summaryrefslogtreecommitdiffstats
path: root/keystone-moon
diff options
context:
space:
mode:
Diffstat (limited to 'keystone-moon')
-rw-r--r--keystone-moon/keystone/contrib/moon/backends/sql.py24
-rw-r--r--keystone-moon/keystone/contrib/moon/controllers.py9
-rw-r--r--keystone-moon/keystone/contrib/moon/core.py74
-rw-r--r--keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py25
4 files changed, 59 insertions, 73 deletions
diff --git a/keystone-moon/keystone/contrib/moon/backends/sql.py b/keystone-moon/keystone/contrib/moon/backends/sql.py
index 9f4beb6b..43bd3078 100644
--- a/keystone-moon/keystone/contrib/moon/backends/sql.py
+++ b/keystone-moon/keystone/contrib/moon/backends/sql.py
@@ -323,8 +323,21 @@ __all_objects__ = (
Rule,
)
+
class TenantConnector(TenantDriver):
+ @staticmethod
+ def __update_dict(base, update):
+ """Update a dict only if values are not None
+
+ :param base: dict to update
+ :param update: updates for the base dict
+ :return: None
+ """
+ for key in update:
+ if type(update[key]) is not None:
+ base[key] = update[key]
+
def get_tenants_dict(self):
with sql.transaction() as session:
query = session.query(Tenant)
@@ -354,13 +367,10 @@ class TenantConnector(TenantDriver):
query = session.query(Tenant)
query = query.filter_by(id=tenant_id)
ref = query.first()
- tenant_ref = ref.to_dict()
- tenant_ref.update(tenant_dict)
- new_tenant = Tenant(id=tenant_id, tenant=tenant_ref)
- for attr in Tenant.attributes:
- if attr != 'id':
- setattr(ref, attr, getattr(new_tenant, attr))
- return {ref.id: ref.tenant}
+ tenant_dict_orig = dict(ref.tenant)
+ self.__update_dict(tenant_dict_orig, tenant_dict)
+ setattr(ref, "tenant", tenant_dict_orig)
+ return {ref.id: tenant_dict_orig}
class IntraExtensionConnector(IntraExtensionDriver):
diff --git a/keystone-moon/keystone/contrib/moon/controllers.py b/keystone-moon/keystone/contrib/moon/controllers.py
index 4065eabf..239650f5 100644
--- a/keystone-moon/keystone/contrib/moon/controllers.py
+++ b/keystone-moon/keystone/contrib/moon/controllers.py
@@ -92,9 +92,12 @@ class Tenants(controller.V3Controller):
tenant_id = kw.get('tenant_id', None)
tenant_dict = dict()
tenant_dict['name'] = k_tenant_dict.get('name', None)
- tenant_dict['description'] = kw.get('tenant_description', None)
- tenant_dict['intra_authz_extension_id'] = kw.get('tenant_intra_authz_extension_id', None)
- tenant_dict['intra_admin_extension_id'] = kw.get('tenant_intra_admin_extension_id', None)
+ if 'tenant_description' in kw:
+ tenant_dict['description'] = kw.get('tenant_description', None)
+ if 'tenant_intra_authz_extension_id' in kw:
+ tenant_dict['intra_authz_extension_id'] = kw.get('tenant_intra_authz_extension_id', None)
+ if 'tenant_intra_admin_extension_id' in kw:
+ tenant_dict['intra_admin_extension_id'] = kw.get('tenant_intra_admin_extension_id', None)
self.tenant_api.set_tenant_dict(user_id, tenant_id, tenant_dict)
diff --git a/keystone-moon/keystone/contrib/moon/core.py b/keystone-moon/keystone/contrib/moon/core.py
index 86aadc8b..aa6db0cc 100644
--- a/keystone-moon/keystone/contrib/moon/core.py
+++ b/keystone-moon/keystone/contrib/moon/core.py
@@ -412,31 +412,30 @@ class TenantManager(manager.Manager):
keystone_tenant = self.__get_keystone_tenant_dict(tenant_dict['id'], tenant_dict['name'])
tenant_dict.update(keystone_tenant)
# Sync users between intra_authz_extension and intra_admin_extension
- if tenant_dict['intra_admin_extension_id']:
- if not tenant_dict['intra_authz_extension_id']:
- raise TenantNoIntraAuthzExtension()
- # authz_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id'])
- # admin_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id'])
- # for _subject_id in authz_subjects_dict:
- # if _subject_id not in admin_subjects_dict:
- # self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id'], authz_subjects_dict[_subject_id])
- # for _subject_id in admin_subjects_dict:
- # if _subject_id not in authz_subjects_dict:
- # self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id'], admin_subjects_dict[_subject_id])
-
- # TODO (ateroide): check whether we can replace the below code by the above one
- # NOTE (ateroide): at a first glance: no, subject_id changes depending on which intra_extesion is used
- # we must use name which is constant.
- authz_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id'])
- authz_subject_names_list = [authz_subjects_dict[subject_id]["name"] for subject_id in authz_subjects_dict]
- admin_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id'])
- admin_subject_names_list = [admin_subjects_dict[subject_id]["name"] for subject_id in admin_subjects_dict]
- for _subject_id in authz_subjects_dict:
- if authz_subjects_dict[_subject_id]["name"] not in admin_subject_names_list:
- self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id'], authz_subjects_dict[_subject_id])
- for _subject_id in admin_subjects_dict:
- if admin_subjects_dict[_subject_id]["name"] not in authz_subject_names_list:
- self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id'], admin_subjects_dict[_subject_id])
+ if 'intra_admin_extension_id' in tenant_dict:
+ if 'intra_authz_extension_id' in tenant_dict:
+ # authz_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id'])
+ # admin_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id'])
+ # for _subject_id in authz_subjects_dict:
+ # if _subject_id not in admin_subjects_dict:
+ # self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id'], authz_subjects_dict[_subject_id])
+ # for _subject_id in admin_subjects_dict:
+ # if _subject_id not in authz_subjects_dict:
+ # self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id'], admin_subjects_dict[_subject_id])
+
+ # TODO (ateroide): check whether we can replace the below code by the above one
+ # NOTE (ateroide): at a first glance: no, subject_id changes depending on which intra_extesion is used
+ # we must use name which is constant.
+ authz_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id'])
+ authz_subject_names_list = [authz_subjects_dict[subject_id]["name"] for subject_id in authz_subjects_dict]
+ admin_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id'])
+ admin_subject_names_list = [admin_subjects_dict[subject_id]["name"] for subject_id in admin_subjects_dict]
+ for _subject_id in authz_subjects_dict:
+ if authz_subjects_dict[_subject_id]["name"] not in admin_subject_names_list:
+ self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id'], authz_subjects_dict[_subject_id])
+ for _subject_id in admin_subjects_dict:
+ if admin_subjects_dict[_subject_id]["name"] not in authz_subject_names_list:
+ self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id'], admin_subjects_dict[_subject_id])
return self.driver.add_tenant_dict(tenant_dict['id'], tenant_dict)
@@ -463,19 +462,18 @@ class TenantManager(manager.Manager):
raise TenantUnknown()
# Sync users between intra_authz_extension and intra_admin_extension
- if tenant_dict['intra_admin_extension_id']:
- if not tenant_dict['intra_authz_extension_id']:
- raise TenantNoIntraAuthzExtension
- authz_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id'])
- authz_subject_names_list = [authz_subjects_dict[subject_id]["name"] for subject_id in authz_subjects_dict]
- admin_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id'])
- admin_subject_names_list = [admin_subjects_dict[subject_id]["name"] for subject_id in admin_subjects_dict]
- for _subject_id in authz_subjects_dict:
- if authz_subjects_dict[_subject_id]["name"] not in admin_subject_names_list:
- self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id'], authz_subjects_dict[_subject_id])
- for _subject_id in admin_subjects_dict:
- if admin_subjects_dict[_subject_id]["name"] not in authz_subject_names_list:
- self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id'], admin_subjects_dict[_subject_id])
+ if 'intra_admin_extension_id' in tenant_dict:
+ if 'intra_authz_extension_id' in tenant_dict:
+ authz_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id'])
+ authz_subject_names_list = [authz_subjects_dict[subject_id]["name"] for subject_id in authz_subjects_dict]
+ admin_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id'])
+ admin_subject_names_list = [admin_subjects_dict[subject_id]["name"] for subject_id in admin_subjects_dict]
+ for _subject_id in authz_subjects_dict:
+ if authz_subjects_dict[_subject_id]["name"] not in admin_subject_names_list:
+ self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id'], authz_subjects_dict[_subject_id])
+ for _subject_id in admin_subjects_dict:
+ if admin_subjects_dict[_subject_id]["name"] not in authz_subject_names_list:
+ self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id'], admin_subjects_dict[_subject_id])
return self.driver.set_tenant_dict(tenant_id, tenant_dict)
diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py
index bf0fab08..f8b2f4d5 100644
--- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py
+++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py
@@ -183,28 +183,3 @@ class TestTenantManager(tests.TestCase):
self.assertNotEqual(data, {})
self.assertRaises(TenantAddedNameExisting, self.tenant_manager.add_tenant_dict, self.ADMIN_ID, new_tenant['id'], new_tenant)
-
- def test_exception_tenant_no_intra_extension(self):
- authz_intra_extension = create_intra_extension(self, policy_model="policy_authz")
- admin_intra_extension = create_intra_extension(self, policy_model="policy_admin")
- new_tenant = {
- "id": uuid.uuid4().hex,
- "name": "demo",
- "description": uuid.uuid4().hex,
- "intra_authz_extension_id": authz_intra_extension['id'],
- "intra_admin_extension_id": admin_intra_extension['id'],
- }
- new_tenant['intra_authz_extension_id'] = None
- self.assertRaises(TenantNoIntraAuthzExtension, self.tenant_manager.add_tenant_dict, self.ADMIN_ID, new_tenant['id'], new_tenant)
- new_tenant['intra_authz_extension_id'] = authz_intra_extension['id']
- data = self.tenant_manager.add_tenant_dict(user_id=self.ADMIN_ID, tenant_id=new_tenant['id'], tenant_dict=new_tenant)
- data_id = data.keys()[0]
- self.assertEquals(new_tenant["name"], data[data_id]["name"])
- self.assertEquals(new_tenant["intra_authz_extension_id"], data[data_id]["intra_authz_extension_id"])
- self.assertEquals(new_tenant["intra_admin_extension_id"], data[data_id]["intra_admin_extension_id"])
- data = self.tenant_manager.get_tenants_dict(self.ADMIN_ID)
- self.assertNotEqual(data, {})
-
- new_tenant['intra_authz_extension_id'] = None
- new_tenant['name'] = "demo2"
- self.assertRaises(TenantNoIntraAuthzExtension, self.tenant_manager.set_tenant_dict, self.ADMIN_ID, data_id, new_tenant)