category_dict,
admin_user["id"], ref["id"], new_object_categories)
# Delete the new object_category
self.assertRaises(
- ObjectCategoryDelNotAuthorized,
+ AuthzException,
self.manager.del_object_category,
admin_user["id"], ref["id"], new_object_category["id"])
# Add a particular object_category
self.assertRaises(
- ObjectCategoryAddNotAuthorized,
+ AuthzException,
self.manager.add_object_category,
admin_user["id"], ref["id"], new_object_category["name"])
@@ -537,19 +537,19 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
new_action_categories = dict()
new_action_categories[new_action_category["id"]] = new_action_category["name"]
self.assertRaises(
- ActionCategoryAddNotAuthorized,
+ AuthzException,
self.manager.set_action_category_dict,
admin_user["id"], ref["id"], new_action_categories)
# Delete the new action_category
self.assertRaises(
- ActionCategoryDelNotAuthorized,
+ AuthzException,
self.manager.del_action_category,
admin_user["id"], ref["id"], new_action_category["id"])
# Add a particular action_category
self.assertRaises(
- ActionCategoryAddNotAuthorized,
+ AuthzException,
self.manager.add_action_category,
admin_user["id"], ref["id"], new_action_category["name"])
@@ -586,19 +586,19 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
new_subject_category_scope_uuid = uuid.uuid4().hex
new_subject_category_scope[new_subject_category_scope_uuid] = "new_subject_category_scope"
self.assertRaises(
- SubjectCategoryScopeAddNotAuthorized,
+ AuthzException,
self.manager.set_subject_scope_dict,
admin_user["id"], ref["id"], subject_category, new_subject_category_scope)
# Delete the new subject_category_scope
self.assertRaises(
- SubjectCategoryScopeDelNotAuthorized,
+ AuthzException,
self.manager.del_subject_scope,
admin_user["id"], ref["id"], subject_category, new_subject_category_scope_uuid)
# Add a particular subject_category_scope
self.assertRaises(
- SubjectCategoryScopeAddNotAuthorized,
+ AuthzException,
self.manager.add_subject_scope_dict,
admin_user["id"], ref["id"], subject_category, new_subject_category_scope[new_subject_category_scope_uuid])
@@ -635,19 +635,19 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
new_object_category_scope_uuid = uuid.uuid4().hex
new_object_category_scope[new_object_category_scope_uuid] = "new_object_category_scope"
self.assertRaises(
- ObjectCategoryScopeAddNotAuthorized,
+ AuthzException,
self.manager.set_object_scope_dict,
admin_user["id"], ref["id"], object_category, new_object_category_scope)
# Delete the new object_category_scope
self.assertRaises(
- ObjectCategoryScopeDelNotAuthorized,
+ AuthzException,
self.manager.del_object_scope,
admin_user["id"], ref["id"], object_category, new_object_category_scope_uuid)
# Add a particular object_category_scope
self.assertRaises(
- ObjectCategoryScopeAddNotAuthorized,
+ AuthzException,
self.manager.add_object_scope_dict,
admin_user["id"], ref["id"], object_category, new_object_category_scope[new_object_category_scope_uuid])
@@ -684,19 +684,19 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
new_action_category_scope_uuid = uuid.uuid4().hex
new_action_category_scope[new_action_category_scope_uuid] = "new_action_category_scope"
self.assertRaises(
- ActionCategoryScopeAddNotAuthorized,
+ AuthzException,
self.manager.set_action_scope_dict,
admin_user["id"], ref["id"], action_category, new_action_category_scope)
# Delete the new action_category_scope
self.assertRaises(
- ActionCategoryScopeDelNotAuthorized,
+ AuthzException,
self.manager.del_action_scope,
admin_user["id"], ref["id"], action_category, new_action_category_scope_uuid)
# Add a particular action_category_scope
self.assertRaises(
- ActionCategoryScopeAddNotAuthorized,
+ AuthzException,
self.manager.add_action_scope_dict,
admin_user["id"], ref["id"], action_category, new_action_category_scope[new_action_category_scope_uuid])
@@ -780,7 +780,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
self.assertEqual({}, subject_category_assignments["subject_category_assignments"][new_subject["id"]])
self.assertRaises(
- SubjectCategoryAssignmentAddNotAuthorized,
+ AuthzException,
self.manager.set_subject_assignment_dict,
admin_user["id"], ref["id"], new_subject["id"],
{
@@ -788,14 +788,14 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
})
self.assertRaises(
- SubjectCategoryAssignmentDelNotAuthorized,
+ AuthzException,
self.manager.del_subject_assignment,
admin_user["id"], ref["id"], new_subject["id"],
new_subject_category_uuid,
new_subject_category_scope_uuid)
self.assertRaises(
- SubjectCategoryAssignmentAddNotAuthorized,
+ AuthzException,
self.manager.add_subject_assignment_list,
admin_user["id"], ref["id"], new_subject["id"],
new_subject_category_uuid,
@@ -881,7 +881,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
self.assertEqual({}, object_category_assignments["object_category_assignments"][new_object["id"]])
self.assertRaises(
- ObjectCategoryAssignmentAddNotAuthorized,
+ AuthzException,
self.manager.set_object_category_assignment_dict,
admin_user["id"], ref["id"], new_object["id"],
{
@@ -889,14 +889,14 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
})
self.assertRaises(
- ObjectCategoryAssignmentDelNotAuthorized,
+ AuthzException,
self.manager.del_object_assignment,
admin_user["id"], ref["id"], new_object["id"],
new_object_category_uuid,
new_object_category_scope_uuid)
self.assertRaises(
- ObjectCategoryAssignmentAddNotAuthorized,
+ AuthzException,
self.manager.add_object_assignment_list,
admin_user["id"], ref["id"], new_object["id"],
new_object_category_uuid,
@@ -982,7 +982,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
self.assertEqual({}, action_category_assignments["action_category_assignments"][new_action["id"]])
self.assertRaises(
- ActionCategoryAssignmentAddNotAuthorized,
+ AuthzException,
self.manager.set_action_assignment_dict,
admin_user["id"], ref["id"], new_action["id"],
{
@@ -990,7 +990,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
})
self.assertRaises(
- ActionCategoryAssignmentDelNotAuthorized,
+ AuthzException,
self.manager.del_action_assignment,
admin_user["id"], ref["id"], new_action["id"],
new_action_category_uuid,
@@ -1025,7 +1025,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
_aggregation_algorithm = list(aggregation_algorithms["aggregation_algorithms"])
_aggregation_algorithm.remove(aggregation_algorithm["aggregation"])
self.assertRaises(
- MetaRuleAddNotAuthorized,
+ AuthzException,
self.manager.set_aggregation_algorithm_dict,
admin_user["id"], ref["id"], _aggregation_algorithm[0])
@@ -1075,7 +1075,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
self.assertIn(new_subject_category["id"], subject_categories["subject_categories"])
metarule[relation]["subject_categories"].append(new_subject_category["id"])
self.assertRaises(
- MetaRuleAddNotAuthorized,
+ AuthzException,
self.manager.get_sub_meta_rule_dict,
admin_user["id"], ref["id"], metarule)
@@ -1131,7 +1131,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
sub_rule.append(scope[func_name][cat_value].keys()[0])
self.assertRaises(
- RuleAddNotAuthorized,
+ AuthzException,
self.manager.set_sub_rule,
admin_user["id"], ref["id"], relation, sub_rule)
diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_log.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_log.py
index f38d68ab..b2fb131f 100644
--- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_log.py
+++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_log.py
@@ -17,6 +17,7 @@ from keystone import resource
from keystone.contrib.moon.exception import *
from keystone.tests.unit import default_fixtures
from keystone.contrib.moon.core import LogManager, TenantManager
+from keystone.contrib.moon.core import DEFAULT_USER_ID
CONF = cfg.CONF
@@ -67,7 +68,7 @@ class TestIntraExtensionAdminManager(tests.TestCase):
# Create the admin user because IntraExtension needs it
self.admin = self.identity_api.create_user(USER_ADMIN)
IE["policymodel"] = policy_model
- self.ref = self.manager.load_intra_extension_dict(IE)
+ self.ref = self.manager.load_intra_extension_dict(DEFAULT_USER_ID, IE)
self.assertIsInstance(self.ref, dict)
self.create_tenant(self.ref["id"])
diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py
index 2ac70f6e..dda1cac8 100644
--- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py
+++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py
@@ -135,9 +135,9 @@ class TestTenantManager(tests.TestCase):
self.assertEqual(data, new_mapping[_uuid]["admin"])
def test_exception_tenantunknown(self):
- self.assertRaises(TenantIDNotFound, self.manager.get_tenant_name_from_id, uuid.uuid4().hex)
- self.assertRaises(TenantIDNotFound, self.manager.set_tenant_name, uuid.uuid4().hex, "new name")
- self.assertRaises(TenantIDNotFound, self.manager.get_extension_id, uuid.uuid4().hex)
+ self.assertRaises(TenantNotFound, self.manager.get_tenant_name_from_id, uuid.uuid4().hex)
+ self.assertRaises(TenantNotFound, self.manager.set_tenant_name, uuid.uuid4().hex, "new name")
+ self.assertRaises(TenantNotFound, self.manager.get_extension_id, uuid.uuid4().hex)
_uuid = uuid.uuid4().hex
new_mapping = {
_uuid: {
@@ -154,7 +154,7 @@ class TestTenantManager(tests.TestCase):
)
self.assertEquals(_uuid, data["id"])
self.assertRaises(IntraExtensionUnknown, self.manager.get_extension_id, _uuid, "admin")
- self.assertRaises(TenantIDNotFound, self.manager.get_tenant_uuid, uuid.uuid4().hex)
+ self.assertRaises(TenantNotFound, self.manager.get_tenant_uuid, uuid.uuid4().hex)
# self.assertRaises(AdminIntraExtensionNotFound, self.manager.get_admin_extension_uuid, uuid.uuid4().hex)
def test_exception_tenantaddednameexisting(self):