diff options
Diffstat (limited to 'keystone-moon/keystone')
4 files changed, 59 insertions, 73 deletions
diff --git a/keystone-moon/keystone/contrib/moon/backends/sql.py b/keystone-moon/keystone/contrib/moon/backends/sql.py index 9f4beb6b..43bd3078 100644 --- a/keystone-moon/keystone/contrib/moon/backends/sql.py +++ b/keystone-moon/keystone/contrib/moon/backends/sql.py @@ -323,8 +323,21 @@ __all_objects__ = ( Rule, ) + class TenantConnector(TenantDriver): + @staticmethod + def __update_dict(base, update): + """Update a dict only if values are not None + + :param base: dict to update + :param update: updates for the base dict + :return: None + """ + for key in update: + if type(update[key]) is not None: + base[key] = update[key] + def get_tenants_dict(self): with sql.transaction() as session: query = session.query(Tenant) @@ -354,13 +367,10 @@ class TenantConnector(TenantDriver): query = session.query(Tenant) query = query.filter_by(id=tenant_id) ref = query.first() - tenant_ref = ref.to_dict() - tenant_ref.update(tenant_dict) - new_tenant = Tenant(id=tenant_id, tenant=tenant_ref) - for attr in Tenant.attributes: - if attr != 'id': - setattr(ref, attr, getattr(new_tenant, attr)) - return {ref.id: ref.tenant} + tenant_dict_orig = dict(ref.tenant) + self.__update_dict(tenant_dict_orig, tenant_dict) + setattr(ref, "tenant", tenant_dict_orig) + return {ref.id: tenant_dict_orig} class IntraExtensionConnector(IntraExtensionDriver): diff --git a/keystone-moon/keystone/contrib/moon/controllers.py b/keystone-moon/keystone/contrib/moon/controllers.py index 4065eabf..239650f5 100644 --- a/keystone-moon/keystone/contrib/moon/controllers.py +++ b/keystone-moon/keystone/contrib/moon/controllers.py @@ -92,9 +92,12 @@ class Tenants(controller.V3Controller): tenant_id = kw.get('tenant_id', None) tenant_dict = dict() tenant_dict['name'] = k_tenant_dict.get('name', None) - tenant_dict['description'] = kw.get('tenant_description', None) - tenant_dict['intra_authz_extension_id'] = kw.get('tenant_intra_authz_extension_id', None) - tenant_dict['intra_admin_extension_id'] = kw.get('tenant_intra_admin_extension_id', None) + if 'tenant_description' in kw: + tenant_dict['description'] = kw.get('tenant_description', None) + if 'tenant_intra_authz_extension_id' in kw: + tenant_dict['intra_authz_extension_id'] = kw.get('tenant_intra_authz_extension_id', None) + if 'tenant_intra_admin_extension_id' in kw: + tenant_dict['intra_admin_extension_id'] = kw.get('tenant_intra_admin_extension_id', None) self.tenant_api.set_tenant_dict(user_id, tenant_id, tenant_dict) diff --git a/keystone-moon/keystone/contrib/moon/core.py b/keystone-moon/keystone/contrib/moon/core.py index 86aadc8b..aa6db0cc 100644 --- a/keystone-moon/keystone/contrib/moon/core.py +++ b/keystone-moon/keystone/contrib/moon/core.py @@ -412,31 +412,30 @@ class TenantManager(manager.Manager): keystone_tenant = self.__get_keystone_tenant_dict(tenant_dict['id'], tenant_dict['name']) tenant_dict.update(keystone_tenant) # Sync users between intra_authz_extension and intra_admin_extension - if tenant_dict['intra_admin_extension_id']: - if not tenant_dict['intra_authz_extension_id']: - raise TenantNoIntraAuthzExtension() - # authz_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id']) - # admin_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id']) - # for _subject_id in authz_subjects_dict: - # if _subject_id not in admin_subjects_dict: - # self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id'], authz_subjects_dict[_subject_id]) - # for _subject_id in admin_subjects_dict: - # if _subject_id not in authz_subjects_dict: - # self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id'], admin_subjects_dict[_subject_id]) - - # TODO (ateroide): check whether we can replace the below code by the above one - # NOTE (ateroide): at a first glance: no, subject_id changes depending on which intra_extesion is used - # we must use name which is constant. - authz_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id']) - authz_subject_names_list = [authz_subjects_dict[subject_id]["name"] for subject_id in authz_subjects_dict] - admin_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id']) - admin_subject_names_list = [admin_subjects_dict[subject_id]["name"] for subject_id in admin_subjects_dict] - for _subject_id in authz_subjects_dict: - if authz_subjects_dict[_subject_id]["name"] not in admin_subject_names_list: - self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id'], authz_subjects_dict[_subject_id]) - for _subject_id in admin_subjects_dict: - if admin_subjects_dict[_subject_id]["name"] not in authz_subject_names_list: - self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id'], admin_subjects_dict[_subject_id]) + if 'intra_admin_extension_id' in tenant_dict: + if 'intra_authz_extension_id' in tenant_dict: + # authz_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id']) + # admin_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id']) + # for _subject_id in authz_subjects_dict: + # if _subject_id not in admin_subjects_dict: + # self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id'], authz_subjects_dict[_subject_id]) + # for _subject_id in admin_subjects_dict: + # if _subject_id not in authz_subjects_dict: + # self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id'], admin_subjects_dict[_subject_id]) + + # TODO (ateroide): check whether we can replace the below code by the above one + # NOTE (ateroide): at a first glance: no, subject_id changes depending on which intra_extesion is used + # we must use name which is constant. + authz_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id']) + authz_subject_names_list = [authz_subjects_dict[subject_id]["name"] for subject_id in authz_subjects_dict] + admin_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id']) + admin_subject_names_list = [admin_subjects_dict[subject_id]["name"] for subject_id in admin_subjects_dict] + for _subject_id in authz_subjects_dict: + if authz_subjects_dict[_subject_id]["name"] not in admin_subject_names_list: + self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id'], authz_subjects_dict[_subject_id]) + for _subject_id in admin_subjects_dict: + if admin_subjects_dict[_subject_id]["name"] not in authz_subject_names_list: + self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id'], admin_subjects_dict[_subject_id]) return self.driver.add_tenant_dict(tenant_dict['id'], tenant_dict) @@ -463,19 +462,18 @@ class TenantManager(manager.Manager): raise TenantUnknown() # Sync users between intra_authz_extension and intra_admin_extension - if tenant_dict['intra_admin_extension_id']: - if not tenant_dict['intra_authz_extension_id']: - raise TenantNoIntraAuthzExtension - authz_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id']) - authz_subject_names_list = [authz_subjects_dict[subject_id]["name"] for subject_id in authz_subjects_dict] - admin_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id']) - admin_subject_names_list = [admin_subjects_dict[subject_id]["name"] for subject_id in admin_subjects_dict] - for _subject_id in authz_subjects_dict: - if authz_subjects_dict[_subject_id]["name"] not in admin_subject_names_list: - self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id'], authz_subjects_dict[_subject_id]) - for _subject_id in admin_subjects_dict: - if admin_subjects_dict[_subject_id]["name"] not in authz_subject_names_list: - self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id'], admin_subjects_dict[_subject_id]) + if 'intra_admin_extension_id' in tenant_dict: + if 'intra_authz_extension_id' in tenant_dict: + authz_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id']) + authz_subject_names_list = [authz_subjects_dict[subject_id]["name"] for subject_id in authz_subjects_dict] + admin_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id']) + admin_subject_names_list = [admin_subjects_dict[subject_id]["name"] for subject_id in admin_subjects_dict] + for _subject_id in authz_subjects_dict: + if authz_subjects_dict[_subject_id]["name"] not in admin_subject_names_list: + self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id'], authz_subjects_dict[_subject_id]) + for _subject_id in admin_subjects_dict: + if admin_subjects_dict[_subject_id]["name"] not in authz_subject_names_list: + self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id'], admin_subjects_dict[_subject_id]) return self.driver.set_tenant_dict(tenant_id, tenant_dict) diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py index bf0fab08..f8b2f4d5 100644 --- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py +++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py @@ -183,28 +183,3 @@ class TestTenantManager(tests.TestCase): self.assertNotEqual(data, {}) self.assertRaises(TenantAddedNameExisting, self.tenant_manager.add_tenant_dict, self.ADMIN_ID, new_tenant['id'], new_tenant) - - def test_exception_tenant_no_intra_extension(self): - authz_intra_extension = create_intra_extension(self, policy_model="policy_authz") - admin_intra_extension = create_intra_extension(self, policy_model="policy_admin") - new_tenant = { - "id": uuid.uuid4().hex, - "name": "demo", - "description": uuid.uuid4().hex, - "intra_authz_extension_id": authz_intra_extension['id'], - "intra_admin_extension_id": admin_intra_extension['id'], - } - new_tenant['intra_authz_extension_id'] = None - self.assertRaises(TenantNoIntraAuthzExtension, self.tenant_manager.add_tenant_dict, self.ADMIN_ID, new_tenant['id'], new_tenant) - new_tenant['intra_authz_extension_id'] = authz_intra_extension['id'] - data = self.tenant_manager.add_tenant_dict(user_id=self.ADMIN_ID, tenant_id=new_tenant['id'], tenant_dict=new_tenant) - data_id = data.keys()[0] - self.assertEquals(new_tenant["name"], data[data_id]["name"]) - self.assertEquals(new_tenant["intra_authz_extension_id"], data[data_id]["intra_authz_extension_id"]) - self.assertEquals(new_tenant["intra_admin_extension_id"], data[data_id]["intra_admin_extension_id"]) - data = self.tenant_manager.get_tenants_dict(self.ADMIN_ID) - self.assertNotEqual(data, {}) - - new_tenant['intra_authz_extension_id'] = None - new_tenant['name'] = "demo2" - self.assertRaises(TenantNoIntraAuthzExtension, self.tenant_manager.set_tenant_dict, self.ADMIN_ID, data_id, new_tenant) |