diff options
Diffstat (limited to 'keystone-moon')
-rw-r--r-- | keystone-moon/keystone/contrib/moon/backends/__init__.py | 11 | ||||
-rw-r--r-- | keystone-moon/keystone/contrib/moon/backends/sql.py | 153 | ||||
-rw-r--r-- | keystone-moon/keystone/contrib/moon/controllers.py | 161 | ||||
-rw-r--r-- | keystone-moon/keystone/contrib/moon/core.py | 17 |
4 files changed, 186 insertions, 156 deletions
diff --git a/keystone-moon/keystone/contrib/moon/backends/__init__.py b/keystone-moon/keystone/contrib/moon/backends/__init__.py index b6e97901..b86dae19 100644 --- a/keystone-moon/keystone/contrib/moon/backends/__init__.py +++ b/keystone-moon/keystone/contrib/moon/backends/__init__.py @@ -9,6 +9,17 @@ intra_extensions = { ... } +tenants = { + tenant_id1: { + name: xxx, + description: yyy, + intra_authz_extension_id: zzz, + intra_admin_extension_id: zzz, + }, + tenant_id2: {...}, + ... +} + --------------- for each intra-extension ----------------- subject_categories = { diff --git a/keystone-moon/keystone/contrib/moon/backends/sql.py b/keystone-moon/keystone/contrib/moon/backends/sql.py index b328112c..ac459d4c 100644 --- a/keystone-moon/keystone/contrib/moon/backends/sql.py +++ b/keystone-moon/keystone/contrib/moon/backends/sql.py @@ -38,6 +38,35 @@ class IntraExtension(sql.ModelBase, sql.DictBase): return dict(six.iteritems(self)) +class Tenant(sql.ModelBase, sql.DictBase): + __tablename__ = 'tenants' + # attributes = ['id', 'tenant', 'intra_authz_extension_id', 'intra_adminextension_id'] + attributes = ['id', 'tenant'] + id = sql.Column(sql.String(64), primary_key=True, nullable=False) + tenant = sql.Column(sql.JsonBlob(), nullable=True) + # intra_authz_extension_id = sql.Column(sql.ForeignKey("intra_extensions.id"), nullable=False) + # intra_admin_extension_id = sql.Column(sql.ForeignKey("intra_extensions.id"), nullable=False) + # name = sql.Column(sql.String(128), nullable=True) + # authz = sql.Column(sql.String(64), nullable=True) + # admin = sql.Column(sql.String(64), nullable=True) + + @classmethod + def from_dict(cls, d): + """Override parent from_dict() method with a different implementation. + """ + new_d = d.copy() + uuid = new_d.keys()[0] + return cls(id=uuid, **new_d[uuid]) + + def to_dict(self): + """ + """ + tenant_dict = {} + for key in ("id", "name", "authz", "admin"): + tenant_dict[key] = getattr(self, key) + return tenant_dict + + class SubjectCategory(sql.ModelBase, sql.DictBase): __tablename__ = 'subject_categories' attributes = ['id', 'subject_category', 'intra_extension_id'] @@ -285,33 +314,9 @@ class Rule(sql.ModelBase, sql.DictBase): return dict(six.iteritems(self)) -class Tenant(sql.ModelBase, sql.DictBase): - __tablename__ = 'tenants' - attributes = [ - 'id', 'name', 'authz', 'admin' - ] - id = sql.Column(sql.String(64), primary_key=True, nullable=False) - name = sql.Column(sql.String(128), nullable=True) - authz = sql.Column(sql.String(64), nullable=True) - admin = sql.Column(sql.String(64), nullable=True) - - @classmethod - def from_dict(cls, d): - """Override parent from_dict() method with a different implementation. - """ - new_d = d.copy() - uuid = new_d.keys()[0] - return cls(id=uuid, **new_d[uuid]) - - def to_dict(self): - """ - """ - tenant_dict = {} - for key in ("id", "name", "authz", "admin"): - tenant_dict[key] = getattr(self, key) - return tenant_dict - __all_objects__ = ( + IntraExtensionUnknown, + Tenant, Subject, Object, Action, @@ -329,6 +334,54 @@ __all_objects__ = ( Rule, ) +class TenantConnector(TenantDriver): + + def get_tenant_dict(self): + with sql.transaction() as session: + query = session.query(Tenant) + # query = query.filter_by(uuid=tenant_uuid) + # ref = query.first().to_dict() + tenants = query.all() + return {tenant.id: Tenant.to_dict(tenant) for tenant in tenants} + + def add_tenant(self, tenant_id, tenant_name, intra_authz_ext_id, intra_admin_ext_id): + pass + + def del_tenant(self, tenant_id): + pass + + # TODO: def set_tenant(self, tenant_id, tenant_name, intra_authz_ext_id, intra_admin_ext_id) + def set_tenant_dict(self, tenant): + with sql.transaction() as session: + uuid = tenant.keys()[0] + query = session.query(Tenant) + query = query.filter_by(id=uuid) + ref = query.first() + if not ref: + # if not result, create the database line + ref = Tenant.from_dict(tenant) + session.add(ref) + return Tenant.to_dict(ref) + elif not tenant[uuid]["authz"] and not tenant[uuid]["admin"]: + # if admin and authz extensions are not set, delete the mapping + session.delete(ref) + return + elif tenant[uuid]["authz"] or tenant[uuid]["admin"]: + tenant_ref = ref.to_dict() + tenant_ref.update(tenant[uuid]) + new_tenant = Tenant( + id=uuid, + name=tenant[uuid]["name"], + authz=tenant[uuid]["intra_authz_extension_id"], + admin=tenant[uuid]["intra_admin_extension_id"], + ) + for attr in Tenant.attributes: + if attr != 'id': + setattr(ref, attr, getattr(new_tenant, attr)) + return Tenant.to_dict(ref) + raise TenantException() + + class IntraExtensionConnector(IntraExtensionDriver): # Tenant functions @@ -1458,54 +1511,6 @@ class IntraExtensionConnector(IntraExtensionDriver): return ref.to_dict() -class TenantConnector(TenantDriver): - - def get_tenant_dict(self): - with sql.transaction() as session: - query = session.query(Tenant) - # query = query.filter_by(uuid=tenant_uuid) - # ref = query.first().to_dict() - tenants = query.all() - return {tenant.id: Tenant.to_dict(tenant) for tenant in tenants} - - def add_tenant(self, tenant_id, tenant_name, intra_authz_ext_id, intra_admin_ext_id): - pass - - def del_tenant(self, tenant_id): - pass - - # TODO: def set_tenant(self, tenant_id, tenant_name, intra_authz_ext_id, intra_admin_ext_id) - def set_tenant_dict(self, tenant): - with sql.transaction() as session: - uuid = tenant.keys()[0] - query = session.query(Tenant) - query = query.filter_by(id=uuid) - ref = query.first() - if not ref: - # if not result, create the database line - ref = Tenant.from_dict(tenant) - session.add(ref) - return Tenant.to_dict(ref) - elif not tenant[uuid]["authz"] and not tenant[uuid]["admin"]: - # if admin and authz extensions are not set, delete the mapping - session.delete(ref) - return - elif tenant[uuid]["authz"] or tenant[uuid]["admin"]: - tenant_ref = ref.to_dict() - tenant_ref.update(tenant[uuid]) - new_tenant = Tenant( - id=uuid, - name=tenant[uuid]["name"], - authz=tenant[uuid]["authz"], - admin=tenant[uuid]["admin"], - ) - for attr in Tenant.attributes: - if attr != 'id': - setattr(ref, attr, getattr(new_tenant, attr)) - return Tenant.to_dict(ref) - raise TenantException() - - # class InterExtension(sql.ModelBase, sql.DictBase): # __tablename__ = 'inter_extension' # attributes = [ diff --git a/keystone-moon/keystone/contrib/moon/controllers.py b/keystone-moon/keystone/contrib/moon/controllers.py index 23f3b615..e4551825 100644 --- a/keystone-moon/keystone/contrib/moon/controllers.py +++ b/keystone-moon/keystone/contrib/moon/controllers.py @@ -24,9 +24,14 @@ class Configuration(controller.V3Controller): def __init__(self): super(Configuration, self).__init__() + def _get_user_id_from_token(self, token_id): + response = self.token_provider_api.validate_token(token_id) + token_ref = token_model.KeystoneToken(token_id=token_id, token_data=response) + return token_ref.get('user') + @controller.protected() def get_policy_templetes(self, context, **kw): - user_id = self._get_user_uuid_from_token(context["token_id"]) + user_id = self._get_user_uuid_from_token(context.get("token_id")) # TODO: belowing code should be move to core.py # TODO: return self.configuration_api_get_policy_templete_dict(user_id) nodes = glob.glob(os.path.join(CONF.moon.policy_directory, "*")) @@ -42,7 +47,7 @@ class Configuration(controller.V3Controller): :param kw: :return: {aggregation_algorithm_id: description} """ - user_id = self._get_user_uuid_from_token(context["token_id"]) + user_id = self._get_user_uuid_from_token(context.get("token_id")) return self.configuration_api.get_aggregation_algorithm_dict(user_id) @controller.protected() @@ -52,7 +57,7 @@ class Configuration(controller.V3Controller): :param kw: :return: {sub_meta_rule_algorithm_id: description} """ - user_id = self._get_user_uuid_from_token(context["token_id"]) + user_id = self._get_user_uuid_from_token(context.get("token_id")) return self.configuration_api.get_sub_meta_rule_algorithm_dict(user_id) @@ -65,16 +70,16 @@ class Tenants(controller.V3Controller): def _get_user_id_from_token(self, token_id): response = self.token_provider_api.validate_token(token_id) token_ref = token_model.KeystoneToken(token_id=token_id, token_data=response) - return token_ref['user'] + return token_ref.get('user') @controller.protected() def get_tenants(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get("token_id")) return self.tenant_api.get_tenant_dict(user_id) @controller.protected() def add_tenant(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get("token_id")) # TODO: get tenant name from keystone tenant_name = kw.get("tenant_name") intra_authz_ext_id = kw.get("intra_authz_ext_id") @@ -83,18 +88,18 @@ class Tenants(controller.V3Controller): @controller.protected() def get_tenant(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) tenant_id = kw.get("tenant_id") return self.tenant_api.get_tenant(user_id, tenant_id) @controller.protected() def del_tenant(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) tenant_id = kw.get("tenant_id") return self.tenant_api.del_tenant(user_id, tenant_id) """def load_tenant(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) tenant_id = kw["tenant_id"] tenant_name = self.resource_api.get_project(tenant_id)["name"] intra_authz_ext_id = kw.get("intra_authz_ext_id") @@ -118,7 +123,7 @@ class Authz_v3(controller.V3Controller): def get_authz(self, context, tenant_name, subject_name, object_name, action_name): try: return self.authz_api.authz(tenant_name, subject_name, object_name, action_name) - except TenantIDNotFound: + except TenantUnknown: return True except: return False @@ -140,12 +145,12 @@ class IntraExtensions(controller.V3Controller): # IntraExtension functions @controller.protected() def get_intra_extensions(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) return self.admin_api.get_intra_extension_dict(user_id) @controller.protected() def add_intra_extension(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) intra_extension_dict = dict() # TODO: replace kw by a tangible dict with known variables intra_extension_dict["intra_extension_name"] = kw.get("intra_extension_name", dict()) @@ -168,13 +173,13 @@ class IntraExtensions(controller.V3Controller): @controller.protected() def get_intra_extension(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get('intra_extension_id', None) return self.admin_api.get_intra_extension_dict(user_id)[ie_id] @controller.protected() def del_intra_extension(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) if "ie_id" not in kw: raise IntraExtensionUnknown ie_id = kw.get('intra_extension_id', None) @@ -183,81 +188,81 @@ class IntraExtensions(controller.V3Controller): # Metadata functions @controller.protected() def get_subject_categories(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get('intra_extension_id', None) return self.admin_api.get_subject_category_dict(user_id, ie_id) @controller.protected() def add_subject_category(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get('intra_extension_id', None) subject_category_name = kw.get("subject_category_name", None) return self.admin_api.add_subject_category(user_id, ie_id, subject_category_name) @controller.protected() def get_subject_category(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get('intra_extension_id', None) subject_category_id = kw.get("subject_category_id", None) return self.admin_api.get_subject_category_dict(user_id, ie_id)[subject_category_id] @controller.protected() def del_subject_category(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get('intra_extension_id', None) subject_category_id = kw["subject_category_id"] return self.admin_api.del_subject_category(user_id, ie_id, subject_category_id) @controller.protected() def get_object_categories(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get('intra_extension_id', None) return self.admin_api.get_object_category_dict(user_id, ie_id) @controller.protected() def add_object_category(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get('intra_extension_id', None) object_category_name = kw["object_category_name"] return self.admin_api.add_object_category(user_id, ie_id, object_category_name) @controller.protected() def get_object_category(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get('intra_extension_id', None) object_category_id = kw["object_category_id"] return self.admin_api.get_object_category_dict(user_id, ie_id)[object_category_id] @controller.protected() def del_object_category(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get('intra_extension_id', None) object_category_id = kw["object_category_id"] return self.admin_api.del_object_category(user_id, ie_id, object_category_id) @controller.protected() def get_action_categories(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get('intra_extension_id', None) return self.admin_api.get_action_category_dict(user_id, ie_id) @controller.protected() def add_action_category(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get('intra_extension_id', None) action_category_name = kw["action_category_name"] return self.admin_api.add_action_category(user_id, ie_id, action_category_name) @controller.protected() def get_action_category(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get('intra_extension_id', None) action_category_id = kw["action_category_id"] return self.admin_api.get_action_category_dict(user_id, ie_id)[action_category_id] @controller.protected() def del_action_category(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get('intra_extension_id', None) action_category_id = kw["action_category_id"] return self.admin_api.del_action_category(user_id, ie_id, action_category_id) @@ -265,81 +270,81 @@ class IntraExtensions(controller.V3Controller): # Perimeter functions @controller.protected() def get_subjects(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get('intra_extension_id', None) return self.admin_api.get_subject_dict(user_id, ie_id) @controller.protected() def add_subject(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get('intra_extension_id', None) subject_name = kw["subject_name"] return self.admin_api.add_subject(user_id, ie_id, subject_name) @controller.protected() def get_subject(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get('intra_extension_id', None) subject_id = kw["subject_id"] return self.admin_api.get_subject_dict(user_id, ie_id)[subject_id] @controller.protected() def del_subject(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get('intra_extension_id', None) subject_id = kw["subject_id"] return self.admin_api.del_subject(user_id, ie_id, subject_id) @controller.protected() def get_objects(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get("intra_extension_id", None) return self.admin_api.get_object_dict(user_id, ie_id) @controller.protected() def add_object(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get("intra_extension_id", None) object_name = kw["object_name"] return self.admin_api.add_object(user_id, ie_id, object_name) @controller.protected() def get_object(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get("intra_extension_id", None) object_id = kw["object_id"] return self.admin_api.get_object_dict(user_id, ie_id)[object_id] @controller.protected() def del_object(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get("intra_extension_id", None) object_id = kw["object_id"] return self.admin_api.del_object(user_id, ie_id, object_id) @controller.protected() def get_actions(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get("intra_extension_id", None) return self.admin_api.get_action_dict(user_id, ie_id) @controller.protected() def add_action(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get("intra_extension_id", None) action_name = kw["action_name"] return self.admin_api.add_action(user_id, ie_id, action_name) @controller.protected() def get_action(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get("intra_extension_id", None) action_id = kw["action_id"] return self.admin_api.get_action_dict(user_id, ie_id)[action_id] @controller.protected() def del_action(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get("intra_extension_id", None) action_id = kw["action_id"] return self.admin_api.del_action(user_id, ie_id, action_id) @@ -347,14 +352,14 @@ class IntraExtensions(controller.V3Controller): # Scope functions @controller.protected() def get_subject_scopes(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get("intra_extension_id", None) subject_category_id = kw["subject_category_id"] return self.admin_api.get_subject_scope_dict(user_id, ie_id, subject_category_id) @controller.protected() def add_subject_scope(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get("intra_extension_id", None) subject_category_id = kw["subject_category_id"] subject_scope_name = kw["subject_scope_name"] @@ -366,7 +371,7 @@ class IntraExtensions(controller.V3Controller): @controller.protected() def get_subject_scope(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get("intra_extension_id", None) subject_category_id = kw["subject_category_id"] subject_scope_id = kw["subject_scope_id"] @@ -374,7 +379,7 @@ class IntraExtensions(controller.V3Controller): @controller.protected() def del_subject_scope(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get("intra_extension_id", None) subject_category_id = kw["subject_category_id"] subject_scope_id = kw["subject_scope_id"] @@ -386,14 +391,14 @@ class IntraExtensions(controller.V3Controller): @controller.protected() def get_object_scopes(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get("intra_extension_id", None) object_category_id = kw["object_category_id"] return self.admin_api.get_object_scope_dict(user_id, ie_id, object_category_id) @controller.protected() def add_object_scope(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get("intra_extension_id", None) object_category_id = kw["object_category_id"] object_scope_name = kw["object_scope_name"] @@ -405,7 +410,7 @@ class IntraExtensions(controller.V3Controller): @controller.protected() def get_object_scope(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get("intra_extension_id", None) object_category_id = kw["object_category_id"] object_scope_id = kw["object_scope_id"] @@ -413,7 +418,7 @@ class IntraExtensions(controller.V3Controller): @controller.protected() def del_object_scope(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get("intra_extension_id", None) object_category_id = kw["object_category_id"] object_scope_id = kw["object_scope_id"] @@ -425,14 +430,14 @@ class IntraExtensions(controller.V3Controller): @controller.protected() def get_action_scopes(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get("intra_extension_id", None) action_category_id = kw["action_category_id"] return self.admin_api.get_action_scope_dict(user_id, ie_id, action_category_id) @controller.protected() def add_action_scope(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get("intra_extension_id", None) action_category_id = kw["action_category_id"] action_scope_name = kw["action_scope_name"] @@ -444,7 +449,7 @@ class IntraExtensions(controller.V3Controller): @controller.protected() def get_action_scope(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get("intra_extension_id", None) action_category_id = kw["action_category_id"] action_scope_id = kw["action_scope_id"] @@ -452,7 +457,7 @@ class IntraExtensions(controller.V3Controller): @controller.protected() def del_action_scope(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get("intra_extension_id", None) action_category_id = kw["action_category_id"] action_scope_id = kw["action_scope_id"] @@ -465,14 +470,14 @@ class IntraExtensions(controller.V3Controller): # Assignment functions @controller.protected() def get_subject_assignments(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get("intra_extension_id", None) subject_id = kw["subject_id"] return self.admin_api.get_subject_assignment_dict(user_id, ie_id, subject_id) @controller.protected() def add_subject_assignment(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get("intra_extension_id", None) subject_id = kw["subject_id"] subject_category_id = kw["subject_category_id"] @@ -486,7 +491,7 @@ class IntraExtensions(controller.V3Controller): @controller.protected() def get_subject_assignment(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get("intra_extension_id", None) subject_id = kw["subject_id"] subject_category_id = kw["subject_category_id"] @@ -494,7 +499,7 @@ class IntraExtensions(controller.V3Controller): @controller.protected() def del_subject_assignment(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get("intra_extension_id", None) subject_id = kw["subject_id"] subject_category_id = kw["subject_category_id"] @@ -508,14 +513,14 @@ class IntraExtensions(controller.V3Controller): @controller.protected() def get_object_assignments(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get("intra_extension_id", None) object_id = kw["object_id"] return self.admin_api.get_object_assignment_dict(user_id, ie_id, object_id) @controller.protected() def add_object_assignment(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get("intra_extension_id", None) object_id = kw["object_id"] object_category_id = kw["object_category_id"] @@ -529,7 +534,7 @@ class IntraExtensions(controller.V3Controller): @controller.protected() def get_object_assignment(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get("intra_extension_id", None) object_id = kw["object_id"] object_category_id = kw["object_category_id"] @@ -537,7 +542,7 @@ class IntraExtensions(controller.V3Controller): @controller.protected() def del_object_assignment(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get("intra_extension_id", None) object_id = kw["object_id"] object_category_id = kw["object_category_id"] @@ -551,14 +556,14 @@ class IntraExtensions(controller.V3Controller): @controller.protected() def get_action_assignments(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get("intra_extension_id", None) action_id = kw["action_id"] return self.admin_api.get_action_assignment_dict(user_id, ie_id, action_id) @controller.protected() def add_action_assignment(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get("intra_extension_id", None) action_id = kw["action_id"] action_category_id = kw["action_category_id"] @@ -572,7 +577,7 @@ class IntraExtensions(controller.V3Controller): @controller.protected() def get_action_assignment(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get("intra_extension_id", None) action_id = kw["action_id"] action_category_id = kw["action_category_id"] @@ -580,7 +585,7 @@ class IntraExtensions(controller.V3Controller): @controller.protected() def del_action_assignment(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get("intra_extension_id", None) action_id = kw["action_id"] action_category_id = kw["action_category_id"] @@ -595,7 +600,7 @@ class IntraExtensions(controller.V3Controller): # Metarule functions @controller.protected() def add_aggregation_algorithm(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get("intra_extension_id", None) aggregation_algorithm_id = kw["aggregation_algorithm_id"] return self.admin_api.add_aggregation_algorithm( @@ -605,13 +610,13 @@ class IntraExtensions(controller.V3Controller): @controller.protected() def get_aggregation_algorithm(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get("intra_extension_id", None) return self.admin_api.get_aggregation_algorithm(user_id, ie_id) @controller.protected() def del_aggregation_algorithm(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get("intra_extension_id", None) aggregation_algorithm_id = kw["aggregation_algorithm_id"] return self.admin_api.del_aggregation_algorithm( @@ -621,13 +626,13 @@ class IntraExtensions(controller.V3Controller): @controller.protected() def get_sub_meta_rules(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get("intra_extension_id", None) return self.admin_api.get_sub_meta_rule_dict(user_id, ie_id) @controller.protected() def add_sub_meta_rule(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get("intra_extension_id", None) sub_meta_rule_name = kw["sub_meta_rule_name"] subject_category_list = kw["subject_categories"] @@ -647,14 +652,14 @@ class IntraExtensions(controller.V3Controller): @controller.protected() def get_sub_meta_rule(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get("intra_extension_id", None) sub_meta_rule_id = kw["sub_meta_rule_id"] return self.admin_api.get_sub_meta_rule(user_id, ie_id, sub_meta_rule_id) @controller.protected() def del_sub_meta_rule(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get("intra_extension_id") sub_meta_rule_id = kw["sub_meta_rule_id"] return self.admin_api.get_sub_meta_rule(user_id, ie_id, sub_meta_rule_id) @@ -662,14 +667,14 @@ class IntraExtensions(controller.V3Controller): # Rules functions @controller.protected() def get_rules(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get("intra_extension_id", None) sub_meta_rule_id = kw["sub_meta_rule_id"] return self.admin_api.get_rule_dict(user_id, ie_id, sub_meta_rule_id) @controller.protected() def add_rule(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get("intra_extension_id", None) sub_meta_rule_id = kw.get("sub_meta_rule_id") rule_list = list() @@ -681,7 +686,7 @@ class IntraExtensions(controller.V3Controller): @controller.protected() def get_rule(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get("intra_extension_id", None) sub_meta_rule_id = kw.get("sub_meta_rule_id") rule_id = kw.get("rule_id") @@ -689,7 +694,7 @@ class IntraExtensions(controller.V3Controller): @controller.protected() def del_rule(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) ie_id = kw.get("intra_extension_id", None) sub_meta_rule_id = kw["sub_meta_rule_id"] rule_id = kw["rule_id"] @@ -709,7 +714,7 @@ class InterExtensions(controller.V3Controller): # @controller.protected() # def get_inter_extensions(self, context, **kw): - # user = self._get_user_from_token(context["token_id"]) + # user = self._get_user_from_token(context.get('token_id')) # return { # "inter_extensions": # self.interextension_api.get_inter_extensions() @@ -717,7 +722,7 @@ class InterExtensions(controller.V3Controller): # @controller.protected() # def get_inter_extension(self, context, **kw): - # user = self._get_user_from_token(context["token_id"]) + # user = self._get_user_from_token(context.get('token_id')) # return { # "inter_extensions": # self.interextension_api.get_inter_extension(uuid=kw['inter_extension_id']) @@ -725,12 +730,12 @@ class InterExtensions(controller.V3Controller): # @controller.protected() # def create_inter_extension(self, context, **kw): - # user = self._get_user_from_token(context["token_id"]) + # user = self._get_user_from_token(context.get('token_id')) # return self.interextension_api.create_inter_extension(kw) # @controller.protected() # def delete_inter_extension(self, context, **kw): - # user = self._get_user_from_token(context["token_id"]) + # user = self._get_user_from_token(context.get('token_id')) # if "inter_extension_id" not in kw: # raise exception.Error # return self.interextension_api.delete_inter_extension(kw["inter_extension_id"]) @@ -756,7 +761,7 @@ class Logs(controller.V3Controller): @controller.protected() def get_logs(self, context, **kw): - user_id = self._get_user_id_from_token(context["token_id"]) + user_id = self._get_user_id_from_token(context.get('token_id')) options = kw.get("options", "") # FIXME (dthom): the authorization for get_logs must be done with an intra_extension #if self.authz_api.admin(user["name"], "logs", "read"): diff --git a/keystone-moon/keystone/contrib/moon/core.py b/keystone-moon/keystone/contrib/moon/core.py index 74e3404d..524cc420 100644 --- a/keystone-moon/keystone/contrib/moon/core.py +++ b/keystone-moon/keystone/contrib/moon/core.py @@ -184,10 +184,20 @@ class TenantManager(manager.Manager): def get_tenant_dict(self, user_id): """ Return a dictionary with all tenants - :return: dict + :return: { + tenant_id1: { + name: xxx, + description: yyy, + intra_authz_extension_id: zzz, + intra_admin_extension_id: zzz, + }, + tenant_id2: {...}, + ... + } """ # TODO: check user right with user_id in SuperExtension tenant_dict = self.driver.get_tenant_dict() + # TODO: check whether we need this exception if not tenant_dict: raise TenantDictEmpty() return tenant_dict @@ -198,7 +208,7 @@ class TenantManager(manager.Manager): for tenant_id in tenant_dict: if tenant_dict[tenant_id]['name'] is tenant_name: raise TenantAddedNameExisting() - return self.driver.add_tenant(uuid4().hex, tenant_name, intra_authz_ext_id, intra_admin_ext_id) + return self.driver.add_tenant(uuid4().hex(), tenant_name, intra_authz_ext_id, intra_admin_ext_id) def get_tenant(self, user_id, tenant_id): # TODO: check user right with user_id in SuperExtension @@ -209,8 +219,7 @@ class TenantManager(manager.Manager): def del_tenant(self, user_id, tenant_id): # TODO: check user right with user_id in SuperExtension - tenant_dict = self.driver.get_tenant_dict() - if tenant_id not in tenant_dict: + if tenant_id not in self.driver.get_tenant_dict(): raise TenantUnknown() return self.driver.del_tenant(tenant_id) |