aboutsummaryrefslogtreecommitdiffstats
path: root/keystone-moon/keystone
diff options
context:
space:
mode:
Diffstat (limited to 'keystone-moon/keystone')
-rw-r--r--keystone-moon/keystone/contrib/moon/backends/sql.py21
-rw-r--r--keystone-moon/keystone/contrib/moon/core.py8
-rw-r--r--keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py4
-rw-r--r--keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py4
4 files changed, 21 insertions, 16 deletions
diff --git a/keystone-moon/keystone/contrib/moon/backends/sql.py b/keystone-moon/keystone/contrib/moon/backends/sql.py
index 06071507..2b7258ea 100644
--- a/keystone-moon/keystone/contrib/moon/backends/sql.py
+++ b/keystone-moon/keystone/contrib/moon/backends/sql.py
@@ -292,12 +292,6 @@ class Rule(sql.ModelBase, sql.DictBase):
__all_objects__ = (
- Subject,
- Object,
- Action,
- SubjectCategory,
- ObjectCategory,
- ActionCategory,
SubjectScope,
ObjectScope,
ActionScope,
@@ -305,6 +299,12 @@ __all_objects__ = (
ObjectAssignment,
ActionAssignment,
SubMetaRule,
+ SubjectCategory,
+ ObjectCategory,
+ ActionCategory,
+ Subject,
+ Object,
+ Action,
Rule,
)
@@ -375,8 +375,8 @@ class IntraExtensionConnector(IntraExtensionDriver):
for _object in __all_objects__:
query = session.query(_object)
query = query.filter_by(intra_extension_id=intra_extension_id)
- _ref = query.first()
- if _ref:
+ _refs = query.all()
+ for _ref in _refs:
session.delete(_ref)
session.flush()
session.delete(ref)
@@ -936,7 +936,7 @@ class IntraExtensionConnector(IntraExtensionDriver):
query = query.filter_by(id=intra_extension_id)
ref = query.first()
try:
- return ref.intra_extension["aggregation_algorithm"]
+ return {"aggregation_algorithm": ref.intra_extension["aggregation_algorithm"]}
except KeyError:
return ""
@@ -948,7 +948,8 @@ class IntraExtensionConnector(IntraExtensionDriver):
intra_extension_dict = dict(ref.intra_extension)
intra_extension_dict["aggregation_algorithm"] = aggregation_algorithm_id
setattr(ref, "intra_extension", intra_extension_dict)
- return self.get_aggregation_algorithm_id(intra_extension_id)
+ session.flush()
+ return {"aggregation_algorithm": ref.intra_extension["aggregation_algorithm"]}
def del_aggregation_algorithm(self, intra_extension_id):
with sql.transaction() as session:
diff --git a/keystone-moon/keystone/contrib/moon/core.py b/keystone-moon/keystone/contrib/moon/core.py
index 0560d464..8e56f135 100644
--- a/keystone-moon/keystone/contrib/moon/core.py
+++ b/keystone-moon/keystone/contrib/moon/core.py
@@ -496,7 +496,8 @@ class IntraExtensionManager(manager.Manager):
try:
self.root_extension_id = self.root_api.get_root_extension_id()
self.aggregation_algorithm_dict = self.configuration_api.get_aggregation_algorithms_dict(self.root_extension_id)
- except AttributeError:
+ except AttributeError as e:
+ LOG.warning("Error on init_aggregation_algorithm ({})".format(e))
self.root_extension_id = None
self.aggregation_algorithm_dict = {}
@@ -588,7 +589,7 @@ class IntraExtensionManager(manager.Manager):
if not self.root_extension_id:
self.__init_aggregation_algorithm()
- aggregation_algorithm_id = self.driver.get_aggregation_algorithm_id(intra_extension_id)
+ aggregation_algorithm_id = self.driver.get_aggregation_algorithm_id(intra_extension_id)['aggregation_algorithm']
if self.aggregation_algorithm_dict[aggregation_algorithm_id]['name'] == 'all_true':
decision = all_true(decision_buffer)
elif self.aggregation_algorithm_dict[aggregation_algorithm_id]['name'] == 'one_true':
@@ -813,6 +814,9 @@ class IntraExtensionManager(manager.Manager):
for _id, _value in self.configuration_api.driver.get_aggregation_algorithms_dict().iteritems():
if _value["name"] == json_metarule["aggregation"]:
self.driver.set_aggregation_algorithm_id(intra_extension_dict["id"], _id)
+ break
+ else:
+ LOG.warning("No aggregation_algorithm found for '{}'".format(json_metarule["aggregation"]))
def __load_rule_file(self, intra_extension_dict, policy_dir):
diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py
index 00e9e09f..424e4cbb 100644
--- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py
+++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py
@@ -852,7 +852,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
aggregation_algorithm = self.admin_manager.get_aggregation_algorithm_id(admin_subject_id, authz_ie_dict["id"])
- self.assertIsInstance(aggregation_algorithm, basestring)
+ self.assertIsInstance(aggregation_algorithm, dict)
# TODO: need more tests on aggregation_algorithms (set and del)
@@ -1999,7 +1999,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
aggregation_algorithm = self.admin_manager.get_aggregation_algorithm_id(admin_subject_id, authz_ie_dict["id"])
- self.assertIsInstance(aggregation_algorithm, basestring)
+ self.assertIsInstance(aggregation_algorithm, dict)
# TODO: need more tests on aggregation_algorithms (set and del)
diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py
index 51654227..afe0e7f2 100644
--- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py
+++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py
@@ -836,7 +836,7 @@ class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase):
self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
aggregation_algorithm = self.admin_manager.get_aggregation_algorithm_id(admin_subject_id, authz_ie_dict["id"])
- self.assertIsInstance(aggregation_algorithm, basestring)
+ self.assertIsInstance(aggregation_algorithm, dict)
# TODO: need more tests on aggregation_algorithms (set and del)
@@ -2216,7 +2216,7 @@ class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
aggregation_algorithm = self.admin_manager.get_aggregation_algorithm_id(admin_subject_id, authz_ie_dict["id"])
- self.assertIsInstance(aggregation_algorithm, basestring)
+ self.assertIsInstance(aggregation_algorithm, dict)
# TODO: need more tests on aggregation_algorithms (set and del)