From 48857b80be18bb0985aab643f5c8c899194d636b Mon Sep 17 00:00:00 2001 From: Thomas Duval Date: Fri, 5 Jan 2018 16:28:07 +0100 Subject: prevent the mapping N*PDP <=> 1*Keystone_project Change-Id: Ia43d7fb2a2c8054e9cf492395f2e3ef396d184cf --- moon_manager/moon_manager/api/pdp.py | 18 +++++++++++++++--- python_moonutilities/Changelog | 4 ++++ python_moonutilities/python_moonutilities/__init__.py | 2 +- .../python_moonutilities/exceptions.py | 8 ++++++++ 4 files changed, 28 insertions(+), 4 deletions(-) diff --git a/moon_manager/moon_manager/api/pdp.py b/moon_manager/moon_manager/api/pdp.py index 4dc2c310..3ae55d33 100644 --- a/moon_manager/moon_manager/api/pdp.py +++ b/moon_manager/moon_manager/api/pdp.py @@ -14,9 +14,7 @@ import requests import time from python_moonutilities.security_functions import check_auth from python_moondb.core import PDPManager -from python_moondb.core import PolicyManager -from python_moondb.core import ModelManager -from python_moonutilities import configuration +from python_moonutilities import configuration, exceptions __version__ = "4.3.2" @@ -51,6 +49,14 @@ def add_pod(uuid, data): logger.info(req.text) +def check_keystone_pid(k_pid): + data = PDPManager.get_pdp(user_id="admin") + for pdp_key, pdp_value in data.items(): + logger.info("pdp={}".format(pdp_value)) + if pdp_value["keystone_project_id"] == k_pid: + return True + + class PDP(Resource): """ Endpoint for pdp requests @@ -113,6 +119,9 @@ class PDP(Resource): data = dict(request.json) if not data.get("keystone_project_id"): data["keystone_project_id"] = None + else: + if check_keystone_pid(data.get("keystone_project_id")): + raise exceptions.PdpKeystoneMappingConflict data = PDPManager.add_pdp( user_id=user_id, pdp_id=None, value=request.json) uuid = list(data.keys())[0] @@ -166,6 +175,9 @@ class PDP(Resource): _data = dict(request.json) if not _data.get("keystone_project_id"): _data["keystone_project_id"] = None + else: + if check_keystone_pid(_data.get("keystone_project_id")): + raise exceptions.PdpKeystoneMappingConflict data = PDPManager.update_pdp( user_id=user_id, pdp_id=uuid, value=_data) logger.debug("data={}".format(data)) diff --git a/python_moonutilities/Changelog b/python_moonutilities/Changelog index 91f09cbf..2c4c02a8 100644 --- a/python_moonutilities/Changelog +++ b/python_moonutilities/Changelog @@ -74,3 +74,7 @@ CHANGES 1.4.4 ----- - Code cleaning + +1.4.5 +----- +- Add PdpKeystoneMappingConflict exception diff --git a/python_moonutilities/python_moonutilities/__init__.py b/python_moonutilities/python_moonutilities/__init__.py index 6d1ac746..bcd7e545 100644 --- a/python_moonutilities/python_moonutilities/__init__.py +++ b/python_moonutilities/python_moonutilities/__init__.py @@ -3,6 +3,6 @@ # license which can be found in the file 'LICENSE' in this package distribution # or at 'http://www.apache.org/licenses/LICENSE-2.0'. -__version__ = "1.4.4" +__version__ = "1.4.5" diff --git a/python_moonutilities/python_moonutilities/exceptions.py b/python_moonutilities/python_moonutilities/exceptions.py index 5b9ff340..2d689287 100644 --- a/python_moonutilities/python_moonutilities/exceptions.py +++ b/python_moonutilities/python_moonutilities/exceptions.py @@ -504,6 +504,7 @@ class ConsulComponentNotFound(ConsulError): title = 'Consul error' logger = "WARNING" + class ConsulComponentContentError(ConsulError): description = _("invalid content of component .") code = 500 @@ -541,6 +542,13 @@ class PdpExisting(MoonError): logger = "Error" +class PdpKeystoneMappingConflict(MoonError): + description = _("A pdp is already mapped to that Keystone project.") + code = 409 + title = 'Pdp Mapping Error' + logger = "Error" + + class PolicyUnknown(MoonError): description = _("The policy is unknown.") code = 400 -- cgit 1.2.3-korg