diff options
Diffstat (limited to 'keystone-moon/keystone')
4 files changed, 21 insertions, 16 deletions
diff --git a/keystone-moon/keystone/contrib/moon/backends/sql.py b/keystone-moon/keystone/contrib/moon/backends/sql.py index 06071507..2b7258ea 100644 --- a/keystone-moon/keystone/contrib/moon/backends/sql.py +++ b/keystone-moon/keystone/contrib/moon/backends/sql.py @@ -292,12 +292,6 @@ class Rule(sql.ModelBase, sql.DictBase): __all_objects__ = ( - Subject, - Object, - Action, - SubjectCategory, - ObjectCategory, - ActionCategory, SubjectScope, ObjectScope, ActionScope, @@ -305,6 +299,12 @@ __all_objects__ = ( ObjectAssignment, ActionAssignment, SubMetaRule, + SubjectCategory, + ObjectCategory, + ActionCategory, + Subject, + Object, + Action, Rule, ) @@ -375,8 +375,8 @@ class IntraExtensionConnector(IntraExtensionDriver): for _object in __all_objects__: query = session.query(_object) query = query.filter_by(intra_extension_id=intra_extension_id) - _ref = query.first() - if _ref: + _refs = query.all() + for _ref in _refs: session.delete(_ref) session.flush() session.delete(ref) @@ -936,7 +936,7 @@ class IntraExtensionConnector(IntraExtensionDriver): query = query.filter_by(id=intra_extension_id) ref = query.first() try: - return ref.intra_extension["aggregation_algorithm"] + return {"aggregation_algorithm": ref.intra_extension["aggregation_algorithm"]} except KeyError: return "" @@ -948,7 +948,8 @@ class IntraExtensionConnector(IntraExtensionDriver): intra_extension_dict = dict(ref.intra_extension) intra_extension_dict["aggregation_algorithm"] = aggregation_algorithm_id setattr(ref, "intra_extension", intra_extension_dict) - return self.get_aggregation_algorithm_id(intra_extension_id) + session.flush() + return {"aggregation_algorithm": ref.intra_extension["aggregation_algorithm"]} def del_aggregation_algorithm(self, intra_extension_id): with sql.transaction() as session: diff --git a/keystone-moon/keystone/contrib/moon/core.py b/keystone-moon/keystone/contrib/moon/core.py index 0560d464..8e56f135 100644 --- a/keystone-moon/keystone/contrib/moon/core.py +++ b/keystone-moon/keystone/contrib/moon/core.py @@ -496,7 +496,8 @@ class IntraExtensionManager(manager.Manager): try: self.root_extension_id = self.root_api.get_root_extension_id() self.aggregation_algorithm_dict = self.configuration_api.get_aggregation_algorithms_dict(self.root_extension_id) - except AttributeError: + except AttributeError as e: + LOG.warning("Error on init_aggregation_algorithm ({})".format(e)) self.root_extension_id = None self.aggregation_algorithm_dict = {} @@ -588,7 +589,7 @@ class IntraExtensionManager(manager.Manager): if not self.root_extension_id: self.__init_aggregation_algorithm() - aggregation_algorithm_id = self.driver.get_aggregation_algorithm_id(intra_extension_id) + aggregation_algorithm_id = self.driver.get_aggregation_algorithm_id(intra_extension_id)['aggregation_algorithm'] if self.aggregation_algorithm_dict[aggregation_algorithm_id]['name'] == 'all_true': decision = all_true(decision_buffer) elif self.aggregation_algorithm_dict[aggregation_algorithm_id]['name'] == 'one_true': @@ -813,6 +814,9 @@ class IntraExtensionManager(manager.Manager): for _id, _value in self.configuration_api.driver.get_aggregation_algorithms_dict().iteritems(): if _value["name"] == json_metarule["aggregation"]: self.driver.set_aggregation_algorithm_id(intra_extension_dict["id"], _id) + break + else: + LOG.warning("No aggregation_algorithm found for '{}'".format(json_metarule["aggregation"])) def __load_rule_file(self, intra_extension_dict, policy_dir): diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py index 00e9e09f..424e4cbb 100644 --- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py +++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py @@ -852,7 +852,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() aggregation_algorithm = self.admin_manager.get_aggregation_algorithm_id(admin_subject_id, authz_ie_dict["id"]) - self.assertIsInstance(aggregation_algorithm, basestring) + self.assertIsInstance(aggregation_algorithm, dict) # TODO: need more tests on aggregation_algorithms (set and del) @@ -1999,7 +1999,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() aggregation_algorithm = self.admin_manager.get_aggregation_algorithm_id(admin_subject_id, authz_ie_dict["id"]) - self.assertIsInstance(aggregation_algorithm, basestring) + self.assertIsInstance(aggregation_algorithm, dict) # TODO: need more tests on aggregation_algorithms (set and del) diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py index 51654227..afe0e7f2 100644 --- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py +++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py @@ -836,7 +836,7 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase): self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() aggregation_algorithm = self.admin_manager.get_aggregation_algorithm_id(admin_subject_id, authz_ie_dict["id"]) - self.assertIsInstance(aggregation_algorithm, basestring) + self.assertIsInstance(aggregation_algorithm, dict) # TODO: need more tests on aggregation_algorithms (set and del) @@ -2216,7 +2216,7 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase): self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next() aggregation_algorithm = self.admin_manager.get_aggregation_algorithm_id(admin_subject_id, authz_ie_dict["id"]) - self.assertIsInstance(aggregation_algorithm, basestring) + self.assertIsInstance(aggregation_algorithm, dict) # TODO: need more tests on aggregation_algorithms (set and del) |