From c10edf3198cda970331bdf6b60166aa8fb611888 Mon Sep 17 00:00:00 2001 From: WuKong Date: Wed, 15 Jul 2015 18:40:14 +0200 Subject: review core.py Change-Id: Icbeed742bdaabefe443696003e74b1a6c4587ae3 Signed-off-by: WuKong --- .../examples/moon/policies/policy_admin/rule.json | 22 + .../examples/moon/policies/policy_admin/rules.json | 22 - .../examples/moon/policies/policy_admin/scope.json | 6 +- .../examples/moon/policies/policy_authz/rule.json | 41 + .../examples/moon/policies/policy_authz/rules.json | 41 - .../examples/moon/policies/policy_authz/scope.json | 6 +- .../keystone/contrib/moon/backends/sql.py | 90 +- keystone-moon/keystone/contrib/moon/controllers.py | 186 +- keystone-moon/keystone/contrib/moon/core.py | 2035 ++++++++++---------- keystone-moon/keystone/contrib/moon/exception.py | 134 +- keystone-moon/keystone/contrib/moon/routers.py | 130 +- .../unit/test_unit_core_intra_extension_admin.py | 314 +-- .../unit/test_unit_core_intra_extension_authz.py | 124 +- .../keystone/tests/moon/unit/test_unit_core_log.py | 2 +- 14 files changed, 1578 insertions(+), 1575 deletions(-) create mode 100644 keystone-moon/examples/moon/policies/policy_admin/rule.json delete mode 100644 keystone-moon/examples/moon/policies/policy_admin/rules.json create mode 100644 keystone-moon/examples/moon/policies/policy_authz/rule.json delete mode 100644 keystone-moon/examples/moon/policies/policy_authz/rules.json (limited to 'keystone-moon') diff --git a/keystone-moon/examples/moon/policies/policy_admin/rule.json b/keystone-moon/examples/moon/policies/policy_admin/rule.json new file mode 100644 index 00000000..650405a9 --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_admin/rule.json @@ -0,0 +1,22 @@ +{ + "rbac_rule":[ + + ["admin" , "ft", "admin", "subjects"], + ["admin" , "ft", "admin", "objects"], + ["admin" , "ft", "admin", "actions"], + ["admin" , "ft", "admin", "subject_categories"], + ["admin" , "ft", "admin", "object_categories"], + ["admin" , "ft", "admin", "action_categories"], + ["admin" , "ft", "admin", "subject_category_scope"], + ["admin" , "ft", "admin", "object_category_scope"], + ["admin" , "ft", "admin", "action_category_scope"], + ["admin" , "ft", "admin", "sub_rules"], + ["admin" , "ft", "admin", "sub_meta_rule"], + ["admin" , "ft", "admin", "subject_assignments"], + ["admin" , "ft", "admin", "object_assignments"], + ["admin" , "ft", "admin", "action_assignments"], + ["admin" , "ft", "admin", "sub_meta_rule_relations"], + ["admin" , "ft", "admin", "aggregation_algorithms"] + + ] +} diff --git a/keystone-moon/examples/moon/policies/policy_admin/rules.json b/keystone-moon/examples/moon/policies/policy_admin/rules.json deleted file mode 100644 index 650405a9..00000000 --- a/keystone-moon/examples/moon/policies/policy_admin/rules.json +++ /dev/null @@ -1,22 +0,0 @@ -{ - "rbac_rule":[ - - ["admin" , "ft", "admin", "subjects"], - ["admin" , "ft", "admin", "objects"], - ["admin" , "ft", "admin", "actions"], - ["admin" , "ft", "admin", "subject_categories"], - ["admin" , "ft", "admin", "object_categories"], - ["admin" , "ft", "admin", "action_categories"], - ["admin" , "ft", "admin", "subject_category_scope"], - ["admin" , "ft", "admin", "object_category_scope"], - ["admin" , "ft", "admin", "action_category_scope"], - ["admin" , "ft", "admin", "sub_rules"], - ["admin" , "ft", "admin", "sub_meta_rule"], - ["admin" , "ft", "admin", "subject_assignments"], - ["admin" , "ft", "admin", "object_assignments"], - ["admin" , "ft", "admin", "action_assignments"], - ["admin" , "ft", "admin", "sub_meta_rule_relations"], - ["admin" , "ft", "admin", "aggregation_algorithms"] - - ] -} diff --git a/keystone-moon/examples/moon/policies/policy_admin/scope.json b/keystone-moon/examples/moon/policies/policy_admin/scope.json index ee6f570e..3742a5e4 100644 --- a/keystone-moon/examples/moon/policies/policy_admin/scope.json +++ b/keystone-moon/examples/moon/policies/policy_admin/scope.json @@ -1,5 +1,5 @@ { - "subject_category_scope": { + "subject_scopes": { "role": [ "admin" ], @@ -9,14 +9,14 @@ ] }, - "action_category_scope": { + "action_scopes": { "access": [ "admin", "user" ] }, - "object_category_scope": { + "object_scopes": { "id": [ "subjects", "objects", diff --git a/keystone-moon/examples/moon/policies/policy_authz/rule.json b/keystone-moon/examples/moon/policies/policy_authz/rule.json new file mode 100644 index 00000000..73e791d7 --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_authz/rule.json @@ -0,0 +1,41 @@ +{ + "mls_rule":[ + ["high", "vm_admin", "medium"], + ["high", "vm_admin", "low"], + ["medium", "vm_admin", "low"], + ["high", "vm_access", "high"], + ["high", "vm_access", "medium"], + ["high", "vm_access", "low"], + ["medium", "vm_access", "medium"], + ["medium", "vm_access", "low"], + ["low", "vm_access", "low"] + ], + "dte_rule":[ + ["ft", "read", "computing"], + ["ft", "write", "computing"], + ["ft", "read", "storage"], + ["ft", "write", "storage"], + ["xx", "read", "storage"] + ], + "rbac_rule":[ + ["dev", "xx", "read", "servers"], + ["dev", "xx", "read", "vm1"], + ["dev", "xx", "read", "vm2"], + ["dev", "xx", "read", "file1"], + ["dev", "xx", "read", "file2"], + ["dev", "xx", "write", "vm1"], + ["dev", "xx", "write", "vm2"], + ["dev", "xx", "write", "file1"], + ["dev", "xx", "write", "file2"], + ["admin", "xx", "read", "servers"], + ["admin", "ft", "read", "servers"], + ["admin", "ft", "read", "vm1"], + ["admin", "ft", "read", "vm2"], + ["admin", "ft", "read", "file1"], + ["admin", "ft", "read", "file2"], + ["admin", "ft", "write", "vm1"], + ["admin", "ft", "write", "vm2"], + ["admin", "ft", "write", "file1"], + ["admin", "ft", "write", "file2"] + ] +} diff --git a/keystone-moon/examples/moon/policies/policy_authz/rules.json b/keystone-moon/examples/moon/policies/policy_authz/rules.json deleted file mode 100644 index 73e791d7..00000000 --- a/keystone-moon/examples/moon/policies/policy_authz/rules.json +++ /dev/null @@ -1,41 +0,0 @@ -{ - "mls_rule":[ - ["high", "vm_admin", "medium"], - ["high", "vm_admin", "low"], - ["medium", "vm_admin", "low"], - ["high", "vm_access", "high"], - ["high", "vm_access", "medium"], - ["high", "vm_access", "low"], - ["medium", "vm_access", "medium"], - ["medium", "vm_access", "low"], - ["low", "vm_access", "low"] - ], - "dte_rule":[ - ["ft", "read", "computing"], - ["ft", "write", "computing"], - ["ft", "read", "storage"], - ["ft", "write", "storage"], - ["xx", "read", "storage"] - ], - "rbac_rule":[ - ["dev", "xx", "read", "servers"], - ["dev", "xx", "read", "vm1"], - ["dev", "xx", "read", "vm2"], - ["dev", "xx", "read", "file1"], - ["dev", "xx", "read", "file2"], - ["dev", "xx", "write", "vm1"], - ["dev", "xx", "write", "vm2"], - ["dev", "xx", "write", "file1"], - ["dev", "xx", "write", "file2"], - ["admin", "xx", "read", "servers"], - ["admin", "ft", "read", "servers"], - ["admin", "ft", "read", "vm1"], - ["admin", "ft", "read", "vm2"], - ["admin", "ft", "read", "file1"], - ["admin", "ft", "read", "file2"], - ["admin", "ft", "write", "vm1"], - ["admin", "ft", "write", "vm2"], - ["admin", "ft", "write", "file1"], - ["admin", "ft", "write", "file2"] - ] -} diff --git a/keystone-moon/examples/moon/policies/policy_authz/scope.json b/keystone-moon/examples/moon/policies/policy_authz/scope.json index b22ad2aa..4b69e469 100644 --- a/keystone-moon/examples/moon/policies/policy_authz/scope.json +++ b/keystone-moon/examples/moon/policies/policy_authz/scope.json @@ -1,5 +1,5 @@ { - "subject_category_scope": { + "subject_scopes": { "role": [ "admin", "dev" @@ -15,7 +15,7 @@ ] }, - "action_category_scope": { + "action_scopes": { "resource_action": [ "vm_admin", "vm_access", @@ -28,7 +28,7 @@ ] }, - "object_category_scope": { + "object_scopes": { "object_security_level": [ "high", "medium", diff --git a/keystone-moon/keystone/contrib/moon/backends/sql.py b/keystone-moon/keystone/contrib/moon/backends/sql.py index 35884a93..39b52ce6 100644 --- a/keystone-moon/keystone/contrib/moon/backends/sql.py +++ b/keystone-moon/keystone/contrib/moon/backends/sql.py @@ -310,7 +310,7 @@ __all_objects__ = ( class IntraExtensionConnector(IntraExtensionDriver): - def get_intra_extension_list(self): + def get_intra_extension_dict(self): with sql.transaction() as session: query = session.query(IntraExtension.id) intraextensions = query.all() @@ -334,7 +334,7 @@ class IntraExtensionConnector(IntraExtensionDriver): raise exception.NotFound return ref.to_dict() - def delete_intra_extension(self, intra_extension_id): + def del_intra_extension(self, intra_extension_id): with sql.transaction() as session: ref = session.query(IntraExtension).get(intra_extension_id) # Must delete all references to that IntraExtension @@ -374,6 +374,8 @@ class IntraExtensionConnector(IntraExtensionDriver): def set_description(self, uuid, args): raise exception.NotImplemented() # pragma: no cover + # Perimeter + def get_subject_dict(self, extension_uuid): with sql.transaction() as session: query = session.query(Subject) @@ -426,7 +428,7 @@ class IntraExtensionConnector(IntraExtensionDriver): setattr(ref, attr, getattr(new_ref, attr)) return ref.to_dict() - def remove_subject(self, extension_uuid, subject_uuid): + def del_subject(self, extension_uuid, subject_uuid): with sql.transaction() as session: query = session.query(Subject) query = query.filter_by(intra_extension_uuid=extension_uuid) @@ -504,7 +506,7 @@ class IntraExtensionConnector(IntraExtensionDriver): setattr(ref, attr, getattr(new_ref, attr)) return ref.to_dict() - def remove_object(self, extension_uuid, object_uuid): + def del_object(self, extension_uuid, object_uuid): with sql.transaction() as session: query = session.query(Object) query = query.filter_by(intra_extension_uuid=extension_uuid) @@ -582,7 +584,7 @@ class IntraExtensionConnector(IntraExtensionDriver): setattr(ref, attr, getattr(new_ref, attr)) return ref.to_dict() - def remove_action(self, extension_uuid, action_uuid): + def del_action(self, extension_uuid, action_uuid): with sql.transaction() as session: query = session.query(Action) query = query.filter_by(intra_extension_uuid=extension_uuid) @@ -640,7 +642,7 @@ class IntraExtensionConnector(IntraExtensionDriver): setattr(ref, attr, getattr(new_ref, attr)) return ref.to_dict() - def add_subject_category_dict(self, extension_uuid, subject_category_uuid, subject_category_name): + def add_subject_category(self, extension_uuid, subject_category_uuid, subject_category_name): with sql.transaction() as session: query = session.query(SubjectCategory) query = query.filter_by(intra_extension_uuid=extension_uuid) @@ -662,7 +664,7 @@ class IntraExtensionConnector(IntraExtensionDriver): setattr(ref, attr, getattr(new_ref, attr)) return ref.to_dict() - def remove_subject_category(self, extension_uuid, subject_category_uuid): + def del_subject_category(self, extension_uuid, subject_category_uuid): with sql.transaction() as session: query = session.query(SubjectCategory) query = query.filter_by(intra_extension_uuid=extension_uuid) @@ -721,7 +723,7 @@ class IntraExtensionConnector(IntraExtensionDriver): setattr(ref, attr, getattr(new_ref, attr)) return ref.to_dict() - def add_object_category_dict(self, extension_uuid, object_category_uuid, object_category_name): + def add_object_category(self, extension_uuid, object_category_uuid, object_category_name): with sql.transaction() as session: query = session.query(ObjectCategory) query = query.filter_by(intra_extension_uuid=extension_uuid) @@ -743,7 +745,7 @@ class IntraExtensionConnector(IntraExtensionDriver): setattr(ref, attr, getattr(new_ref, attr)) return ref.to_dict() - def remove_object_category(self, extension_uuid, object_category_uuid): + def del_object_category(self, extension_uuid, object_category_uuid): with sql.transaction() as session: query = session.query(ObjectCategory) query = query.filter_by(intra_extension_uuid=extension_uuid) @@ -802,7 +804,7 @@ class IntraExtensionConnector(IntraExtensionDriver): setattr(ref, attr, getattr(new_ref, attr)) return ref.to_dict() - def add_action_category_dict(self, extension_uuid, action_category_uuid, action_category_name): + def add_action_category(self, extension_uuid, action_category_uuid, action_category_name): with sql.transaction() as session: query = session.query(ActionCategory) query = query.filter_by(intra_extension_uuid=extension_uuid) @@ -824,7 +826,7 @@ class IntraExtensionConnector(IntraExtensionDriver): setattr(ref, attr, getattr(new_ref, attr)) return ref.to_dict() - def remove_action_category(self, extension_uuid, action_category_uuid): + def del_action_category(self, extension_uuid, action_category_uuid): with sql.transaction() as session: query = session.query(ActionCategory) query = query.filter_by(intra_extension_uuid=extension_uuid) @@ -865,7 +867,7 @@ class IntraExtensionConnector(IntraExtensionDriver): raise SubjectScopeUnknown() return result - def set_subject_category_scope_dict(self, extension_uuid, subject_category, scope): + def set_subject_scope_dict(self, extension_uuid, subject_category, scope): with sql.transaction() as session: query = session.query(SubjectCategoryScope) query = query.filter_by(intra_extension_uuid=extension_uuid) @@ -887,7 +889,7 @@ class IntraExtensionConnector(IntraExtensionDriver): session.add(new_ref) return new_ref.to_dict() - def add_subject_category_scope_dict(self, extension_uuid, subject_category, scope_uuid, scope_name): + def add_subject_scope(self, extension_uuid, subject_category, scope_uuid, scope_name): with sql.transaction() as session: query = session.query(SubjectCategoryScope) query = query.filter_by(intra_extension_uuid=extension_uuid) @@ -899,9 +901,9 @@ class IntraExtensionConnector(IntraExtensionDriver): if subject_category not in scope.keys(): scope[subject_category] = dict() scope[subject_category][scope_uuid] = scope_name - return self.set_subject_category_scope_dict(extension_uuid, subject_category, scope[subject_category]) + return self.set_subject_scope_dict(extension_uuid, subject_category, scope[subject_category]) - def remove_subject_category_scope_dict(self, extension_uuid, subject_category, scope_uuid): + def del_subject_scope(self, extension_uuid, subject_category, scope_uuid): with sql.transaction() as session: query = session.query(SubjectCategoryScope) query = query.filter_by(intra_extension_uuid=extension_uuid) @@ -930,7 +932,7 @@ class IntraExtensionConnector(IntraExtensionDriver): # Getter and Setter for object_category_scope - def get_object_category_scope_dict(self, extension_uuid, object_category): + def get_object_scope_dict(self, extension_uuid, object_category): with sql.transaction() as session: query = session.query(ObjectCategoryScope) query = query.filter_by(intra_extension_uuid=extension_uuid) @@ -942,7 +944,7 @@ class IntraExtensionConnector(IntraExtensionDriver): raise ObjectScopeUnknown() return result - def set_object_category_scope_dict(self, extension_uuid, object_category, scope): + def set_object_scope_dict(self, extension_uuid, object_category, scope): with sql.transaction() as session: query = session.query(ObjectCategoryScope) query = query.filter_by(intra_extension_uuid=extension_uuid) @@ -964,7 +966,7 @@ class IntraExtensionConnector(IntraExtensionDriver): session.add(new_ref) return new_ref.to_dict() - def add_object_category_scope_dict(self, extension_uuid, object_category, scope_uuid, scope_name): + def add_object_scope(self, extension_uuid, object_category, scope_uuid, scope_name): with sql.transaction() as session: query = session.query(ObjectCategoryScope) query = query.filter_by(intra_extension_uuid=extension_uuid) @@ -976,9 +978,9 @@ class IntraExtensionConnector(IntraExtensionDriver): if object_category not in scope: scope[object_category] = dict() scope[object_category][scope_uuid] = scope_name - return self.set_object_category_scope_dict(extension_uuid, object_category, scope[object_category]) + return self.set_object_scope_dict(extension_uuid, object_category, scope[object_category]) - def remove_object_category_scope_dict(self, extension_uuid, object_category, scope_uuid): + def del_object_scope(self, extension_uuid, object_category, scope_uuid): with sql.transaction() as session: query = session.query(ObjectCategoryScope) query = query.filter_by(intra_extension_uuid=extension_uuid) @@ -1007,7 +1009,7 @@ class IntraExtensionConnector(IntraExtensionDriver): # Getter and Setter for action_category_scope - def get_action_category_scope_dict(self, extension_uuid, action_category): + def get_action_scope_dict(self, extension_uuid, action_category): with sql.transaction() as session: query = session.query(ActionCategoryScope) query = query.filter_by(intra_extension_uuid=extension_uuid) @@ -1019,7 +1021,7 @@ class IntraExtensionConnector(IntraExtensionDriver): raise ActionScopeUnknown() return result - def set_action_category_scope_dict(self, extension_uuid, action_category, scope): + def set_action_scope_dict(self, extension_uuid, action_category, scope): with sql.transaction() as session: query = session.query(ActionCategoryScope) query = query.filter_by(intra_extension_uuid=extension_uuid) @@ -1041,7 +1043,7 @@ class IntraExtensionConnector(IntraExtensionDriver): session.add(new_ref) return new_ref.to_dict() - def add_action_category_scope_dict(self, extension_uuid, action_category, scope_uuid, scope_name): + def add_action_scope(self, extension_uuid, action_category, scope_uuid, scope_name): with sql.transaction() as session: query = session.query(ActionCategoryScope) query = query.filter_by(intra_extension_uuid=extension_uuid) @@ -1053,9 +1055,9 @@ class IntraExtensionConnector(IntraExtensionDriver): if action_category not in scope: scope[action_category] = dict() scope[action_category][scope_uuid] = scope_name - return self.set_action_category_scope_dict(extension_uuid, action_category, scope[action_category]) + return self.set_action_scope_dict(extension_uuid, action_category, scope[action_category]) - def remove_action_category_scope_dict(self, extension_uuid, action_category, scope_uuid): + def del_action_scope(self, extension_uuid, action_category, scope_uuid): with sql.transaction() as session: query = session.query(ActionCategoryScope) query = query.filter_by(intra_extension_uuid=extension_uuid) @@ -1084,7 +1086,7 @@ class IntraExtensionConnector(IntraExtensionDriver): # Getter and Setter for subject_category_assignment - def get_subject_category_assignment_dict(self, extension_uuid, subject_uuid): + def get_subject_assignment_dict(self, extension_uuid, subject_uuid): """ From a subject_uuid, return a dictionary of (category: scope for that subject) :param extension_uuid: intra extension UUID @@ -1107,7 +1109,7 @@ class IntraExtensionConnector(IntraExtensionDriver): _ref["subject_category_assignments"][subject_uuid] = dict() return _ref - def set_subject_category_assignment_dict(self, extension_uuid, subject_uuid=None, assignment_dict={}): + def set_subject_assignment_dict(self, extension_uuid, subject_uuid=None, assignment_dict={}): with sql.transaction() as session: query = session.query(SubjectCategoryAssignment) query = query.filter_by(intra_extension_uuid=extension_uuid) @@ -1138,7 +1140,7 @@ class IntraExtensionConnector(IntraExtensionDriver): setattr(ref, attr, getattr(new_ref, attr)) return ref.to_dict() - def add_subject_category_assignment_dict(self, extension_uuid, subject_uuid, category_uuid, scope_uuid): + def add_subject_assignment(self, extension_uuid, subject_uuid, category_uuid, scope_uuid): with sql.transaction() as session: query = session.query(SubjectCategoryAssignment) query = query.filter_by(intra_extension_uuid=extension_uuid) @@ -1152,12 +1154,12 @@ class IntraExtensionConnector(IntraExtensionDriver): assignments[subject_uuid][category_uuid] = list() if scope_uuid not in assignments[subject_uuid][category_uuid]: assignments[subject_uuid][category_uuid].append(scope_uuid) - return self.set_subject_category_assignment_dict( + return self.set_subject_assignment_dict( extension_uuid, subject_uuid, assignments[subject_uuid]) - def remove_subject_category_assignment(self, extension_uuid, subject_uuid, category_uuid, scope_uuid): + def del_subject_assignment(self, extension_uuid, subject_uuid, category_uuid, scope_uuid): with sql.transaction() as session: query = session.query(SubjectCategoryAssignment) query = query.filter_by(intra_extension_uuid=extension_uuid) @@ -1173,19 +1175,19 @@ class IntraExtensionConnector(IntraExtensionDriver): if not old_ref["subject_category_assignments"][subject_uuid]: old_ref["subject_category_assignments"].pop(subject_uuid) try: - self.set_subject_category_assignment_dict( + self.set_subject_assignment_dict( extension_uuid, subject_uuid, old_ref["subject_category_assignments"][subject_uuid]) except KeyError: - self.set_subject_category_assignment_dict( + self.set_subject_assignment_dict( extension_uuid, subject_uuid, {}) # Getter and Setter for object_category_assignment - def get_object_category_assignment_dict(self, extension_uuid, object_uuid): + def get_object_assignment_dict(self, extension_uuid, object_uuid): """ From a object_uuid, return a dictionary of (category: scope for that object) :param extension_uuid: intra extension UUID @@ -1208,7 +1210,7 @@ class IntraExtensionConnector(IntraExtensionDriver): _ref["object_category_assignments"][object_uuid] = dict() return _ref - def set_object_category_assignment_dict(self, extension_uuid, object_uuid=None, assignment_dict={}): + def set_object_assignment_dict(self, extension_uuid, object_uuid=None, assignment_dict={}): with sql.transaction() as session: query = session.query(ObjectCategoryAssignment) query = query.filter_by(intra_extension_uuid=extension_uuid) @@ -1235,7 +1237,7 @@ class IntraExtensionConnector(IntraExtensionDriver): setattr(ref, attr, getattr(new_ref, attr)) return ref.to_dict() - def add_object_category_assignment_dict(self, extension_uuid, object_uuid, category_uuid, scope_uuid): + def add_object_assignment(self, extension_uuid, object_uuid, category_uuid, scope_uuid): with sql.transaction() as session: query = session.query(ObjectCategoryAssignment) query = query.filter_by(intra_extension_uuid=extension_uuid) @@ -1249,12 +1251,12 @@ class IntraExtensionConnector(IntraExtensionDriver): assignments[object_uuid][category_uuid] = list() if scope_uuid not in assignments[object_uuid][category_uuid]: assignments[object_uuid][category_uuid].append(scope_uuid) - return self.set_object_category_assignment_dict( + return self.set_object_assignment_dict( extension_uuid, object_uuid, assignments[object_uuid]) - def remove_object_category_assignment(self, extension_uuid, object_uuid, category_uuid, scope_uuid): + def del_object_assignment(self, extension_uuid, object_uuid, category_uuid, scope_uuid): with sql.transaction() as session: query = session.query(ObjectCategoryAssignment) query = query.filter_by(intra_extension_uuid=extension_uuid) @@ -1269,14 +1271,14 @@ class IntraExtensionConnector(IntraExtensionDriver): old_ref["object_category_assignments"][object_uuid].pop(category_uuid) if not old_ref["object_category_assignments"][object_uuid]: old_ref["object_category_assignments"].pop(object_uuid) - self.set_object_category_assignment_dict( + self.set_object_assignment_dict( extension_uuid, object_uuid, old_ref["object_category_assignments"][object_uuid]) # Getter and Setter for action_category_assignment - def get_action_category_assignment_dict(self, extension_uuid, action_uuid): + def get_action_assignment_dict(self, extension_uuid, action_uuid): """ From a action_uuid, return a dictionary of (category: scope for that action) :param extension_uuid: intra extension UUID @@ -1299,7 +1301,7 @@ class IntraExtensionConnector(IntraExtensionDriver): _ref["action_category_assignments"][action_uuid] = dict() return _ref - def set_action_category_assignment_dict(self, extension_uuid, action_uuid=None, assignment_dict={}): + def set_action_assignment_dict(self, extension_uuid, action_uuid=None, assignment_dict={}): with sql.transaction() as session: query = session.query(ActionCategoryAssignment) query = query.filter_by(intra_extension_uuid=extension_uuid) @@ -1326,7 +1328,7 @@ class IntraExtensionConnector(IntraExtensionDriver): setattr(ref, attr, getattr(new_ref, attr)) return ref.to_dict() - def add_action_category_assignment_dict(self, extension_uuid, action_uuid, category_uuid, scope_uuid): + def add_action_assignment(self, extension_uuid, action_uuid, category_uuid, scope_uuid): with sql.transaction() as session: query = session.query(ActionCategoryAssignment) query = query.filter_by(intra_extension_uuid=extension_uuid) @@ -1340,12 +1342,12 @@ class IntraExtensionConnector(IntraExtensionDriver): assignments[action_uuid][category_uuid] = list() if scope_uuid not in assignments[action_uuid][category_uuid]: assignments[action_uuid][category_uuid].append(scope_uuid) - return self.set_action_category_assignment_dict( + return self.set_action_assignment_dict( extension_uuid, action_uuid, assignments[action_uuid]) - def remove_action_category_assignment(self, extension_uuid, action_uuid, category_uuid, scope_uuid): + def del_action_assignment(self, extension_uuid, action_uuid, category_uuid, scope_uuid): with sql.transaction() as session: query = session.query(ActionCategoryAssignment) query = query.filter_by(intra_extension_uuid=extension_uuid) @@ -1360,7 +1362,7 @@ class IntraExtensionConnector(IntraExtensionDriver): old_ref["action_category_assignments"][action_uuid].pop(category_uuid) if not old_ref["action_category_assignments"][action_uuid]: old_ref["action_category_assignments"].pop(action_uuid) - self.set_action_category_assignment_dict( + self.set_action_assignment_dict( extension_uuid, action_uuid, old_ref["action_category_assignments"][action_uuid]) diff --git a/keystone-moon/keystone/contrib/moon/controllers.py b/keystone-moon/keystone/contrib/moon/controllers.py index a514fcd4..592aa699 100644 --- a/keystone-moon/keystone/contrib/moon/controllers.py +++ b/keystone-moon/keystone/contrib/moon/controllers.py @@ -246,7 +246,7 @@ class IntraExtensions(controller.V3Controller): user_id = self._get_user_id_from_token(context["token_id"]) ie_id = kw.get('intra_extension_id', None) action_category_name = kw["action_category_name"] - return self.admin_api.add_action_category_dict(user_id, ie_id, action_category_name) + return self.admin_api.add_action_category(user_id, ie_id, action_category_name) @controller.protected() def get_action_category(self, context, **kw): @@ -274,7 +274,7 @@ class IntraExtensions(controller.V3Controller): user_id = self._get_user_id_from_token(context["token_id"]) ie_id = kw.get('intra_extension_id', None) subject_name = kw["subject_name"] - return self.admin_api.add_subject_dict(user_id, ie_id, subject_name) + return self.admin_api.add_subject(user_id, ie_id, subject_name) @controller.protected() def get_subject(self, context, **kw): @@ -301,7 +301,7 @@ class IntraExtensions(controller.V3Controller): user_id = self._get_user_id_from_token(context["token_id"]) ie_id = kw.get("intra_extension_id", None) object_name = kw["object_name"] - return self.admin_api.add_object_dict(user_id, ie_id, object_name) + return self.admin_api.add_object(user_id, ie_id, object_name) @controller.protected() def get_object(self, context, **kw): @@ -328,7 +328,7 @@ class IntraExtensions(controller.V3Controller): user_id = self._get_user_id_from_token(context["token_id"]) ie_id = kw.get("intra_extension_id", None) action_name = kw["action_name"] - return self.admin_api.add_action_dict(user_id, ie_id, action_name) + return self.admin_api.add_action(user_id, ie_id, action_name) @controller.protected() def get_action(self, context, **kw): @@ -346,121 +346,121 @@ class IntraExtensions(controller.V3Controller): # Scope functions @controller.protected() - def get_subject_category_scopes(self, context, **kw): + def get_subject_scopes(self, context, **kw): user_id = self._get_user_id_from_token(context["token_id"]) ie_id = kw.get("intra_extension_id", None) subject_category_id = kw["subject_category_id"] - return self.admin_api.get_subject_category_scope_dict(user_id, ie_id, subject_category_id) + return self.admin_api.get_subject_scope_dict(user_id, ie_id, subject_category_id) @controller.protected() - def add_subject_category_scope(self, context, **kw): + def add_subject_scope(self, context, **kw): user_id = self._get_user_id_from_token(context["token_id"]) ie_id = kw.get("intra_extension_id", None) subject_category_id = kw["subject_category_id"] - subject_category_scope_name = kw["subject_category_scope_name"] - return self.admin_api.add_subject_category_scope_dict( + subject_scope_name = kw["subject_scope_name"] + return self.admin_api.add_subject_scope( user_id, ie_id, subject_category_id, - subject_category_scope_name) + subject_scope_name) @controller.protected() - def get_subject_category_scope(self, context, **kw): + def get_subject_scope(self, context, **kw): user_id = self._get_user_id_from_token(context["token_id"]) ie_id = kw.get("intra_extension_id", None) subject_category_id = kw["subject_category_id"] - subject_category_scope_id = kw["subject_category_scope_id"] - return self.admin_api.get_subject_category_scope_dict(user_id, ie_id, subject_category_id)[subject_category_scope_id] + subject_scope_id = kw["subject_scope_id"] + return self.admin_api.get_subject_scope(user_id, ie_id, subject_category_id, subject_scope_id) @controller.protected() - def del_subject_category_scope(self, context, **kw): + def del_subject_scope(self, context, **kw): user_id = self._get_user_id_from_token(context["token_id"]) ie_id = kw.get("intra_extension_id", None) subject_category_id = kw["subject_category_id"] - subject_category_scope_id = kw["subject_category_scope_id"] - return self.admin_api.del_subject_category_scope( + subject_scope_id = kw["subject_scope_id"] + return self.admin_api.del_subject_scope( user_id, ie_id, subject_category_id, - subject_category_scope_id) + subject_scope_id) @controller.protected() - def get_object_category_scopes(self, context, **kw): + def get_object_scopes(self, context, **kw): user_id = self._get_user_id_from_token(context["token_id"]) ie_id = kw.get("intra_extension_id", None) object_category_id = kw["object_category_id"] - return self.admin_api.get_object_category_scope_dict(user_id, ie_id, object_category_id) + return self.admin_api.get_object_scope_dict(user_id, ie_id, object_category_id) @controller.protected() - def add_object_category_scope(self, context, **kw): + def add_object_scope(self, context, **kw): user_id = self._get_user_id_from_token(context["token_id"]) ie_id = kw.get("intra_extension_id", None) object_category_id = kw["object_category_id"] - object_category_scope_name = kw["object_category_scope_name"] - return self.admin_api.add_object_category_scope_dict( + object_scope_name = kw["object_scope_name"] + return self.admin_api.add_object_scope( user_id, ie_id, object_category_id, - object_category_scope_name) + object_scope_name) @controller.protected() - def get_object_category_scope(self, context, **kw): + def get_object_scope(self, context, **kw): user_id = self._get_user_id_from_token(context["token_id"]) ie_id = kw.get("intra_extension_id", None) object_category_id = kw["object_category_id"] - object_category_scope_id = kw["object_category_scope_id"] - return self.admin_api.get_object_category_scope_dict(user_id, ie_id, object_category_id)[object_category_scope_id] + object_scope_id = kw["object_scope_id"] + return self.admin_api.get_object_category_scope(user_id, ie_id, object_category_id, object_scope_id) @controller.protected() - def del_object_category_scope(self, context, **kw): + def del_object_scope(self, context, **kw): user_id = self._get_user_id_from_token(context["token_id"]) ie_id = kw.get("intra_extension_id", None) object_category_id = kw["object_category_id"] - object_category_scope_id = kw["object_category_scope_id"] - return self.admin_api.del_object_category_scope( + object_scope_id = kw["object_scope_id"] + return self.admin_api.del_object_scope( user_id, ie_id, object_category_id, - object_category_scope_id) + object_scope_id) @controller.protected() - def get_action_category_scopes(self, context, **kw): + def get_action_scopes(self, context, **kw): user_id = self._get_user_id_from_token(context["token_id"]) ie_id = kw.get("intra_extension_id", None) action_category_id = kw["action_category_id"] - return self.admin_api.get_action_category_scope_dict(user_id, ie_id, action_category_id) + return self.admin_api.get_action_scope_dict(user_id, ie_id, action_category_id) @controller.protected() - def add_action_category_scope(self, context, **kw): + def add_action_scope(self, context, **kw): user_id = self._get_user_id_from_token(context["token_id"]) ie_id = kw.get("intra_extension_id", None) action_category_id = kw["action_category_id"] - action_category_scope_name = kw["action_category_scope_name"] - return self.admin_api.add_action_category_scope_dict( + action_scope_name = kw["action_scope_name"] + return self.admin_api.add_action_scope( user_id, ie_id, action_category_id, - action_category_scope_name) + action_scope_name) @controller.protected() - def get_action_category_scope(self, context, **kw): + def get_action_scope(self, context, **kw): user_id = self._get_user_id_from_token(context["token_id"]) ie_id = kw.get("intra_extension_id", None) action_category_id = kw["action_category_id"] - action_category_scope_id = kw["action_category_scope_id"] - return self.admin_api.get_action_category_scope_dict(user_id, ie_id, action_category_id)[action_category_scope_id] + action_scope_id = kw["action_scope_id"] + return self.admin_api.get_action_scope_dict(user_id, ie_id, action_category_id)[action_scope_id] @controller.protected() - def del_action_category_scope(self, context, **kw): + def del_action_scope(self, context, **kw): user_id = self._get_user_id_from_token(context["token_id"]) ie_id = kw.get("intra_extension_id", None) action_category_id = kw["action_category_id"] - action_category_scope_id = kw["action_category_scope_id"] - return self.admin_api.del_action_category_scope( + action_scope_id = kw["action_scope_id"] + return self.admin_api.del_action_scope( user_id, ie_id, action_category_id, - action_category_scope_id) + action_scope_id) # Assignment functions @controller.protected() @@ -468,7 +468,7 @@ class IntraExtensions(controller.V3Controller): user_id = self._get_user_id_from_token(context["token_id"]) ie_id = kw.get("intra_extension_id", None) subject_id = kw["subject_id"] - return self.admin_api.get_subject_category_assignment_dict(user_id, ie_id, subject_id) + return self.admin_api.get_subject_assignment_dict(user_id, ie_id, subject_id) @controller.protected() def add_subject_assignment(self, context, **kw): @@ -476,13 +476,13 @@ class IntraExtensions(controller.V3Controller): ie_id = kw.get("intra_extension_id", None) subject_id = kw["subject_id"] subject_category_id = kw["subject_category_id"] - subject_category_scope_id = kw["subject_category_scope_id"] - return self.admin_api.add_subject_category_assignment( + subject_scope_id = kw["subject_scope_id"] + return self.admin_api.add_subject_assignment( user_id, ie_id, subject_id, subject_category_id, - subject_category_scope_id) + subject_scope_id) @controller.protected() def get_subject_assignment(self, context, **kw): @@ -490,7 +490,7 @@ class IntraExtensions(controller.V3Controller): ie_id = kw.get("intra_extension_id", None) subject_id = kw["subject_id"] subject_category_id = kw["subject_category_id"] - return self.admin_api.get_subject_category_assignment_dict(user_id, ie_id, subject_id)[subject_category_id] + return self.admin_api.get_subject_assignment_dict(user_id, ie_id, subject_id)[subject_category_id] @controller.protected() def del_subject_assignment(self, context, **kw): @@ -498,20 +498,20 @@ class IntraExtensions(controller.V3Controller): ie_id = kw.get("intra_extension_id", None) subject_id = kw["subject_id"] subject_category_id = kw["subject_category_id"] - subject_category_scope_id = kw["subject_category_scope_id"] - return self.admin_api.del_subject_category_assignment( + subject_scope_id = kw["subject_scope_id"] + return self.admin_api.del_subject_assignment( user_id, ie_id, subject_id, subject_category_id, - subject_category_scope_id) + subject_scope_id) @controller.protected() def get_object_assignments(self, context, **kw): user_id = self._get_user_id_from_token(context["token_id"]) ie_id = kw.get("intra_extension_id", None) object_id = kw["object_id"] - return self.admin_api.get_object_category_assignment_dict(user_id, ie_id, object_id) + return self.admin_api.get_object_assignment_dict(user_id, ie_id, object_id) @controller.protected() def add_object_assignment(self, context, **kw): @@ -519,13 +519,13 @@ class IntraExtensions(controller.V3Controller): ie_id = kw.get("intra_extension_id", None) object_id = kw["object_id"] object_category_id = kw["object_category_id"] - object_category_scope_id = kw["object_category_scope_id"] - return self.admin_api.add_object_category_assignment( + object_scope_id = kw["object_scope_id"] + return self.admin_api.add_objecty_assignment( user_id, ie_id, object_id, object_category_id, - object_category_scope_id) + object_scope_id) @controller.protected() def get_object_assignment(self, context, **kw): @@ -533,7 +533,7 @@ class IntraExtensions(controller.V3Controller): ie_id = kw.get("intra_extension_id", None) object_id = kw["object_id"] object_category_id = kw["object_category_id"] - return self.admin_api.get_object_category_assignment_dict(user_id, ie_id, object_id)[object_category_id] + return self.admin_api.get_object_assignment_dict(user_id, ie_id, object_id, object_category_id) @controller.protected() def del_object_assignment(self, context, **kw): @@ -541,34 +541,34 @@ class IntraExtensions(controller.V3Controller): ie_id = kw.get("intra_extension_id", None) object_id = kw["object_id"] object_category_id = kw["object_category_id"] - object_category_scope_id = kw["object_category_scope_id"] - return self.admin_api.del_object_category_assignment( + object_scope_id = kw["object_scope_id"] + return self.admin_api.del_object_assignment( user_id, ie_id, object_id, object_category_id, - object_category_scope_id) + object_scope_id) @controller.protected() def get_action_assignments(self, context, **kw): user_id = self._get_user_id_from_token(context["token_id"]) ie_id = kw.get("intra_extension_id", None) action_id = kw["action_id"] - return self.admin_api.get_action_category_assignment_dict(user_id, ie_id, action_id) + return self.admin_api.get_action_assignment_dict(user_id, ie_id, action_id) @controller.protected() def add_action_assignment(self, context, **kw): user_id = self._get_user_id_from_token(context["token_id"]) ie_id = kw.get("intra_extension_id", None) action_id = kw["action_id"] - action_category_id = kw["action_category"] - action_category_scope_id = kw["action_category_scope"] - return self.admin_api.add_action_category_assignment( + action_category_id = kw["action_category_id"] + action_scope_id = kw["action_scope_id"] + return self.admin_api.add_action_assignment( user_id, ie_id, action_id, action_category_id, - action_category_scope_id) + action_scope_id) @controller.protected() def get_action_assignment(self, context, **kw): @@ -576,7 +576,7 @@ class IntraExtensions(controller.V3Controller): ie_id = kw.get("intra_extension_id", None) action_id = kw["action_id"] action_category_id = kw["action_category_id"] - return self.admin_api.del_object_category_assignment_dict(user_id, ie_id, action_id)[action_category_id] + return self.admin_api.get_action_assignment_dict(user_id, ie_id, action_id, action_category_id) @controller.protected() def del_action_assignment(self, context, **kw): @@ -584,13 +584,13 @@ class IntraExtensions(controller.V3Controller): ie_id = kw.get("intra_extension_id", None) action_id = kw["action_id"] action_category_id = kw["action_category_id"] - action_category_scope_id = kw["action_category_scope_id"] - return self.admin_api.del_object_category_assignment( + action_scope_id = kw["action_scope_id"] + return self.admin_api.del_action_assignment( user_id, ie_id, action_id, action_category_id, - action_category_scope_id) + action_scope_id) # Metarule functions @controller.protected() @@ -629,32 +629,35 @@ class IntraExtensions(controller.V3Controller): def add_sub_meta_rule(self, context, **kw): user_id = self._get_user_id_from_token(context["token_id"]) ie_id = kw.get("intra_extension_id", None) - sub_meta_rule_dict = dict() - sub_meta_rule_dict['subject_categories'] = kw["subject_categories"] - sub_meta_rule_dict['object_categories'] = kw["object_categories"] - sub_meta_rule_dict['action_categories'] = kw["action_categories"] - sub_meta_rule_dict['aggregation_algorithm_id'] = kw["aggregation_algorithm_id"] + sub_meta_rule_name = kw["sub_meta_rule_name"] + subject_category_list = kw["subject_categories"] + object_category_list = kw["object_categories"] + action_category_list = kw["action_categories"] + sub_meta_rule_algorithm = kw["sub_meta_rule_algorithm"] + return self.admin_api.add_sub_meta_rule_dict( user_id, ie_id, - sub_meta_rule_dict) + sub_meta_rule_name, + subject_category_list, + object_category_list, + action_category_list, + sub_meta_rule_algorithm + ) @controller.protected() def get_sub_meta_rule(self, context, **kw): user_id = self._get_user_id_from_token(context["token_id"]) ie_id = kw.get("intra_extension_id", None) sub_meta_rule_id = kw["sub_meta_rule_id"] - return self.admin_api.get_sub_meta_rule_dict(user_id, ie_id)[sub_meta_rule_id] + return self.admin_api.get_sub_meta_rule(user_id, ie_id, sub_meta_rule_id) @controller.protected() def del_sub_meta_rule(self, context, **kw): user_id = self._get_user_id_from_token(context["token_id"]) - ie_id = kw.pop("intra_extension_id") + ie_id = kw.get("intra_extension_id") sub_meta_rule_id = kw["sub_meta_rule_id"] - return self.admin_api.del_sub_meta_rule( - user_id, - ie_id, - sub_meta_rule_id) + return self.admin_api.del_sub_meta_rule(user_id, ie_id, sub_meta_rule_id) # Rules functions @controller.protected() @@ -668,28 +671,21 @@ class IntraExtensions(controller.V3Controller): def add_rule(self, context, **kw): user_id = self._get_user_id_from_token(context["token_id"]) ie_id = kw.get("intra_extension_id", None) - sub_meta_rule_id = kw["sub_meta_rule_id"] - + sub_meta_rule_id = kw.get("sub_meta_rule_id") rule_list = list() - subject_categories_dict = kw['subject_categories'] - for _subject_category in subject_categories_dict: - rule_list.append(subject_categories_dict[_subject_category]) - action_categories_dict = kw['action_categories'] - for _action_category in action_categories_dict: - rule_list.append(action_categories_dict[_action_category]) - object_categories_dict = kw['object_categories'] - for _object_category in object_categories_dict: - rule_list.append(object_categories_dict[_object_category]) - + subject_category_list = kw.get('subject_categories') + object_category_list = kw.get('object_categories') + action_category_list = kw.get('action_categories') + rule_list = subject_category_list + object_category_list + action_category_list return self.admin_api.add_rule_list(user_id, ie_id, sub_meta_rule_id, rule_list) @controller.protected() def get_rule(self, context, **kw): user_id = self._get_user_id_from_token(context["token_id"]) ie_id = kw.get("intra_extension_id", None) - sub_meta_rule_id = kw["sub_meta_rule_id"] - rule_id = kw["rule_id"] - return self.admin_api.get_rule_dict(user_id, ie_id, sub_meta_rule_id)[rule_id] + sub_meta_rule_id = kw.get("sub_meta_rule_id") + rule_id = kw.get("rule_id") + return self.admin_api.get_rule(user_id, ie_id, sub_meta_rule_id, rule_id) @controller.protected() def del_rule(self, context, **kw): diff --git a/keystone-moon/keystone/contrib/moon/core.py b/keystone-moon/keystone/contrib/moon/core.py index d5d2e100..205f7a7b 100644 --- a/keystone-moon/keystone/contrib/moon/core.py +++ b/keystone-moon/keystone/contrib/moon/core.py @@ -24,6 +24,8 @@ from keystone.contrib.moon.algorithms import * CONF = config.CONF LOG = log.getLogger(__name__) +DEFAULT_USER = uuid4().hex() # default user_id for internal invocation + _OPTS = [ cfg.StrOpt('configuration_driver', @@ -254,7 +256,7 @@ class TenantManager(manager.Manager): return tenant_id return None - def get_tenant_intra_extension_id(self, tenant_id, genre="authz"): + def get_tenant_intra_extension_id(self, user_id, tenant_id, genre="authz"): """ Return the UUID of the scoped extension for a particular tenant. :param tenant_id: UUID of the tenant @@ -262,6 +264,7 @@ class TenantManager(manager.Manager): :return (str): the UUID of the scoped extension """ # 1 tenant only with 1 authz extension and 1 admin extension + # TODO: check user right with user_id in SuperExtension tenant_dict = self.__get_tenant_dict() if tenant_id not in tenant_dict: raise TenantIDNotFound(_("Tenant UUID ({}) was not found.".format(tenant_id))) @@ -298,11 +301,10 @@ class TenantManager(manager.Manager): authz_extension_uuid))) -@dependency.requires('identity_api', 'tenant_api', 'authz_api', 'admin_api', 'moonlog_api') +@dependency.requires('identity_api', 'tenant_api', 'configuration_api', 'authz_api', 'admin_api', 'moonlog_api') class IntraExtensionManager(manager.Manager): __genre__ = None - __default_user = uuid4().hex() # default user_id for internal invocation def __init__(self): driver = CONF.moon.intraextension_driver @@ -329,46 +331,47 @@ class IntraExtensionManager(manager.Manager): } """ + # TODO(dthom) move exception raise to driver if not self.driver.get_intra_extension(intra_extension_id): raise IntraExtensionNotFound() - _authz_buffer = dict() - _authz_buffer['subject_id'] = subject_id - _authz_buffer['object_id'] = object_id - _authz_buffer['action_id'] = action_id + authz_buffer = dict() + authz_buffer['subject_id'] = subject_id + authz_buffer['object_id'] = object_id + authz_buffer['action_id'] = action_id - _meta_data_dict = {} - _meta_data_dict["subject_categories"] = self.driver.get_subject_category_dict(intra_extension_id)["subject_categories"] - _meta_data_dict["object_categories"] = self.driver.get_object_category_dict(intra_extension_id)["object_categories"] - _meta_data_dict["action_categories"] = self.driver.get_action_category_dict(intra_extension_id)["action_categories"] + meta_data_dict = {} + meta_data_dict["subject_categories"] = self.driver.get_subject_category_dict(intra_extension_id)["subject_categories"] + meta_data_dict["object_categories"] = self.driver.get_object_category_dict(intra_extension_id)["object_categories"] + meta_data_dict["action_categories"] = self.driver.get_action_category_dict(intra_extension_id)["action_categories"] - _subject_assignment_dict = dict() - for category in _meta_data_dict["subject_categories"]: - _subject_assignment_dict[category] = self.driver.get_subject_category_assignment_dict( + subject_assignment_dict = dict() + for category in meta_data_dict["subject_categories"]: + subject_assignment_dict[category] = self.driver.get_subject_assignment_dict( intra_extension_id, category)["subject_category_assignments"] - _object_assignment_dict = dict() - for category in _meta_data_dict["object_categories"]: - _object_assignment_dict[category] = self.driver.get_object_category_assignment_dict( + object_assignment_dict = dict() + for category in meta_data_dict["object_categories"]: + object_assignment_dict[category] = self.driver.get_object_assignment_dict( intra_extension_id, category)["object_category_assignments"] - _action_assignment_dict = dict() - for category in _meta_data_dict["action_categories"]: - _action_assignment_dict[category] = self.driver.get_action_category_assignment_dict( + action_assignment_dict = dict() + for category in meta_data_dict["action_categories"]: + action_assignment_dict[category] = self.driver.get_action_assignment_dict( intra_extension_id, category)["action_category_assignments"] - _authz_buffer['subject_attributes'] = dict() - _authz_buffer['object_attributes'] = dict() - _authz_buffer['action_attributes'] = dict() + authz_buffer['subject_attributes'] = dict() + authz_buffer['object_attributes'] = dict() + authz_buffer['action_attributes'] = dict() - for _subject_category in _meta_data_dict['subject_categories']: - _authz_buffer['subject_attributes'][_subject_category] = _subject_assignment_dict[_subject_category] - for _object_category in _meta_data_dict['object_categories']: - _authz_buffer['object_attributes'][_object_category] = _object_assignment_dict[_object_category] - for _action_category in _meta_data_dict['action_categories']: - _authz_buffer['action_attributes'][_action_category] = _action_assignment_dict[_action_category] + for _subject_category in meta_data_dict['subject_categories']: + authz_buffer['subject_attributes'][_subject_category] = subject_assignment_dict[_subject_category] + for _object_category in meta_data_dict['object_categories']: + authz_buffer['object_attributes'][_object_category] = object_assignment_dict[_object_category] + for _action_category in meta_data_dict['action_categories']: + authz_buffer['action_attributes'][_action_category] = action_assignment_dict[_action_category] - return _authz_buffer + return authz_buffer def authz(self, intra_extension_id, subject_id, object_id, action_id): """Check authorization for a particular action. @@ -388,71 +391,40 @@ class IntraExtensionManager(manager.Manager): ActionCategoryAssignmentUnknown """ - _authz_buffer = self.__get_authz_buffer(intra_extension_id, subject_id, object_id, action_id) - _decision_buffer = dict() + authz_buffer = self.__get_authz_buffer(intra_extension_id, subject_id, object_id, action_id) + decision_buffer = dict() - _meta_rule_dict = self.driver.get_meta_rule_dict(intra_extension_id) - _rule_dict = self.driver.get_rule_dict(intra_extension_id) + meta_rule_dict = self.driver.get_meta_rule_dict(intra_extension_id) + rule_dict = self.driver.get_rule_dict(intra_extension_id) - for _rule in _meta_rule_dict['sub_meta_rules']: - if _meta_rule_dict['sub_meta_rules'][_rule]['algorithm'] == 'inclusion': - _decision_buffer[_rule] = algo_inclusion( - _authz_buffer, - _meta_rule_dict['sub_meta_rules'][_rule], - _rule_dict['rules'][_rule]) - elif _meta_rule_dict['sub_meta_rules'][_rule]['algorithm'] == 'comparison': - _decision_buffer[_rule] = algo_comparison( - _authz_buffer, - _meta_rule_dict['sub_meta_rules'][_rule], - _rule_dict['rules'][_rule]) + for _rule in meta_rule_dict['sub_meta_rules']: + if meta_rule_dict['sub_meta_rules'][_rule]['algorithm'] == 'inclusion': + decision_buffer[_rule] = inclusion( + authz_buffer, + meta_rule_dict['sub_meta_rules'][_rule], + rule_dict['rules'][_rule]) + elif meta_rule_dict['sub_meta_rules'][_rule]['algorithm'] == 'comparison': + decision_buffer[_rule] = comparison( + authz_buffer, + meta_rule_dict['sub_meta_rules'][_rule], + rule_dict['rules'][_rule]) - if _meta_rule_dict['aggregation'] == 'all_true': - return aggr_all_true(_decision_buffer) + if meta_rule_dict['aggregation'] == 'all_true': + return all_true(decision_buffer) return False - def get_intra_extension_list(self): + def get_intra_extension_dict(self, user_id): # TODO: check will be done through super_extension later - return self.driver.get_intra_extension_list() - - def get_intra_extension_id_for_tenant(self, tenant_id): - for intra_extension_id in self.driver.get_intra_extension_list(): - if self.driver.get_intra_extension(intra_extension_id)["tenant"] == tenant_id: - return intra_extension_id - LOG.error("IntraExtension not found for tenant {}".format(tenant_id)) - raise exception.NotFound - - def get_intra_extension(self, uuid): - return self.driver.get_intra_extension(uuid) - - def set_perimeter_values(self, ie, policy_dir): - - perimeter_path = os.path.join(policy_dir, 'perimeter.json') - f = open(perimeter_path) - json_perimeter = json.load(f) - - subject_dict = dict() - # We suppose that all subjects can be mapped to a true user in Keystone - for _subject in json_perimeter['subjects']: - user = self.identity_api.get_user_by_name(_subject, "default") - subject_dict[user["id"]] = user - self.driver.set_subject_dict(ie["id"], subject_dict) - ie["subjects"] = subject_dict + return self.driver.get_intra_extension_dict() - # Copy all values for objects and subjects - object_dict = dict() - for _object in json_perimeter['objects']: - object_dict[uuid4().hex] = {"name": _object} - self.driver.set_object_dict(ie["id"], object_dict) - ie["objects"] = object_dict + def get_intra_extension(self, user_id, intra_extension_id): + # TODO: check will be done through super_extension later + return self.driver.get_intra_extension(intra_extension_id) - action_dict = dict() - for _action in json_perimeter['actions']: - action_dict[uuid4().hex] = {"name": _action} - self.driver.set_action_dict(ie["id"], action_dict) - ie["ations"] = action_dict + # load policy from policy directory - def set_metadata_values(self, ie, policy_dir): + def __load_metadata_file(self, intra_extension, policy_dir): metadata_path = os.path.join(policy_dir, 'metadata.json') f = open(metadata_path) @@ -461,133 +433,160 @@ class IntraExtensionManager(manager.Manager): subject_categories_dict = dict() for _cat in json_perimeter['subject_categories']: subject_categories_dict[uuid4().hex] = {"name": _cat} - self.driver.set_subject_category_dict(ie["id"], subject_categories_dict) + self.driver.set_subject_category_dict(intra_extension["id"], subject_categories_dict) # Initialize scope categories for _cat in subject_categories_dict.keys(): - self.driver.set_subject_category_scope_dict(ie["id"], _cat, {}) - ie['subject_categories'] = subject_categories_dict + self.driver.set_subject_scope_dict(intra_extension["id"], _cat, {}) + intra_extension['subject_categories'] = subject_categories_dict object_categories_dict = dict() for _cat in json_perimeter['object_categories']: object_categories_dict[uuid4().hex] = {"name": _cat} - self.driver.set_object_category_dict(ie["id"], object_categories_dict) + self.driver.set_object_category_dict(intra_extension["id"], object_categories_dict) # Initialize scope categories for _cat in object_categories_dict.keys(): - self.driver.set_object_category_scope_dict(ie["id"], _cat, {}) - ie['object_categories'] = object_categories_dict + self.driver.set_object_scope_dict(intra_extension["id"], _cat, {}) + intra_extension['object_categories'] = object_categories_dict action_categories_dict = dict() for _cat in json_perimeter['action_categories']: action_categories_dict[uuid4().hex] = {"name": _cat} - self.driver.set_action_category_dict(ie["id"], action_categories_dict) + self.driver.set_action_category_dict(intra_extension["id"], action_categories_dict) # Initialize scope categories for _cat in action_categories_dict.keys(): - self.driver.set_action_category_scope_dict(ie["id"], _cat, {}) - ie['action_categories'] = action_categories_dict + self.driver.set_action_scope_dict(intra_extension["id"], _cat, {}) + intra_extension['action_categories'] = action_categories_dict + + def __load_perimeter_file(self, intra_extension, policy_dir): - def set_scope_values(self, ie, policy_dir): + perimeter_path = os.path.join(policy_dir, 'perimeter.json') + f = open(perimeter_path) + json_perimeter = json.load(f) + + subject_dict = dict() + # We suppose that all subjects can be mapped to a true user in Keystone + for _subject in json_perimeter['subjects']: + user = self.identity_api.get_user_by_name(_subject, "default") + subject_dict[user["id"]] = user + self.driver.set_subject_dict(intra_extension["id"], subject_dict) + intra_extension["subjects"] = subject_dict + + # Copy all values for objects and subjects + object_dict = dict() + for _object in json_perimeter['objects']: + object_dict[uuid4().hex] = {"name": _object} + self.driver.set_object_dict(intra_extension["id"], object_dict) + intra_extension["objects"] = object_dict + + action_dict = dict() + for _action in json_perimeter['actions']: + action_dict[uuid4().hex] = {"name": _action} + self.driver.set_action_dict(intra_extension["id"], action_dict) + intra_extension["ations"] = action_dict + + def __load_scope_file(self, intra_extension, policy_dir): metadata_path = os.path.join(policy_dir, 'scope.json') f = open(metadata_path) json_perimeter = json.load(f) - ie['subject_category_scope'] = dict() + intra_extension['subject_category_scope'] = dict() for category, scope in json_perimeter["subject_category_scope"].iteritems(): - category = self.driver.get_uuid_from_name(ie["id"], category, self.driver.SUBJECT_CATEGORY) + category = self.driver.get_uuid_from_name(intra_extension["id"], category, self.driver.SUBJECT_CATEGORY) _scope_dict = dict() for _scope in scope: _scope_dict[uuid4().hex] = {"name": _scope} - self.driver.set_subject_category_scope_dict(ie["id"], category, _scope_dict) - ie['subject_category_scope'][category] = _scope_dict + self.driver.set_subject_scope_dict(intra_extension["id"], category, _scope_dict) + intra_extension['subject_category_scope'][category] = _scope_dict - ie['object_category_scope'] = dict() + intra_extension['object_category_scope'] = dict() for category, scope in json_perimeter["object_category_scope"].iteritems(): - category = self.driver.get_uuid_from_name(ie["id"], category, self.driver.OBJECT_CATEGORY) + category = self.driver.get_uuid_from_name(intra_extension["id"], category, self.driver.OBJECT_CATEGORY) _scope_dict = dict() for _scope in scope: _scope_dict[uuid4().hex] = {"name": _scope} - self.driver.set_object_category_scope_dict(ie["id"], category, _scope_dict) - ie['object_category_scope'][category] = _scope_dict + self.driver.set_object_scope_dict(intra_extension["id"], category, _scope_dict) + intra_extension['object_category_scope'][category] = _scope_dict - ie['action_category_scope'] = dict() + intra_extension['action_category_scope'] = dict() for category, scope in json_perimeter["action_category_scope"].iteritems(): - category = self.driver.get_uuid_from_name(ie["id"], category, self.driver.ACTION_CATEGORY) + category = self.driver.get_uuid_from_name(intra_extension["id"], category, self.driver.ACTION_CATEGORY) _scope_dict = dict() for _scope in scope: _scope_dict[uuid4().hex] = {"name": _scope} - self.driver.set_action_category_scope_dict(ie["id"], category, _scope_dict) - ie['action_category_scope'][category] = _scope_dict + self.driver.set_action_scope_dict(intra_extension["id"], category, _scope_dict) + intra_extension['action_category_scope'][category] = _scope_dict - def set_assignments_values(self, ie, policy_dir): + def __load_assignment_file(self, intra_extension, policy_dir): f = open(os.path.join(policy_dir, 'assignment.json')) json_assignments = json.load(f) subject_assignments = dict() for category_name, value in json_assignments['subject_assignments'].iteritems(): - category = self.driver.get_uuid_from_name(ie["id"], category_name, self.driver.SUBJECT_CATEGORY) + category = self.driver.get_uuid_from_name(intra_extension["id"], category_name, self.driver.SUBJECT_CATEGORY) for user_name in value: - user_id = self.driver.get_uuid_from_name(ie["id"], user_name, self.driver.SUBJECT) + user_id = self.driver.get_uuid_from_name(intra_extension["id"], user_name, self.driver.SUBJECT) if user_id not in subject_assignments: subject_assignments[user_id] = dict() if category not in subject_assignments[user_id]: subject_assignments[user_id][category] = \ - map(lambda x: self.driver.get_uuid_from_name(ie["id"], x, self.driver.SUBJECT_SCOPE, category_name), + map(lambda x: self.driver.get_uuid_from_name(intra_extension["id"], x, self.driver.SUBJECT_SCOPE, category_name), value[user_name]) else: subject_assignments[user_id][category].extend( - map(lambda x: self.driver.get_uuid_from_name(ie["id"], x, self.driver.SUBJECT_SCOPE, category_name), + map(lambda x: self.driver.get_uuid_from_name(intra_extension["id"], x, self.driver.SUBJECT_SCOPE, category_name), value[user_name]) ) # Note (dthom): subject_category_assignment must be initialized because when there is no data in json # we will not go through the for loop - self.driver.set_subject_category_assignment_dict(ie["id"]) + self.driver.set_subject_assignment_dict(intra_extension["id"]) for subject in subject_assignments: - self.driver.set_subject_category_assignment_dict(ie["id"], subject, subject_assignments[subject]) + self.driver.set_subject_assignment_dict(intra_extension["id"], subject, subject_assignments[subject]) object_assignments = dict() for category_name, value in json_assignments["object_assignments"].iteritems(): - category = self.driver.get_uuid_from_name(ie["id"], category_name, self.driver.OBJECT_CATEGORY) + category = self.driver.get_uuid_from_name(intra_extension["id"], category_name, self.driver.OBJECT_CATEGORY) for object_name in value: if object_name not in object_assignments: object_assignments[object_name] = dict() if category not in object_assignments[object_name]: object_assignments[object_name][category] = \ - map(lambda x: self.driver.get_uuid_from_name(ie["id"], x, self.driver.OBJECT_SCOPE, category_name), + map(lambda x: self.driver.get_uuid_from_name(intra_extension["id"], x, self.driver.OBJECT_SCOPE, category_name), value[object_name]) else: object_assignments[object_name][category].extend( - map(lambda x: self.driver.get_uuid_from_name(ie["id"], x, self.driver.OBJECT_SCOPE, category_name), + map(lambda x: self.driver.get_uuid_from_name(intra_extension["id"], x, self.driver.OBJECT_SCOPE, category_name), value[object_name]) ) # Note (dthom): object_category_assignment must be initialized because when there is no data in json # we will not go through the for loop - self.driver.set_object_category_assignment_dict(ie["id"]) + self.driver.set_object_assignment_dict(intra_extension["id"]) for object in object_assignments: - self.driver.set_object_category_assignment_dict(ie["id"], object, object_assignments[object]) + self.driver.set_object_assignment_dict(intra_extension["id"], object, object_assignments[object]) action_assignments = dict() for category_name, value in json_assignments["action_assignments"].iteritems(): - category = self.driver.get_uuid_from_name(ie["id"], category_name, self.driver.ACTION_CATEGORY) + category = self.driver.get_uuid_from_name(intra_extension["id"], category_name, self.driver.ACTION_CATEGORY) for action_name in value: if action_name not in action_assignments: action_assignments[action_name] = dict() if category not in action_assignments[action_name]: action_assignments[action_name][category] = \ - map(lambda x: self.driver.get_uuid_from_name(ie["id"], x, self.driver.ACTION_SCOPE, category_name), + map(lambda x: self.driver.get_uuid_from_name(intra_extension["id"], x, self.driver.ACTION_SCOPE, category_name), value[action_name]) else: action_assignments[action_name][category].extend( - map(lambda x: self.driver.get_uuid_from_name(ie["id"], x, self.driver.ACTION_SCOPE, category_name), + map(lambda x: self.driver.get_uuid_from_name(intra_extension["id"], x, self.driver.ACTION_SCOPE, category_name), value[action_name]) ) # Note (dthom): action_category_assignment must be initialized because when there is no data in json # we will not go through the for loop - self.driver.set_action_category_assignment_dict(ie["id"]) + self.driver.set_action_assignment_dict(intra_extension["id"]) for action in action_assignments: - self.driver.set_action_category_assignment_dict(ie["id"], action, action_assignments[action]) + self.driver.set_action_assignment_dict(intra_extension["id"], action, action_assignments[action]) - def set_metarule_values(self, ie, policy_dir): + def __load_metarule_file(self, intra_extension, policy_dir): metadata_path = os.path.join(policy_dir, 'metarule.json') f = open(metadata_path) @@ -605,23 +604,23 @@ class IntraExtensionManager(manager.Manager): for item in ("subject_categories", "object_categories", "action_categories"): metarule[relation][item] = list() for element in json_metarule["sub_meta_rules"][relation][item]: - metarule[relation][item].append(self.driver.get_uuid_from_name(ie["id"], element, categories[item])) + metarule[relation][item].append(self.driver.get_uuid_from_name(intra_extension["id"], element, categories[item])) metarule[relation]["algorithm"] = json_metarule["sub_meta_rules"][relation]["algorithm"] submetarules = { "aggregation": json_metarule["aggregation"], "sub_meta_rules": metarule } - self.driver.set_meta_rule_dict(ie["id"], submetarules) + self.driver.set_meta_rule_dict(intra_extension["id"], submetarules) - def set_subrules_values(self, ie, policy_dir): + def __load_rule_file(self, intra_extension, policy_dir): - metadata_path = os.path.join(policy_dir, 'rules.json') + metadata_path = os.path.join(policy_dir, 'rule.json') f = open(metadata_path) json_rules = json.load(f) - ie["sub_rules"] = {"rules": copy.deepcopy(json_rules)} + intra_extension["rule"] = {"rule": copy.deepcopy(json_rules)} # Translate value from JSON file to UUID for Database rules = dict() - sub_meta_rules = self.driver.get_meta_rule_dict(ie["id"]) + sub_meta_rules = self.driver.get_meta_rule_dict(intra_extension["id"]) for relation in json_rules: # print(relation) # print(self.get_sub_meta_rule_relations("admin", ie["id"])) @@ -631,23 +630,23 @@ class IntraExtensionManager(manager.Manager): for rule in json_rules[relation]: subrule = list() _rule = list(rule) - for category_uuid in sub_meta_rules["sub_meta_rules"][relation]["subject_categories"]: + for category_uuid in sub_meta_rules["rule"][relation]["subject_categories"]: scope_name = _rule.pop(0) - scope_uuid = self.driver.get_uuid_from_name(ie["id"], + scope_uuid = self.driver.get_uuid_from_name(intra_extension["id"], scope_name, self.driver.SUBJECT_SCOPE, category_uuid=category_uuid) subrule.append(scope_uuid) - for category_uuid in sub_meta_rules["sub_meta_rules"][relation]["action_categories"]: + for category_uuid in sub_meta_rules["rule"][relation]["action_categories"]: scope_name = _rule.pop(0) - scope_uuid = self.driver.get_uuid_from_name(ie["id"], + scope_uuid = self.driver.get_uuid_from_name(intra_extension["id"], scope_name, self.driver.ACTION_SCOPE, category_uuid=category_uuid) subrule.append(scope_uuid) - for category_uuid in sub_meta_rules["sub_meta_rules"][relation]["object_categories"]: + for category_uuid in sub_meta_rules["rule"][relation]["object_categories"]: scope_name = _rule.pop(0) - scope_uuid = self.driver.get_uuid_from_name(ie["id"], + scope_uuid = self.driver.get_uuid_from_name(intra_extension["id"], scope_name, self.driver.OBJECT_SCOPE, category_uuid=category_uuid) @@ -674,9 +673,10 @@ class IntraExtensionManager(manager.Manager): # if value doesn't exist add a default value subrule.append(True) rules[relation].append(subrule) - self.driver.set_rule_dict(ie["id"], rules) + self.driver.set_rule_dict(intra_extension["id"], rules) - def load_intra_extension(self, intra_extension): + def load_intra_extension(self, user_id, intra_extension): + # TODO: check will be done through super_extension later ie = dict() # TODO: clean some values ie['id'] = uuid4().hex @@ -687,565 +687,641 @@ class IntraExtensionManager(manager.Manager): self.moonlog_api.debug("Creation of IE: {}".format(ref)) # read the profile given by "policymodel" and populate default variables policy_dir = os.path.join(CONF.moon.policy_directory, ie["model"]) - self.set_perimeter_values(ie, policy_dir) - self.set_metadata_values(ie, policy_dir) - self.set_scope_values(ie, policy_dir) - self.set_assignments_values(ie, policy_dir) - self.set_metarule_values(ie, policy_dir) - self.set_subrules_values(ie, policy_dir) + self.__load_perimeter_file(ie, policy_dir) + self.__load_metadata_file(ie, policy_dir) + self.__load_scope_file(ie, policy_dir) + self.__load_assignment_file(ie, policy_dir) + self.__load_metarule_file(ie, policy_dir) + self.__load_rule_file(ie, policy_dir) return ref - def delete_intra_extension(self, intra_extension_id): - ref = self.driver.delete_intra_extension(intra_extension_id) + def del_intra_extension(self, user_id, intra_extension_id): + # TODO: check will be done through super_extension later + ref = self.driver.del_intra_extension(intra_extension_id) return ref - # Perimeter functions + # Metadata functions @filter_args - @enforce("read", "subjects") - def get_subject_dict(self, user_id, intra_extension_uuid): - return self.driver.get_subject_dict(intra_extension_uuid) + @enforce("read", "subject_categories") + def get_subject_category_dict(self, user_id, intra_extension_id): + return self.driver.get_subject_category_dict(intra_extension_id) @filter_args - @enforce(("read", "write"), "subjects") - def set_subject_dict(self, user_id, intra_extension_uuid, subject_list): - subject_dict = {} - for _user in subject_list: - # Next line will raise an error if user is not present in Keystone database - user = self.identity_api.get_user_by_name(_user["name"], "default") - subject_dict[user["id"]] = dict() - for key in user.keys(): - subject_dict[user["id"]][key] = user[key] - return self.driver.set_subject_dict(intra_extension_uuid, subject_dict) + @enforce("read", "subject_categories") + @enforce(("read", "write"), "subject_category_scope") + def set_subject_category_dict(self, user_id, intra_extension_id, subject_category_list): + subject_category = {uuid4().hex: item for item in subject_category_list} + subject_category_dict = self.driver.set_subject_category_dict(intra_extension_id, subject_category) + # if we add a new category, we must add it to the subject_category_scope + for _cat in subject_category.keys(): + try: + _ = self.driver.get_subject_scope_dict(intra_extension_id, _cat) + except SubjectScopeUnknown: + self.driver.set_subject_scope_dict(intra_extension_id, _cat, {}) + return subject_category_dict @filter_args - @enforce(("read", "write"), "subjects") - def add_subject_dict(self, user_id, intra_extension_uuid, subject_name): - # Next line will raise an error if user is not present in Keystone database - user = self.identity_api.get_user_by_name(subject_name, "default") - subjects = self.driver.add_subject(intra_extension_uuid, user["id"], user) - return subjects + @enforce(("read", "write"), "subject_categories") + @enforce(("read", "write"), "subject_category_scope") + def add_subject_category(self, user_id, intra_extension_id, subject_category_name): + # TODO (asteroide): we must check input here. + # TODO: add category to scope + subject_category_id = uuid4().hex + return self.driver.add_subject_category(intra_extension_id, subject_category_id, subject_category_name) @filter_args - @enforce("read", "subjects") - @enforce("write", "subjects") - def del_subject(self, user_id, intra_extension_uuid, subject_uuid): - self.driver.remove_subject(intra_extension_uuid, subject_uuid) + @enforce(("read", "write"), "subject_categories") + @enforce(("read", "write"), "subject_category_scope") + def del_subject_category(self, user_id, intra_extension_id, subject_category_id): + # TODO: del category from scope + return self.driver.del_subject_category(intra_extension_id, subject_category_id) @filter_args - @enforce("read", "objects") - def get_object_dict(self, user_id, intra_extension_uuid): - return self.driver.get_object_dict(intra_extension_uuid) + @enforce("read", "object_categories") + def get_object_category_dict(self, user_id, intra_extension_id): + return self.driver.get_object_category_dict(intra_extension_id) @filter_args - @enforce(("read", "write"), "objects") - def set_object_dict(self, user_id, intra_extension_uuid, object_list): + @enforce("read", "object_categories") + @enforce(("read", "write"), "object_category_scope") + def set_object_category_dict(self, user_id, intra_extension_id, object_category_list): # TODO (asteroide): we must check input here. - object_dict = {uuid4().hex: item for item in object_list} - return self.driver.set_object_dict(intra_extension_uuid, object_dict) + object_category = {uuid4().hex: item for item in object_category_list} + object_category_dict = self.driver.set_object_category_dict(intra_extension_id, object_category) + # if we add a new category, we must add it to the object_category_scope + for _cat in object_category.keys(): + try: + _ = self.driver.get_object_scope_dict(intra_extension_id, _cat) + except ObjectScopeUnknown: + self.driver.set_object_scope_dict(intra_extension_id, _cat, {}) + return object_category_dict @filter_args - @enforce(("read", "write"), "objects") - def add_object_dict(self, user_id, intra_extension_uuid, object_dict): + @enforce(("read", "write"), "object_categories") + @enforce(("read", "write"), "object_category_scope") + def add_object_category(self, user_id, intra_extension_id, object_category_name): # TODO (asteroide): we must check input here. - object_uuid = uuid4().hex - return self.driver.add_object(intra_extension_uuid, object_uuid, object_dict) + # TODO: add category to scope + object_category_id = uuid4().hex + return self.driver.add_object_category(intra_extension_id, object_category_id, object_category_name) @filter_args - @enforce("read", "objects") - @enforce("write", "objects") - def del_object(self, user_id, intra_extension_uuid, object_uuid): - self.driver.remove_object(intra_extension_uuid, object_uuid) + @enforce(("read", "write"), "object_categories") + @enforce(("read", "write"), "object_category_scope") + def del_object_category(self, user_id, intra_extension_id, object_id): + # TODO: add category to scope + return self.driver.del_object_category(intra_extension_id, object_id) @filter_args - @enforce("read", "actions") - def get_action_dict(self, user_id, intra_extension_uuid): - return self.driver.get_action_dict(intra_extension_uuid) + @enforce("read", "action_categories") + def get_action_category_dict(self, user_id, intra_extension_id): + return self.driver.get_action_category_dict(intra_extension_id) @filter_args - @enforce(("read", "write"), "actions") - def set_action_dict(self, user_id, intra_extension_uuid, action_list): + @enforce(("read", "write"), "action_categories") + @enforce(("read", "write"), "action_category_scope") + def set_action_category_dict(self, user_id, intra_extension_id, action_category_list): # TODO (asteroide): we must check input here. - action_dict = {uuid4().hex: item for item in action_list} - return self.driver.set_action_dict(intra_extension_uuid, action_dict) + action_category = {uuid4().hex: item for item in action_category_list} + action_category_dict = self.driver.set_action_category_dict(intra_extension_id, action_category) + # if we add a new category, we must add it to the action_category_scope + for _cat in action_category.keys(): + try: + _ = self.driver.get_action_scope_dict(intra_extension_id, _cat) + except ActionScopeUnknown: + self.driver.set_action_scope_dict(intra_extension_id, _cat, {}) + return action_category_dict @filter_args - @enforce(("read", "write"), "actions") - def add_action_dict(self, user_id, intra_extension_uuid, action_dict): + @enforce(("read", "write"), "action_categories") + @enforce(("read", "write"), "action_category_scope") + def add_action_category(self, user_id, intra_extension_id, action_category_name): # TODO (asteroide): we must check input here. - action_uuid = uuid4().hex - return self.driver.add_action(intra_extension_uuid, action_uuid, action_dict) + # TODO: add category in scope + action_category_id = uuid4().hex + return self.driver.add_action_category(intra_extension_id, action_category_id, action_category_name) @filter_args - @enforce("read", "actions") - @enforce("write", "actions") - def del_action(self, user_id, intra_extension_uuid, action_uuid): - self.driver.remove_action(intra_extension_uuid, action_uuid) + @enforce(("read", "write"), "action_categories") + @enforce(("read", "write"), "action_category_scope") + def del_action_category(self, user_id, intra_extension_id, action_id): + return self.driver.del_action_category(intra_extension_id, action_id) - # Metadata functions + # Perimeter functions @filter_args - @enforce("read", "subject_categories") - def get_subject_category_dict(self, user_id, intra_extension_uuid): - return self.driver.get_subject_category_dict(intra_extension_uuid) + @enforce("read", "subjects") + def get_subject_dict(self, user_id, intra_extension_id): + return self.driver.get_subject_dict(intra_extension_id) @filter_args - @enforce("read", "subject_categories") - @enforce("read", "subject_category_scope") - @enforce("write", "subject_category_scope") - def set_subject_category_dict(self, user_id, intra_extension_uuid, subject_category_list): - subject_category = {uuid4().hex: item for item in subject_category_list} - subject_category_dict = self.driver.set_subject_category_dict(intra_extension_uuid, subject_category) - # if we add a new category, we must add it to the subject_category_scope - for _cat in subject_category.keys(): - try: - _ = self.driver.get_subject_category_scope_dict(intra_extension_uuid, _cat) - except SubjectScopeUnknown: - self.driver.set_subject_category_scope_dict(intra_extension_uuid, _cat, {}) - return subject_category_dict + @enforce(("read", "write"), "subjects") + def set_subject_dict(self, user_id, intra_extension_id, subject_list): + # TODO: propose to remove this + subject_dict = {} + for _user in subject_list: + # Next line will raise an error if user is not present in Keystone database + user = self.identity_api.get_user_by_name(_user["name"], "default") + subject_dict[user["id"]] = dict() + for key in user.keys(): + subject_dict[user["id"]][key] = user[key] + return self.driver.set_subject_dict(intra_extension_id, subject_dict) @filter_args - @enforce("read", "subject_categories") - @enforce("write", "subject_categories") - def add_subject_category_dict(self, user_id, intra_extension_uuid, subject_category_dict): - # TODO (asteroide): we must check input here. - subject_category_uuid = uuid4().hex - subject_categories = self.driver.add_subject_category_dict( - intra_extension_uuid, subject_category_uuid, subject_category_dict) - return subject_categories + @enforce(("read", "write"), "subjects") + def add_subject(self, user_id, intra_extension_id, subject_name): + # Next line will raise an error if user is not present in Keystone database + subject_dict = self.identity_api.get_user_by_name(subject_name, "default") + subjects = self.driver.add_subject(intra_extension_id, subject_dict["id"], subject_name) + return subjects @filter_args - @enforce("write", "subject_categories") - def del_subject_category(self, user_id, intra_extension_uuid, subject_uuid): - return self.driver.remove_subject_category(intra_extension_uuid, subject_uuid) + @enforce(("read", "write"), "subjects") + def del_subject(self, user_id, intra_extension_id, subject_id): + self.driver.del_subject(intra_extension_id, subject_id) @filter_args - @enforce("read", "object_categories") - def get_object_category_dict(self, user_id, intra_extension_uuid): - return self.driver.get_object_category_dict(intra_extension_uuid) + @enforce("read", "objects") + def get_object_dict(self, user_id, intra_extension_id): + return self.driver.get_object_dict(intra_extension_id) @filter_args - @enforce("read", "object_categories") - @enforce("read", "object_category_scope") - @enforce("write", "object_category_scope") - def set_object_category_dict(self, user_id, intra_extension_uuid, object_category_list): + @enforce(("read", "write"), "objects") + def set_object_dict(self, user_id, intra_extension_id, object_list): + # TODO: propose to remove this # TODO (asteroide): we must check input here. - object_category = {uuid4().hex: item for item in object_category_list} - object_category_dict = self.driver.set_object_category_dict(intra_extension_uuid, object_category) - # if we add a new category, we must add it to the object_category_scope - for _cat in object_category.keys(): - try: - _ = self.driver.get_object_category_scope_dict(intra_extension_uuid, _cat) - except ObjectScopeUnknown: - self.driver.set_object_category_scope_dict(intra_extension_uuid, _cat, {}) - return object_category_dict + object_dict = {uuid4().hex: item for item in object_list} + return self.driver.set_object_dict(intra_extension_id, object_dict) @filter_args - @enforce("read", "object_categories") - @enforce("write", "object_categories") - def add_object_category_dict(self, user_id, intra_extension_uuid, object_category_dict): + @enforce(("read", "write"), "objects") + def add_object(self, user_id, intra_extension_id, object_name): # TODO (asteroide): we must check input here. - object_category_uuid = uuid4().hex - object_categories = self.driver.add_object_category_dict( - intra_extension_uuid, object_category_uuid, object_category_dict) - return object_categories + object_id = uuid4().hex + return self.driver.add_object(intra_extension_id, object_id, object_name) @filter_args - @enforce("write", "object_categories") - def del_object_category(self, user_id, intra_extension_uuid, object_uuid): - return self.driver.remove_object_category(intra_extension_uuid, object_uuid) + @enforce(("read", "write"), "objects") + def del_object(self, user_id, intra_extension_id, object_id): + self.driver.del_object(intra_extension_id, object_id) @filter_args - @enforce("read", "action_categories") - def get_action_category_dict(self, user_id, intra_extension_uuid): - return self.driver.get_action_category_dict(intra_extension_uuid) + @enforce("read", "actions") + def get_action_dict(self, user_id, intra_extension_id): + # TODO: check will be done through super_extension later + return self.driver.get_action_dict(intra_extension_id) @filter_args - @enforce("read", "action_categories") - @enforce("read", "action_category_scope") - @enforce("write", "action_category_scope") - def set_action_category_dict(self, user_id, intra_extension_uuid, action_category_list): + @enforce(("read", "write"), "actions") + def set_action_dict(self, user_id, intra_extension_id, action_list): + # TODO: propose to remove this # TODO (asteroide): we must check input here. - action_category = {uuid4().hex: item for item in action_category_list} - action_category_dict = self.driver.set_action_category_dict(intra_extension_uuid, action_category) - # if we add a new category, we must add it to the action_category_scope - for _cat in action_category.keys(): - try: - _ = self.driver.get_action_category_scope_dict(intra_extension_uuid, _cat) - except ActionScopeUnknown: - self.driver.set_action_category_scope_dict(intra_extension_uuid, _cat, {}) - return action_category_dict + action_dict = {uuid4().hex: item for item in action_list} + return self.driver.set_action_dict(intra_extension_id, action_dict) @filter_args - @enforce("read", "action_categories") - @enforce("write", "action_categories") - def add_action_category_dict(self, user_id, intra_extension_uuid, action_category_dict): + @enforce(("read", "write"), "actions") + def add_action(self, user_id, intra_extension_id, action_name): # TODO (asteroide): we must check input here. - action_category_uuid = uuid4().hex - action_categories = self.driver.add_action_category_dict( - intra_extension_uuid, action_category_uuid, action_category_dict) - return action_categories + action_id = uuid4().hex + return self.driver.add_action(intra_extension_id, action_id, action_name) @filter_args - @enforce("write", "action_categories") - def del_action_category(self, user_id, intra_extension_uuid, action_uuid): - return self.driver.remove_action_category(intra_extension_uuid, action_uuid) + @enforce(("read", "write"), "actions") + def del_action(self, user_id, intra_extension_id, action_id): + self.driver.del_action(intra_extension_id, action_id) # Scope functions + @filter_args - @enforce("read", "subject_category_scope") - @enforce("read", "subject_category") - def get_subject_category_scope_dict(self, user_id, intra_extension_uuid, category): - if category not in self.get_subject_category_dict(user_id, intra_extension_uuid)["subject_categories"]: + @enforce("read", "subject_scopes") + @enforce("read", "subject_categories") + def get_subject_scope_dict(self, user_id, intra_extension_id, subject_category_id): + if subject_category_id not in self.get_subject_category_dict(user_id, intra_extension_id)["subject_categories"]: raise SubjectCategoryUnknown() - return self.driver.get_subject_category_scope_dict(intra_extension_uuid, category) + return self.driver.get_subject_scope_dict(intra_extension_id, subject_category_id) @filter_args - @enforce("read", "subject_category_scope") - @enforce("read", "subject_category") - def set_subject_category_scope_dict(self, user_id, intra_extension_uuid, category_uuid, scope_list): + @enforce(("read", "write"), "subject_scopes") + @enforce("read", "subject_categorys") + def set_subject_scope_dict(self, user_id, intra_extension_id, subject_category_id, subject_scope_name_list): # TODO (asteroide): we must check input here. - scope_dict = {uuid4().hex: item for item in scope_list} - return self.driver.set_subject_category_scope_dict(intra_extension_uuid, category_uuid, scope_dict) + if subject_category_id not in self.get_subject_category_dict(user_id, intra_extension_id)["subject_categories"]: + raise SubjectCategoryUnknown() + subject_scope_dict = {uuid4().hex: item for item in subject_scope_name_list} + return self.driver.set_subject_scope_dict(intra_extension_id, subject_category_id, subject_scope_dict) @filter_args - @enforce(("read", "write"), "subject_category_scope") - @enforce("read", "subject_category") - def add_subject_category_scope_dict(self, user_id, intra_extension_uuid, category_uuid, scope_dict): + @enforce(("read", "write"), "subject_scopes") + @enforce("read", "subject_categories") + def add_subject_scope(self, user_id, intra_extension_id, subject_category_id, subject_scope_name): # TODO (asteroide): we must check input here. - scope_uuid = uuid4().hex - return self.driver.add_subject_category_scope_dict( - intra_extension_uuid, - category_uuid, - scope_uuid, - scope_dict) + if subject_category_id not in self.get_subject_category_dict(user_id, intra_extension_id)["subject_categories"]: + raise SubjectCategoryUnknown() + subject_scope_id = uuid4().hex + return self.driver.add_subject_scope( + intra_extension_id, + subject_category_id, + subject_scope_id, + subject_scope_name) @filter_args - @enforce("write", "subject_category_scope") - @enforce("read", "subject_category") - def del_subject_category_scope(self, user_id, intra_extension_uuid, category_uuid, scope_uuid): - self.driver.remove_subject_category_scope_dict( - intra_extension_uuid, - category_uuid, - scope_uuid) + @enforce(("read", "write"), "subject_scopes") + @enforce("read", "subject_categories") + def del_subject_scope(self, user_id, intra_extension_id, subject_category_id, subject_scope_id): + if subject_category_id not in self.get_subject_category_dict(user_id, intra_extension_id)["subject_categories"]: + raise SubjectCategoryUnknown() + self.driver.del_subject_scope(intra_extension_id, subject_category_id, subject_scope_id) @filter_args - @enforce("read", "object_category_scope") - @enforce("read", "object_category") - def get_object_category_scope_dict(self, user_id, intra_extension_uuid, category_uuid): - return self.driver.get_object_category_scope_dict(intra_extension_uuid, category_uuid) + @enforce("read", "object_category_scopes") + @enforce("read", "object_categorys") + def get_object_scope_dict(self, user_id, intra_extension_id, object_category_id): + return self.driver.get_object_scope_dict(intra_extension_id, object_category_id) @filter_args - @enforce("read", "object_category_scope") - @enforce("read", "object_category") - def set_object_category_scope_dict(self, user_id, intra_extension_uuid, category_uuid, scope_list): + @enforce(("read", "write"), "object_scopes") + @enforce("read", "object_categories") + def set_object_scope_dict(self, user_id, intra_extension_id, object_category_id, object_scope_name_list): # TODO (asteroide): we must check input here. - scope_dict = {uuid4().hex: item for item in scope_list} - return self.driver.set_object_category_scope_dict(intra_extension_uuid, category_uuid, scope_dict) + if object_category_id not in self.get_object_category_dict(user_id, intra_extension_id)["object_categories"]: + raise ObjectCategoryUnknown() + object_scope_dict = {uuid4().hex: item for item in object_scope_name_list} + return self.driver.set_object_scope_dict(intra_extension_id, object_category_id, object_scope_dict) @filter_args - @enforce(("read", "write"), "object_category_scope") - @enforce("read", "object_category") - def add_object_category_scope_dict(self, user_id, intra_extension_uuid, category_uuid, scope_dict): + @enforce(("read", "write"), "object_scopes") + @enforce("read", "object_categories") + def add_object_scope(self, user_id, intra_extension_id, object_category_id, object_scope_name): # TODO (asteroide): we must check input here. - scope_uuid = uuid4().hex - return self.driver.add_subject_category_scope_dict( - intra_extension_uuid, - category_uuid, - scope_uuid, - scope_dict) + if object_category_id not in self.get_object_category_dict(user_id, intra_extension_id)["object_categories"]: + raise ObjectCategoryUnknown() + object_scope_id = uuid4().hex + return self.driver.add_subject_scope( + intra_extension_id, + object_category_id, + object_scope_id, + object_scope_name) @filter_args - @enforce("write", "object_category_scope") - @enforce("read", "object_category") - def del_object_category_scope(self, user_id, intra_extension_uuid, category_uuid, scope_uuid): - self.driver.remove_object_category_scope_dict( - intra_extension_uuid, - category_uuid, - scope_uuid) + @enforce(("read", "write"), "object_scopes") + @enforce("read", "object_categories") + def del_object_scope(self, user_id, intra_extension_id, object_category_id, object_scope_id): + if object_category_id not in self.get_object_category_dict(user_id, intra_extension_id)["object_categories"]: + raise ObjectCategoryUnknown() + self.driver.del_object_scope( + intra_extension_id, + object_category_id, + object_scope_id) @filter_args - @enforce("read", "action_category_scope") - @enforce("read", "action_category") - def get_action_category_scope_dict(self, user_id, intra_extension_uuid, category_uuid): - return self.driver.get_action_category_scope_dict(intra_extension_uuid, category_uuid) + @enforce("read", "action_category_scopes") + @enforce("read", "action_categories") + def get_action_scope_dict(self, user_id, intra_extension_id, action_category_id): + if action_category_id not in self.get_action_category_dict(user_id, intra_extension_id)["action_categories"]: + raise ActionCategoryUnknown() + return self.driver.get_action_scope_dict(intra_extension_id, action_category_id) @filter_args - @enforce(("read", "write"), "action_category_scope") - @enforce("read", "action_category") - def set_action_category_scope_dict(self, user_id, intra_extension_uuid, category_uuid, scope_list): + @enforce(("read", "write"), "action_scopes") + @enforce("read", "action_categories") + def set_action_scope_dict(self, user_id, intra_extension_id, action_category_id, action_scope_name_list): # TODO (asteroide): we must check input here. - scope_dict = {uuid4().hex: item for item in scope_list} - return self.driver.set_action_category_scope_dict(intra_extension_uuid, category_uuid, scope_dict) + if action_category_id not in self.get_action_category_dict(user_id, intra_extension_id)["action_categories"]: + raise ActionCategoryUnknown() + action_scope_dict = {uuid4().hex: item for item in action_scope_name_list} + return self.driver.set_action_scope_dict(intra_extension_id, action_category_id, action_scope_dict) @filter_args - @enforce(("read", "write"), "action_category_scope") - @enforce("read", "action_category") - def add_action_category_scope_dict(self, user_id, intra_extension_uuid, category_uuid, scope_dict): + @enforce(("read", "write"), "action_scopes") + @enforce("read", "action_categories") + def add_action_scope(self, user_id, intra_extension_id, action_category_id, action_scope_name): # TODO (asteroide): we must check input here. - scope_uuid = uuid4().hex - return self.driver.add_action_category_scope_dict( - intra_extension_uuid, - category_uuid, - scope_uuid, - scope_dict) + if action_category_id not in self.get_action_category_dict(user_id, intra_extension_id)["action_categories"]: + raise ActionCategoryUnknown() + action_scope_id = uuid4().hex + return self.driver.add_action_scope( + intra_extension_id, + action_category_id, + action_scope_id, + action_scope_name) @filter_args - @enforce("write", "action_category_scope") - @enforce("read", "action_category") - def del_action_category_scope(self, user_id, intra_extension_uuid, category_uuid, scope_uuid): - self.driver.remove_action_category_scope_dict( - intra_extension_uuid, - category_uuid, - scope_uuid) + @enforce(("read", "write"), "action_scopes") + @enforce("read", "action_categories") + def del_action_scope(self, user_id, intra_extension_id, action_category_id, action_scope_id): + if action_category_id not in self.get_action_category_dict(user_id, intra_extension_id)["action_categories"]: + raise ActionCategoryUnknown() + self.driver.del_action_scope(intra_extension_id, action_category_id, action_scope_id) # Assignment functions @filter_args - @enforce("read", "subject_category_assignment") + @enforce("read", "subject_assignments") @enforce("read", "subjects") - def get_subject_category_assignment_dict(self, user_id, intra_extension_uuid, subject_uuid): - return self.driver.get_subject_category_assignment_dict(intra_extension_uuid, subject_uuid) + def get_subject_assignment_dict(self, user_id, intra_extension_id, subject_id): + if subject_id not in self.get_subject_dict(user_id, intra_extension_id): + raise SubjectUnknown() + return self.driver.get_subject_assignment_dict(intra_extension_id, subject_id) @filter_args - @enforce("read", "subject_category_assignment") - @enforce("write", "subject_category_assignment") + @enforce(("read", "write"), "subject_assignments") @enforce("read", "subjects") - def set_subject_category_assignment_dict(self, user_id, intra_extension_uuid, subject_uuid, assignment_dict): - # TODO (asteroide): we must check input here. - return self.driver.set_subject_category_assignment_dict(intra_extension_uuid, subject_uuid, assignment_dict) + def set_subject_assignment_dict(self, user_id, intra_extension_id, subject_id, subject_assignment_dict): + if subject_id not in self.get_subject_dict(user_id, intra_extension_id): + raise SubjectUnknown() + return self.driver.set_subject_assignment_dict(intra_extension_id, subject_id, subject_assignment_dict) @filter_args - @enforce("read", "subject_category_assignment") - @enforce("write", "subject_category_assignment") + @enforce(("read", "write"), "subject_assignments") @enforce("read", "subjects") - @enforce("read", "subject_category") - @enforce("read", "subject_scope") - def del_subject_category_assignment(self, user_id, intra_extension_uuid, subject_uuid, category_uuid, scope_uuid): - self.driver.remove_subject_category_assignment(intra_extension_uuid, subject_uuid, category_uuid, scope_uuid) + @enforce("read", "subject_categories") + def add_subject_assignment(self, user_id, intra_extension_id, subject_id, subject_category_id, subject_scope_id): + if subject_id not in self.get_subject_dict(user_id, intra_extension_id): + raise SubjectUnknown() + elif subject_category_id not in self.get_subject_category_dict(user_id, intra_extension_id): + raise SubjectCategoryUnknown() + elif subject_scope_id not in self.get_subject_scope_dict(user_id, intra_extension_id, subject_category_id): + raise SubjectAssignmentOutOfScope() + # TODO: raise SubjectAssignmentExisting() for the below func + return self.driver.add_subject_assignment(intra_extension_id, subject_id, subject_category_id, subject_scope_id) @filter_args - @enforce("write", "subject_category_assignment") + @enforce(("read", "write"), "subject_assignments") @enforce("read", "subjects") - @enforce("read", "subject_category") - def add_subject_category_assignment_dict(self, - user_id, - intra_extension_uuid, - subject_uuid, - category_uuid, - scope_uuid): - return self.driver.add_subject_category_assignment_dict( - intra_extension_uuid, subject_uuid, category_uuid, scope_uuid) + @enforce("read", "subject_categories") + @enforce("read", "subject_scopes") + def del_subject_assignment(self, user_id, intra_extension_id, subject_id, subject_category_id, subject_scope_id): + if subject_id not in self.get_subject_dict(user_id, intra_extension_id): + raise SubjectUnknown() + elif subject_category_id not in self.get_subject_category_dict(user_id, intra_extension_id): + raise SubjectCategoryUnknown() + elif subject_scope_id not in self.get_subject_scope_dict(user_id, intra_extension_id, subject_category_id): + raise SubjectAssignmentOutOfScope + # TODO: raise SubjectAssignmentUnknown() for the below func + return self.driver.del_subject_category_assignment(intra_extension_id, subject_id, subject_category_id, subject_scope_id) @filter_args - @enforce("read", "object_category_assignment") + @enforce("read", "object_assignments") @enforce("read", "objects") - def get_object_category_assignment_dict(self, user_id, intra_extension_uuid, object_uuid): - return self.driver.get_object_category_assignment_dict(intra_extension_uuid, object_uuid) + def get_object_assignment_dict(self, user_id, intra_extension_id, object_id): + if object_id not in self.get_object_dict(user_id, intra_extension_id): + raise ObjectUnknown() + return self.driver.get_object_assignment_dict(intra_extension_id, object_id) @filter_args - @enforce("read", "object_category_assignment") - @enforce("write", "object_category_assignment") + @enforce(("read", "write"), "object_assignments") @enforce("read", "objects") - def set_object_category_assignment_dict(self, user_id, intra_extension_uuid, object_uuid, assignment_dict): - # TODO (asteroide): we must check input here. - return self.driver.set_object_category_assignment_dict(intra_extension_uuid, object_uuid, assignment_dict) + def set_object_category_assignment_dict(self, user_id, intra_extension_id, object_id, object_assignment_dict): + if object_id not in self.get_object_dict(user_id, intra_extension_id): + raise ObjectUnknown() + return self.driver.set_object_assignment_dict(intra_extension_id, object_id, object_assignment_dict) @filter_args - @enforce("read", "object_category_assignment") - @enforce("write", "object_category_assignment") + @enforce(("read", "write"), "object_assignments") @enforce("read", "objects") @enforce("read", "object_category") - def del_object_category_assignment(self, user_id, intra_extension_uuid, object_uuid, category_uuid, scope_uuid): - self.driver.remove_object_category_assignment(intra_extension_uuid, object_uuid, category_uuid, scope_uuid) + def add_object_assignment(self, user_id, intra_extension_id, object_id, object_category_id, object_scope_id): + if object_id not in self.get_object_dict(user_id, intra_extension_id): + raise ObjectUnknown() + elif object_category_id not in self.get_object_category_dict(user_id, intra_extension_id): + raise ObjectCategoryUnknown() + elif object_scope_id not in self.get_object_scope_dict(user_id, intra_extension_id, object_category_id): + raise ObjectAssignmentOutOfScope() + # TODO: raise ObjectAssignmentExisting() for the below func + return self.driver.add_object_assignment(intra_extension_id, object_id, object_category_id, object_scope_id) @filter_args - @enforce("write", "object_category_assignment") + @enforce(("read", "write"), "object_assignments") @enforce("read", "objects") - @enforce("read", "object_category") - def add_object_category_assignment_dict(self, - user_id, - intra_extension_uuid, - object_uuid, - category_uuid, - scope_uuid): - return self.driver.add_object_category_assignment_dict( - intra_extension_uuid, object_uuid, category_uuid, scope_uuid) + @enforce("read", "object_categories") + def del_object_assignment(self, user_id, intra_extension_id, object_id, object_category_id, object_scope_id): + if object_id not in self.get_object_dict(user_id, intra_extension_id): + raise ObjectUnknown() + elif object_category_id not in self.get_object_category_dict(user_id, intra_extension_id): + raise ObjectCategoryUnknown() + elif object_scope_id not in self.get_object_scope_dict(user_id, intra_extension_id, object_category_id): + raise ObjectAssignmentOutOfScope() + # TODO: raise SubjectAssignmentUnknown() for the below func + return self.driver.del_object_assignment(intra_extension_id, object_id, object_category_id, object_scope_id) @filter_args - @enforce("read", "action_category_assignment") + @enforce("read", "action_assignments") @enforce("read", "actions") - def get_action_category_assignment_dict(self, user_id, intra_extension_uuid, action_uuid): - return self.driver.get_action_category_assignment_dict(intra_extension_uuid, action_uuid) + def get_action_assignment_dict(self, user_id, intra_extension_id, action_id): + if action_id not in self.get_action_dict(user_id, intra_extension_id): + raise ActionUnknown() + return self.driver.get_action_assignment_dict(intra_extension_id, action_id) @filter_args - @enforce("read", "action_category_assignment") - @enforce("write", "action_category_assignment") + @enforce(("read", "write"), "action_assignments") @enforce("read", "actions") - def set_action_category_assignment_dict(self, user_id, intra_extension_uuid, action_uuid, assignment_dict): - # TODO (asteroide): we must check input here. - return self.driver.set_action_category_assignment_dict(intra_extension_uuid, action_uuid, assignment_dict) + def set_action_assignment_dict(self, user_id, intra_extension_id, action_id, action_assignment_dict): + if action_id not in self.get_action_dict(user_id, intra_extension_id): + raise ActionUnknown() + return self.driver.set_action_assignment_dict(intra_extension_id, action_id, action_assignment_dict) @filter_args - @enforce("read", "action_category_assignment") - @enforce("write", "action_category_assignment") + @enforce(("read", "write"), "action_assignments") @enforce("read", "actions") - @enforce("read", "action_category") - def del_action_category_assignment(self, user_id, intra_extension_uuid, action_uuid, category_uuid, scope_uuid): - self.driver.remove_action_category_assignment(intra_extension_uuid, action_uuid, category_uuid, scope_uuid) + @enforce("read", "action_categories") + def add_action_assignment(self, user_id, intra_extension_id, action_id, action_category_id, action_scope_id): + if action_id not in self.get_action_dict(user_id, intra_extension_id): + raise ActionUnknown() + elif action_category_id not in self.get_action_category_dict(user_id, intra_extension_id): + raise ActionCategoryUnknown() + elif action_scope_id not in self.get_action_scope_dict(user_id, intra_extension_id, action_category_id): + raise ActionAssignmentOutOfScope() + # TODO: raise ActionAssignmentExisting() for the below func + return self.driver.add_action_assignment(intra_extension_id, action_id, action_category_id, action_scope_id) @filter_args - @enforce("write", "action_category_assignment") + @enforce(("read", "write"), "action_assignments") @enforce("read", "actions") - @enforce("read", "action_category") - def add_action_category_assignment_dict(self, - user_id, - intra_extension_uuid, - action_uuid, - category_uuid, - scope_uuid): - return self.driver.add_action_category_assignment_dict( - intra_extension_uuid, - action_uuid, - category_uuid, - scope_uuid - ) + @enforce("read", "action_categories") + def del_action_assignment(self, user_id, intra_extension_id, action_id, action_category_id, action_scope_id): + if action_id not in self.get_action_dict(user_id, intra_extension_id): + raise ActionUnknown() + elif action_category_id not in self.get_action_category_dict(user_id, intra_extension_id): + raise ActionCategoryUnknown() + elif action_scope_id not in self.get_action_scope_dict(user_id, intra_extension_id, action_category_id): + raise ActionAssignmentUnknown() + # TODO: raise ActionAssignmentUnknown() for the below func + return self.driver.del_action_assignment(intra_extension_id, action_id, action_category_id, action_scope_id) # Metarule functions + @filter_args - @enforce("read", "aggregation_algorithms") - def get_aggregation_algorithm(self, user_id, intra_extension_uuid): - return self.driver.get_meta_rule_dict(intra_extension_uuid) + @enforce("write", "aggregation_algorithm") + def add_aggregation_algorithm(self, user_id, intra_extension_id, aggregation_algorithm_id): + if aggregation_algorithm_id is not self.dirver.get_aggregation_algorithm(intra_extension_id): + raise AggregationAlgorithmNotExisting() + elif aggregation_algorithm_id not in self.configuration_api.get_aggregation_algorithms: + raise AggregationAlgorithmOutOfScope() + return self.driver.add_aggregation_algorithm(intra_extension_id, aggregation_algorithm_id) @filter_args - @enforce("read", "aggregation_algorithms") - @enforce("write", "aggregation_algorithms") - def set_aggregation_algorithm(self, user_id, intra_extension_uuid, aggregation_algorithm): - if aggregation_algorithm not in self.get_aggregation_algorithms( - user_id, intra_extension_uuid)["aggregation_algorithms"]: - raise IntraExtensionError("Unknown aggregation_algorithm: {}".format(aggregation_algorithm)) - meta_rule = self.driver.get_meta_rule_dict(intra_extension_uuid) - meta_rule["aggregation"] = aggregation_algorithm - return self.driver.set_meta_rule_dict(intra_extension_uuid, meta_rule) + @enforce("read", "aggregation_algorithm") + def get_aggregation_algorithm(self, user_id, intra_extension_id): + return self.driver.get_aggregation_algorithm(intra_extension_id) + + @filter_args + @enforce("write", "aggregation_algorithm") + def del_aggregation_algorithm(self, user_id, intra_extension_id, aggregation_algorithm_id): + if aggregation_algorithm_id is not self.dirver.get_aggregation_algorithm(intra_extension_id): + raise AggregationAlgorithmNotExisting() + return self.driver.del_aggregation_algorithm(intra_extension_id, aggregation_algorithm_id) @filter_args - @enforce("read", "sub_meta_rule") - def get_sub_meta_rule(self, user_id, intra_extension_uuid): - return self.driver.get_meta_rule_dict(intra_extension_uuid) + @enforce("read", "sub_meta_rules") + def get_sub_meta_rule_dict(self, user_id, intra_extension_id): + return self.driver.get_meta_rule_dict(intra_extension_id) @filter_args - @enforce("read", "sub_meta_rule") - @enforce("write", "sub_meta_rule") - def set_sub_meta_rule(self, user_id, intra_extension_uuid, sub_meta_rules): - # TODO: check which algorithms are really usable + @enforce(("read", "write"), "sub_meta_rules") + def add_sub_meta_rule_dict(self, user_id, + intra_extension_id, + sub_meta_rule_name, + subject_category_list, + object_category_list, + action_category_list, + sub_meta_rule_algorithm): + for sub_meta_rule_id in sub_meta_rule_dict: + if sub_meta_rule_id not in self.get_sub_meta_rule_dict(user_id, intra_extension_id): + raise SubMetaRuleOutOfScope() + # for cat in ("subject_categories", "object_categories", "action_categories"): + # if cat not in sub_meta_rule_dict[sub_meta_rule_id]: + # raise IntraExtensionError("set_sub_meta_rule category {} missed".format(cat)) + # if type(sub_meta_rule_dict[sub_meta_rule_id][cat]) is not list: + # raise IntraExtensionError("set_sub_meta_rule category {} is not a list".format(cat)) + # subject_categories = self.get_subject_category_dict(user_id, intra_extension_id)["subject_categories"] + # for data in list(sub_meta_rule_dict[sub_meta_rule_id]["subject_categories"]): + # if data not in subject_categories: + # raise IntraExtensionError("set_sub_meta_rule category {} is not part of subject_categories {}".format( + # data, subject_categories)) + # object_categories = self.get_object_category_dict(user_id, intra_extension_id)["object_categories"] + # for data in sub_meta_rule_dict[sub_meta_rule_id]["object_categories"]: + # if data not in object_categories: + # raise IntraExtensionError("set_sub_meta_rule category {} is not part of object_categories {}".format( + # data, object_categories)) + # action_categories = self.get_action_category_dict(user_id, intra_extension_id)["actions_categories"] + # for data in sub_meta_rule_dict[sub_meta_rule_id]["action_categories"]: + # if data not in action_categories: + # raise IntraExtensionError("set_sub_meta_rule category {} is not part of action_categories {}".format( + # data, action_categories)) + + return self.driver.set_meta_rule_dict(intra_extension_id,sub_meta_rule_dict) + + @filter_args + @enforce(("read", "write"), "sub_meta_rules") + def set_sub_meta_rule_dict(self, user_id, intra_extension_id, sub_meta_rule_dict): # TODO (dthom): When sub_meta_rule is set, all rules must be dropped - # because the previous rules cannot be mapped to the new sub_meta_rule. - for relation in sub_meta_rules.keys(): - if relation not in self.get_sub_meta_rule_relations(user_id, intra_extension_uuid)["sub_meta_rule_relations"]: - raise IntraExtensionError("set_sub_meta_rule unknown MetaRule relation {}".format(relation)) - for cat in ("subject_categories", "object_categories", "action_categories"): - if cat not in sub_meta_rules[relation]: - raise IntraExtensionError("set_sub_meta_rule category {} missed".format(cat)) - if type(sub_meta_rules[relation][cat]) is not list: - raise IntraExtensionError("set_sub_meta_rule category {} is not a list".format(cat)) - subject_categories = self.get_subject_category_dict(user_id, intra_extension_uuid)["subject_categories"] - for data in list(sub_meta_rules[relation]["subject_categories"]): - if data not in subject_categories: - raise IntraExtensionError("set_sub_meta_rule category {} is not part of subject_categories {}".format( - data, subject_categories)) - object_categories = self.get_object_category_dict(user_id, intra_extension_uuid)["object_categories"] - for data in sub_meta_rules[relation]["object_categories"]: - if data not in object_categories: - raise IntraExtensionError("set_sub_meta_rule category {} is not part of object_categories {}".format( - data, object_categories)) - action_categories = self.get_action_category_dict(user_id, intra_extension_uuid)["actions_categories"] - for data in sub_meta_rules[relation]["action_categories"]: - if data not in action_categories: - raise IntraExtensionError("set_sub_meta_rule category {} is not part of action_categories {}".format( - data, action_categories)) - aggregation = self.driver.get_meta_rule_dict(intra_extension_uuid)["aggregation"] - return self.driver.set_meta_rule_dict( - intra_extension_uuid, - { - "aggregation": aggregation, - "sub_meta_rules": sub_meta_rules - }) - - # Sub-rules functions + for sub_meta_rule_id in sub_meta_rule_dict: + if sub_meta_rule_id not in self.get_sub_meta_rule_dict(user_id, intra_extension_id): + raise SubMetaRuleOutOfScope() + # for cat in ("subject_categories", "object_categories", "action_categories"): + # if cat not in sub_meta_rule_dict[sub_meta_rule_id]: + # raise IntraExtensionError("set_sub_meta_rule category {} missed".format(cat)) + # if type(sub_meta_rule_dict[sub_meta_rule_id][cat]) is not list: + # raise IntraExtensionError("set_sub_meta_rule category {} is not a list".format(cat)) + # subject_categories = self.get_subject_category_dict(user_id, intra_extension_id)["subject_categories"] + # for data in list(sub_meta_rule_dict[sub_meta_rule_id]["subject_categories"]): + # if data not in subject_categories: + # raise IntraExtensionError("set_sub_meta_rule category {} is not part of subject_categories {}".format( + # data, subject_categories)) + # object_categories = self.get_object_category_dict(user_id, intra_extension_id)["object_categories"] + # for data in sub_meta_rule_dict[sub_meta_rule_id]["object_categories"]: + # if data not in object_categories: + # raise IntraExtensionError("set_sub_meta_rule category {} is not part of object_categories {}".format( + # data, object_categories)) + # action_categories = self.get_action_category_dict(user_id, intra_extension_id)["actions_categories"] + # for data in sub_meta_rule_dict[sub_meta_rule_id]["action_categories"]: + # if data not in action_categories: + # raise IntraExtensionError("set_sub_meta_rule category {} is not part of action_categories {}".format( + # data, action_categories)) + return self.driver.set_meta_rule_dict(intra_extension_id,sub_meta_rule_dict) + + # Rule functions @filter_args - @enforce("read", "sub_rules") - def get_rules(self, user_id, intra_extension_uuid): - return self.driver.get_rules(intra_extension_uuid) + @enforce("read", "rule") + def get_rule_dict(self, user_id, intra_extension_id): + return self.driver.get_rule_dict(intra_extension_id) @filter_args - @enforce("read", "sub_rules") - @enforce("write", "sub_rules") - def set_rule(self, user_id, intra_extension_uuid, relation, sub_rule): - for item in sub_rule: - if type(item) not in (str, unicode, bool): - raise IntraExtensionError("Bad input data (sub_rule).") - ref_rules = self.driver.get_rules(intra_extension_uuid) - _sub_rule = list(sub_rule) - if relation not in self.get_sub_meta_rule_relations(user_id, intra_extension_uuid)["sub_meta_rule_relations"]: - raise IntraExtensionError("Bad input data (rules).") - # filter strings in sub_rule - sub_rule = [filter_input(x) for x in sub_rule] - # check if length of sub_rule is correct from metadata_sub_rule - metadata_sub_rule = self.get_sub_meta_rule(user_id, intra_extension_uuid) - metadata_sub_rule_length = len(metadata_sub_rule['sub_meta_rules'][relation]["subject_categories"]) + \ - len(metadata_sub_rule['sub_meta_rules'][relation]["action_categories"]) + \ - len(metadata_sub_rule['sub_meta_rules'][relation]["object_categories"]) + 1 - if metadata_sub_rule_length != len(sub_rule): - raise IntraExtensionError("Bad number of argument in sub_rule {}/{}".format(sub_rule, - metadata_sub_rule_length)) - # check if each item in sub_rule match a corresponding scope value - for category in metadata_sub_rule['sub_meta_rules'][relation]["subject_categories"]: - item = _sub_rule.pop(0) - if item not in self.get_subject_category_scope_dict( - user_id, - intra_extension_uuid, category)["subject_category_scope"][category].keys(): - raise IntraExtensionError("Bad subject value in sub_rule {}/{}".format(category, item)) - for category in metadata_sub_rule['sub_meta_rules'][relation]["action_categories"]: - action_categories = self.get_action_category_scope_dict( - user_id, - intra_extension_uuid, category)["action_category_scope"][category] - item = _sub_rule.pop(0) - if item not in action_categories.keys(): - self.moonlog_api.warning("set_sub_rule bad action value in sub_rule {}/{}".format(category, item)) - raise IntraExtensionError("Bad input data.") - for category in metadata_sub_rule['sub_meta_rules'][relation]["object_categories"]: - item = _sub_rule.pop(0) - if item not in self.get_object_category_scope_dict( - user_id, - intra_extension_uuid, category)["object_category_scope"][category].keys(): - raise IntraExtensionError("Bad object value in sub_rule {}/{}".format(category, item)) - # check if relation is already there - if relation not in ref_rules["rules"]: - ref_rules["rules"][relation] = list() + @enforce(("read", "write"), "rule") + def set_rule_dict(self, user_id, intra_extension_id, sub_meta_rule_id, rule_dict): + # for item in rule_dict: + # if type(item) not in (str, unicode, bool): + # raise IntraExtensionError("Bad input data (sub_rule).") + # ref_rules = self.driver.get_rule_dict(intra_extension_id) + # _sub_rule = list(rule_dict) + # if sub_meta_rule_id not in self.get_sub_meta_rule_relations(user_id, intra_extension_id)["sub_meta_rule_relations"]: + # raise IntraExtensionError("Bad input data (rules).") + # # filter strings in sub_rule + # rule_dict = [filter_input(x) for x in rule_dict] + # # check if length of sub_rule is correct from metadata_sub_rule + # metadata_sub_rule = self.get_sub_meta_rule_dict(user_id, intra_extension_id) + # metadata_sub_rule_length = len(metadata_sub_rule['sub_meta_rules'][sub_meta_rule_id]["subject_categories"]) + \ + # len(metadata_sub_rule['sub_meta_rules'][sub_meta_rule_id]["action_categories"]) + \ + # len(metadata_sub_rule['sub_meta_rules'][sub_meta_rule_id]["object_categories"]) + 1 + # if metadata_sub_rule_length != len(rule_dict): + # raise IntraExtensionError("Bad number of argument in sub_rule {}/{}".format(rule_dict, + # metadata_sub_rule_length)) + # # check if each item in sub_rule match a corresponding scope value + # for category in metadata_sub_rule['sub_meta_rules'][sub_meta_rule_id]["subject_categories"]: + # item = _sub_rule.pop(0) + # if item not in self.get_subject_scope_dict( + # user_id, + # intra_extension_id, category)["subject_category_scope"][category].keys(): + # raise IntraExtensionError("Bad subject value in sub_rule {}/{}".format(category, item)) + # for category in metadata_sub_rule['sub_meta_rules'][sub_meta_rule_id]["action_categories"]: + # action_categories = self.get_action_scope_dict( + # user_id, + # intra_extension_id, category)["action_category_scope"][category] + # item = _sub_rule.pop(0) + # if item not in action_categories.keys(): + # self.moonlog_api.warning("set_sub_rule bad action value in sub_rule {}/{}".format(category, item)) + # raise IntraExtensionError("Bad input data.") + # for category in metadata_sub_rule['sub_meta_rules'][sub_meta_rule_id]["object_categories"]: + # item = _sub_rule.pop(0) + # if item not in self.get_object_scope_dict( + # user_id, + # intra_extension_id, category)["object_category_scope"][category].keys(): + # raise IntraExtensionError("Bad object value in sub_rule {}/{}".format(category, item)) + # # check if relation is already there + # if sub_meta_rule_id not in ref_rules["rules"]: + # ref_rules["rules"][sub_meta_rule_id] = list() # add sub_rule - ref_rules["rules"][relation].append(sub_rule) - return self.driver.set_rules(intra_extension_uuid, ref_rules["rules"]) + ref_rules["rules"][sub_meta_rule_id].append(rule_dict) + return self.driver.set_rules(intra_extension_id, ref_rules["rules"]) + + @filter_args + @enforce(("read", "write"), "rule") + def add_rule(self, user_id, intra_extension_id, sub_meta_rule_id, rule_list): + # TODO: self.driver.set_rules ??? + return self.driver.add_rule(intra_extension_id, sub_meta_rule_id, rule_list) @filter_args - @enforce("read", "sub_rules") - @enforce("write", "sub_rules") - def del_rule(self, user_id, intra_extension_uuid, relation_name, sub_rule): - ref_rules = self.driver.get_rules(intra_extension_uuid) - sub_rule = sub_rule.split("+") - for index, _item in enumerate(sub_rule): + @enforce(("read", "write"), "rule") + def del_rule(self, user_id, intra_extension_id, sub_meta_rule_id, rule_id): + ref_rules = self.driver.get_rule_dict(intra_extension_id) + rule_id = rule_id.split("+") + for index, _item in enumerate(rule_id): if "True" in _item: - sub_rule[index] = True + rule_id[index] = True if "False" in _item: - sub_rule[index] = False + rule_id[index] = False if relation_name in ref_rules["rules"]: - if sub_rule in ref_rules["rules"][relation_name]: - ref_rules["rules"][relation_name].remove(sub_rule) + if rule_id in ref_rules["rules"][relation_name]: + ref_rules["rules"][relation_name].remove(rule_id) else: raise RuleUnknown() else: raise IntraExtensionError("Unknown relation name for rules: {}".format(relation_name)) - self.driver.set_rules(intra_extension_uuid, ref_rules["rules"]) - + self.driver.set_rules(intra_extension_id, ref_rules["rules"]) + ref_rules["rules"][sub_meta_rule_id].append(rule_dict) + return self.driver.set_rules(intra_extension_id, ref_rules["rules"]) @dependency.provider('authz_api') @dependency.requires('identity_api', 'tenant_api', 'moonlog_api') @@ -1254,22 +1330,23 @@ class IntraExtensionAuthzManager(IntraExtensionManager): __genre__ = "authz" def authz(self, tenant_name, subject_name, object_name, action_name): + # TODO (dthom) add moon log """Check authorization for a particular action. :return: True or False or raise an exception """ - tenant_id = self.tenant_api.get_tenant_id_from_name(self.__default_user, tenant_name) - intra_extension_id = self.tenant_api.get_extension_id(tenant_id, self.__genre__) - subject_dict = self.get_subject_dict(self.__default_user, intra_extension_id) + tenant_id = self.tenant_api.get_tenant_id_from_name(DEFAULT_USER, tenant_name) + intra_extension_id = self.tenant_api.get_tenant_intra_extension_id(DEFAULT_USER, tenant_id, self.__genre__) + subject_dict = self.get_subject_dict(DEFAULT_USER, intra_extension_id) subject_id = None for _subject_id in subject_dict: if subject_dict[_subject_id] is subject_name: subject_id = _subject_id - object_dict = self.get_object_dict(self.__default_user, intra_extension_id) + object_dict = self.get_object_dict(DEFAULT_USER, intra_extension_id) object_id = None for _object_id in object_dict: if object_dict[_object_id] is object_name: object_id = _object_id - action_dict = self.get_action_dict(self.__default_user, intra_extension_id) + action_dict = self.get_action_dict(DEFAULT_USER, intra_extension_id) action_id = None for _action_id in action_dict: if action_dict[_action_id] is action_name: @@ -1277,13 +1354,13 @@ class IntraExtensionAuthzManager(IntraExtensionManager): return super(IntraExtensionAuthzManager, self).authz(intra_extension_id, subject_id, object_id, action_id) - def delete_intra_extension(self, intra_extension_id): + def del_intra_extension(self, intra_extension_id): raise AdminException() def set_subject_dict(self, user_id, intra_extension_uuid, subject_dict): raise SubjectAddNotAuthorized() - def add_subject_dict(self, user_id, intra_extension_uuid, subject_name): + def add_subject(self, user_id, intra_extension_uuid, subject_name): raise SubjectAddNotAuthorized() def del_subject(self, user_id, intra_extension_uuid, subject_name): @@ -1292,7 +1369,7 @@ class IntraExtensionAuthzManager(IntraExtensionManager): def set_object_dict(self, user_id, intra_extension_uuid, object_dict): raise ObjectAddNotAuthorized() - def add_object_dict(self, user_id, intra_extension_uuid, object_name): + def add_object(self, user_id, intra_extension_uuid, object_name): raise ObjectAddNotAuthorized() def del_object(self, user_id, intra_extension_uuid, object_uuid): @@ -1301,7 +1378,7 @@ class IntraExtensionAuthzManager(IntraExtensionManager): def set_action_dict(self, user_id, intra_extension_uuid, action_dict): raise ActionAddNotAuthorized() - def add_action_dict(self, user_id, intra_extension_uuid, action_dict): + def add_action(self, user_id, intra_extension_uuid, action_dict): raise ActionAddNotAuthorized() def del_action(self, user_id, intra_extension_uuid, action_uuid): @@ -1310,7 +1387,7 @@ class IntraExtensionAuthzManager(IntraExtensionManager): def set_subject_category_dict(self, user_id, intra_extension_uuid, subject_category): raise SubjectCategoryAddNotAuthorized() - def add_subject_category_dict(self, user_id, intra_extension_uuid, subject_category_name): + def add_subject_category(self, user_id, intra_extension_uuid, subject_category_name): raise SubjectCategoryAddNotAuthorized() def del_subject_category(self, user_id, intra_extension_uuid, subject_uuid): @@ -1319,7 +1396,7 @@ class IntraExtensionAuthzManager(IntraExtensionManager): def set_object_category_dict(self, user_id, intra_extension_uuid, object_category): raise ObjectCategoryAddNotAuthorized() - def add_object_category_dict(self, user_id, intra_extension_uuid, object_category_name): + def add_object_category(self, user_id, intra_extension_uuid, object_category_name): raise ObjectCategoryAddNotAuthorized() def del_object_category(self, user_id, intra_extension_uuid, object_uuid): @@ -1328,70 +1405,70 @@ class IntraExtensionAuthzManager(IntraExtensionManager): def set_action_category_dict(self, user_id, intra_extension_uuid, action_category): raise ActionCategoryAddNotAuthorized() - def add_action_category_dict(self, user_id, intra_extension_uuid, action_category_name): + def add_action_category(self, user_id, intra_extension_uuid, action_category_name): raise ActionCategoryAddNotAuthorized() def del_action_category(self, user_id, intra_extension_uuid, action_uuid): raise ActionCategoryDelNotAuthorized() - def set_subject_category_scope_dict(self, user_id, intra_extension_uuid, category, scope): + def set_subject_scope_dict(self, user_id, intra_extension_uuid, category, scope): raise SubjectCategoryScopeAddNotAuthorized() - def add_subject_category_scope_dict(self, user_id, intra_extension_uuid, subject_category, scope_name): + def add_subject_scope(self, user_id, intra_extension_uuid, subject_category, scope_name): raise SubjectCategoryScopeAddNotAuthorized() - def del_subject_category_scope(self, user_id, intra_extension_uuid, subject_category, subject_category_scope): + def del_subject_scope(self, user_id, intra_extension_uuid, subject_category, subject_category_scope): raise SubjectCategoryScopeDelNotAuthorized() - def set_object_category_scope_dict(self, user_id, intra_extension_uuid, category, scope): + def set_object_scope_dict(self, user_id, intra_extension_uuid, category, scope): raise ObjectCategoryScopeAddNotAuthorized() - def add_object_category_scope_dict(self, user_id, intra_extension_uuid, object_category, scope_name): + def add_object_scope(self, user_id, intra_extension_uuid, object_category, scope_name): raise ObjectCategoryScopeAddNotAuthorized() - def del_object_category_scope(self, user_id, intra_extension_uuid, object_category, object_category_scope): + def del_object_scope(self, user_id, intra_extension_uuid, object_category, object_category_scope): raise ObjectCategoryScopeDelNotAuthorized() - def set_action_category_scope_dict(self, user_id, intra_extension_uuid, category, scope): + def set_action_scope_dict(self, user_id, intra_extension_uuid, category, scope): raise ActionCategoryScopeAddNotAuthorized() - def add_action_category_scope_dict(self, user_id, intra_extension_uuid, action_category, scope_name): + def add_action_scope(self, user_id, intra_extension_uuid, action_category, scope_name): raise ActionCategoryScopeAddNotAuthorized() - def del_action_category_scope(self, user_id, intra_extension_uuid, action_category, action_category_scope): + def del_action_scope(self, user_id, intra_extension_uuid, action_category, action_category_scope): raise ActionCategoryScopeDelNotAuthorized() - def set_subject_category_assignment_dict(self, user_id, intra_extension_uuid, subject_uuid, assignment_dict): + def set_subject_assignment_dict(self, user_id, intra_extension_uuid, subject_uuid, assignment_dict): raise SubjectCategoryAssignmentAddNotAuthorized() - def del_subject_category_assignment(self, user_id, intra_extension_uuid, subject_uuid, category_uuid, scope_uuid): + def del_subject_assignment(self, user_id, intra_extension_uuid, subject_uuid, category_uuid, scope_uuid): raise SubjectCategoryAssignmentAddNotAuthorized() - def add_subject_category_assignment_dict(self, user_id, intra_extension_uuid, subject_uuid, category_uuid, scope_uuid): + def add_subject_assignment(self, user_id, intra_extension_uuid, subject_uuid, category_uuid, scope_uuid): raise SubjectCategoryAssignmentDelNotAuthorized() def set_object_category_assignment_dict(self, user_id, intra_extension_uuid, object_uuid, assignment_dict): raise ObjectCategoryAssignmentAddNotAuthorized() - def del_object_category_assignment(self, user_id, intra_extension_uuid, object_uuid, category_uuid, scope_uuid): + def del_object_assignment(self, user_id, intra_extension_uuid, object_uuid, category_uuid, scope_uuid): raise ObjectCategoryAssignmentAddNotAuthorized() - def add_object_category_assignment_dict(self, user_id, intra_extension_uuid, object_uuid, category_uuid, scope_uuid): + def add_object_assignment(self, user_id, intra_extension_uuid, object_uuid, category_uuid, scope_uuid): raise ObjectCategoryAssignmentDelNotAuthorized() - def set_action_category_assignment_dict(self, user_id, intra_extension_uuid, action_uuid, assignment_dict): + def set_action_assignment_dict(self, user_id, intra_extension_uuid, action_uuid, assignment_dict): raise ActionCategoryAssignmentAddNotAuthorized() - def del_action_category_assignment(self, user_id, intra_extension_uuid, action_uuid, category_uuid, scope_uuid): + def del_action_assignment(self, user_id, intra_extension_uuid, action_uuid, category_uuid, scope_uuid): raise ActionCategoryAssignmentAddNotAuthorized() - def add_action_category_assignment_dict(self, user_id, intra_extension_uuid, action_uuid, category_uuid, scope_uuid): + def add_action_assignment(self, user_id, intra_extension_uuid, action_uuid, category_uuid, scope_uuid): raise ActionCategoryAssignmentDelNotAuthorized() def set_aggregation_algorithm(self, user_id, intra_extension_uuid, aggregation_algorithm): raise MetaRuleAddNotAuthorized() - def set_sub_meta_rule(self, user_id, intra_extension_uuid, sub_meta_rules): + def set_sub_meta_rule_dict(self, user_id, intra_extension_uuid, sub_meta_rules): raise MetaRuleAddNotAuthorized() def set_sub_rule(self, user_id, intra_extension_uuid, relation, sub_rule): @@ -1527,33 +1604,6 @@ class TenantDriver(object): raise exception.NotImplemented() # pragma: no cover -class AuthzDriver(object): - - def get_subject_category_list(self, extension_uuid): - raise exception.NotImplemented() # pragma: no cover - - def get_object_category_list(self, extension_uuid): - raise exception.NotImplemented() # pragma: no cover - - def get_action_category_list(self, extension_uuid): - raise exception.NotImplemented() # pragma: no cover - - def get_subject_category_value_dict(self, extension_uuid, subject_uuid): - raise exception.NotImplemented() # pragma: no cover - - def get_object_category_value_dict(self, extension_uuid, object_uuid): - raise exception.NotImplemented() # pragma: no cover - - def get_action_category_value_dict(self, extension_uuid, action_uuid): - raise exception.NotImplemented() # pragma: no cover - - def get_meta_rule(self, extension_uuid): - raise exception.NotImplemented() # pragma: no cover - - def get_rules(self, extension_uuid): - raise exception.NotImplemented() # pragma: no cover - - class IntraExtensionDriver(object): SUBJECT = 'subject' @@ -1625,7 +1675,7 @@ class IntraExtensionDriver(object): elif data_name == self.OBJECT_SCOPE: if not category_uuid: category_uuid = self.get_uuid_from_name(intra_extension_uuid, category_name, self.OBJECT_CATEGORY) - data_values = self.get_object_category_scope_dict(intra_extension_uuid, + data_values = self.get_object_scope_dict(intra_extension_uuid, category_uuid)["object_category_scope"] if (name and name not in extract_name(data_values)) or \ (uuid and uuid not in data_values.keys()): @@ -1633,7 +1683,7 @@ class IntraExtensionDriver(object): elif data_name == self.ACTION_SCOPE: if not category_uuid: category_uuid = self.get_uuid_from_name(intra_extension_uuid, category_name, self.ACTION_CATEGORY) - data_values = self.get_action_category_scope_dict(intra_extension_uuid, + data_values = self.get_action_scope_dict(intra_extension_uuid, category_uuid)["action_category_scope"] if (name and name not in extract_name(data_values)) or \ (uuid and uuid not in data_values.keys()): @@ -1641,7 +1691,7 @@ class IntraExtensionDriver(object): if category_uuid: return data_values[category_uuid] return data_values - # zzzzzzzzzzzzzzzzzz + def get_uuid_from_name(self, intra_extension_uuid, name, data_name, category_name=None, category_uuid=None): data_values = self.__get_data_from_type( intra_extension_uuid=intra_extension_uuid, @@ -1664,26 +1714,26 @@ class IntraExtensionDriver(object): # Getter and Setter for intra_extension - def get_intra_extension_list(self): - """Get a list of IntraExtension UUIDs - :return: a list of IntraExtension UUIDs ["uuid1", "uuid2"] + def get_intra_extension_dict(self): + """Get a list of IntraExtension + :return: {"intra_extension_id": "intra_extension_name", } """ raise exception.NotImplemented() # pragma: no cover - def get_intra_extension_dict(self, intra_extension_id): + def get_intra_extension(self, intra_extension_id): """Get a description of an IntraExtension :param intra_extension_id: the IntraExtension UUID :return: {intra_extension_id: intra_extension_name, ...} """ raise exception.NotImplemented() # pragma: no cover - def set_intra_extension(self, extension_uuid, extension_dict): + def set_intra_extension(self, intra_extension_id, intra_extension_dict): """Set a new IntraExtension - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :param extension_dict: a dictionary withe the description of the IntraExtension (see below) - :type extension_dict: dict + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :param intra_extension_dict: a dictionary withe the description of the IntraExtension (see below) + :type intra_extension_dict: dict :return: the IntraExtension dictionary, example: { "id": "uuid1", @@ -1694,619 +1744,603 @@ class IntraExtensionDriver(object): """ raise exception.NotImplemented() # pragma: no cover - def delete_intra_extension(self, extension_uuid): + def del_intra_extension(self, intra_extension_id): """Delete an IntraExtension - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string :return: None """ raise exception.NotImplemented() # pragma: no cover - # Getter ad Setter for subjects + # Metadata functions - def get_subject_dict(self, extension_uuid): - """Get the list of subject for that IntraExtension + def get_subject_category_dict(self, intra_extension_id): + """Get a list of all subject categories - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :return: a dictionary containing all subjects for that IntraExtension, eg. {"uuid1": "name1", "uuid2": "name2"} + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :return: a dictionary containing all subject categories {"uuid1": "name1", "uuid2": "name2"} """ raise exception.NotImplemented() # pragma: no cover - def set_subject_dict(self, extension_uuid, subject_dict): - """Set the list of subject for that IntraExtension + def set_subject_category_dict(self, intra_extension_id, subject_category_dict): + """Set the list of all subject categories - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :param subject_dict: dict of subject: {"uuid1": "name1", "uuid2": "name2"} - :type subject_dict: dict - :return: a dictionary containing all subjects for that IntraExtension, eg. {"uuid1": "name1", "uuid2": "name2"} + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :param subject_category_dict: dict of subject categories {"uuid1": "name1", "uuid2": "name2"} + :type subject_category_dict: dict + :return: a dictionary containing all subject categories {"uuid1": "name1", "uuid2": "name2"} """ raise exception.NotImplemented() # pragma: no cover - def add_subject(self, extension_uuid, subject_uuid, subject_name): - """Add a subject + def add_subject_category(self, intra_extension_id, subject_category_id, subject_category_name): + """Add a subject category - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :param subject_uuid: Subject UUID - :type subject_uuid: string - :param subject_name: Subject name - :type subject_name: string - :return: the added subject {"uuid1": "name1"} + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :param subject_category_id: the UUID of the subject category + :type subject_category_id: string + :param subject_category_name: the name of the subject category + :type subject_category_name: string + :return: a dictionnary with the subject catgory added {"uuid1": "name1"} """ raise exception.NotImplemented() # pragma: no cover - def remove_subject(self, extension_uuid, subject_uuid): - """Remove a subject + def del_subject_category(self, intra_extension_id, subject_category_id): + """Remove one subject category - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :param subject_uuid: Subject UUID - :type subject_uuid: string - :return: None + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :param subject_category_id: the UUID of subject category to remove + :type subject_category_id: string + :return: a dictionary containing all subject categories {"uuid1": "name1", "uuid2": "name2"} """ raise exception.NotImplemented() # pragma: no cover - # Getter ad Setter for objects - - def get_object_dict(self, extension_uuid): - """Get the list of object for that IntraExtension + def get_object_category_dict(self, intra_extension_id): + """Get a list of all object categories - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :return: a dictionary containing all objects for that IntraExtension, eg. {"uuid1": "name1", "uuid2": "name2"} + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :return: a dictionary containing all object categories {"uuid1": "name1", "uuid2": "name2"} """ raise exception.NotImplemented() # pragma: no cover - def set_object_dict(self, extension_uuid, object_dict): - """Set the list of object for that IntraExtension + def set_object_category_dict(self, intra_extension_id, object_category_dict): + """Set the list of all object categories - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :param object_dict: dict of object: {"uuid1": "name1", "uuid2": "name2"} - :type object_dict: dict - :return: a dictionary containing all objects for that IntraExtension, eg. {"uuid1": "name1", "uuid2": "name2"} + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :param object_category_dict: dict of object categories {"uuid1": "name1", "uuid2": "name2"} + :type object_category_dict: dict + :return: a dictionary containing all object categories {"uuid1": "name1", "uuid2": "name2"} """ raise exception.NotImplemented() # pragma: no cover - def add_object(self, extension_uuid, object_uuid, object_name): - """Ad an object + def add_object_category(self, intra_extension_id, object_category_id, object_category_name): + """Add a object category - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :param object_uuid: Object UUID - :type object_uuid: string - :param object_name: Object name - :type object_name: string - :return: the added object {"uuid1": "name1"} + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :param object_category_id: the UUID of the object category + :type object_category_id: string + :param object_category_name: the name of the object category + :type object_category_name: string + :return: a dictionnary with the object catgory added {"uuid1": "name1"} """ raise exception.NotImplemented() # pragma: no cover - def remove_object(self, extension_uuid, object_uuid): - """Remove an object + def del_object_category(self, intra_extension_id, object_category_id): + """Remove one object category - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :param object_uuid: Object UUID - :type object_uuid: string - :return: None + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :param object_category_id: the UUID of object category to remove + :type object_category_id: string + :return: a dictionary containing all object categories {"uuid1": "name1", "uuid2": "name2"} """ raise exception.NotImplemented() # pragma: no cover - # Getter ad Setter for actions - - def get_action_dict(self, extension_uuid): - """ Get the list of action for that IntraExtension + def get_action_category_dict(self, intra_extension_id): + """Get a list of all action categories - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :return: a dictionary containing all actions for that IntraExtension, eg. {"uuid1": "name1", "uuid2": "name2"} + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :return: a dictionary containing all action categories {"uuid1": "name1", "uuid2": "name2"} """ raise exception.NotImplemented() # pragma: no cover - def set_action_dict(self, extension_uuid, action_dict): - """ Set the list of action for that IntraExtension + def set_action_category_dict(self, intra_extension_id, action_category_dict): + """Set the list of all action categories - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :param action_dict: dict of actions: {"uuid1": "name1", "uuid2": "name2"} - :type action_dict: dict - :return: a dictionary containing all actions for that IntraExtension, eg. {"uuid1": "name1", "uuid2": "name2"} + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :param action_category_dict: dict of action categories {"uuid1": "name1", "uuid2": "name2"} + :type action_category_dict: dict + :return: a dictionary containing all action categories {"uuid1": "name1", "uuid2": "name2"} """ raise exception.NotImplemented() # pragma: no cover - def add_action(self, extension_uuid, action_uuid, action_name): - """Ad an action + def add_action_category(self, intra_extension_id, action_category_id, action_category_name): + """Add a action category - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :param action_uuid: Action UUID - :type action_uuid: string - :param action_name: Action name - :type action_name: string - :return: the added action {"uuid1": "name1"} + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :param action_category_id: the UUID of the action category + :type action_category_id: string + :param action_category_name: the name of the action category + :type action_category_name: string + :return: a dictionnary with the action catgory added {"uuid1": "name1"} """ raise exception.NotImplemented() # pragma: no cover - def remove_action(self, extension_uuid, action_uuid): - """Remove an action + def del_action_category(self, intra_extension_id, action_category_id): + """Remove one action category - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :param action_uuid: Action UUID - :type action_uuid: string - :return: None + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :param action_category_id: the UUID of action category to remove + :type action_category_id: string + :return: a dictionary containing all action categories {"uuid1": "name1", "uuid2": "name2"} """ raise exception.NotImplemented() # pragma: no cover - # Getter ad Setter for subject_category + # Perimeter functions - def get_subject_category_dict(self, extension_uuid): - """Get a list of all subject categories + def get_subject_dict(self, intra_extension_id): + """Get the list of subject for that IntraExtension - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :return: a dictionary containing all subject categories {"uuid1": "name1", "uuid2": "name2"} + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :return: a dictionary containing all subjects for that IntraExtension, eg. {"uuid1": "name1", "uuid2": "name2"} """ raise exception.NotImplemented() # pragma: no cover - def set_subject_category_dict(self, extension_uuid, subject_categories): - """Set the list of all subject categories + def set_subject_dict(self, intra_extension_id, subject_dict): + """Set the list of subject for that IntraExtension - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :param subject_categories: dict of subject categories {"uuid1": "name1", "uuid2": "name2"} - :type subject_categories: dict - :return: a dictionary containing all subject categories {"uuid1": "name1", "uuid2": "name2"} + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :param subject_dict: dict of subject: {"uuid1": "name1", "uuid2": "name2"} + :type subject_dict: dict + :return: a dictionary containing all subjects for that IntraExtension, eg. {"uuid1": "name1", "uuid2": "name2"} """ raise exception.NotImplemented() # pragma: no cover - def add_subject_category_dict(self, extension_uuid, subject_category_uuid, subject_category_name): - """Add a subject category + def add_subject(self, intra_extension_id, subject_id, subject_name): + """Add a subject - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :param subject_category_uuid: the UUID of the subject category - :type subject_category_uuid: string - :param subject_category_name: the name of the subject category - :type subject_category_name: string - :return: a dictionnary with the subject catgory added {"uuid1": "name1"} + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :param subject_id: Subject UUID + :type subject_id: string + :param subject_name: Subject name + :type subject_name: string + :return: the added subject {"uuid1": "name1"} """ raise exception.NotImplemented() # pragma: no cover - def remove_subject_category(self, extension_uuid, subject_category_uuid): - """Remove one subject category + def del_subject(self, intra_extension_id, subject_id): + """Remove a subject - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :param subject_category_uuid: the UUID of subject category to remove - :type subject_category_uuid: string - :return: a dictionary containing all subject categories {"uuid1": "name1", "uuid2": "name2"} + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :param subject_id: Subject UUID + :type subject_id: string + :return: None """ raise exception.NotImplemented() # pragma: no cover - # Getter ad Setter for object_category - - def get_object_category_dict(self, extension_uuid): - """Get a list of all object categories + def get_object_dict(self, intra_extension_id): + """Get the list of object for that IntraExtension - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :return: a dictionary containing all object categories {"uuid1": "name1", "uuid2": "name2"} + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :return: a dictionary containing all objects for that IntraExtension, eg. {"uuid1": "name1", "uuid2": "name2"} """ raise exception.NotImplemented() # pragma: no cover - def set_object_category_dict(self, extension_uuid, object_categories): - """Set the list of all object categories + def set_object_dict(self, intra_extension_id, object_dict): + """Set the list of object for that IntraExtension - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :param object_categories: dict of object categories {"uuid1": "name1", "uuid2": "name2"} - :type object_categories: dict - :return: a dictionary containing all object categories {"uuid1": "name1", "uuid2": "name2"} + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :param object_dict: dict of object: {"uuid1": "name1", "uuid2": "name2"} + :type object_dict: dict + :return: a dictionary containing all objects for that IntraExtension, eg. {"uuid1": "name1", "uuid2": "name2"} """ raise exception.NotImplemented() # pragma: no cover - def add_object_category_dict(self, extension_uuid, object_category_uuid, object_category_name): - """Add a object category + def add_object(self, intra_extension_id, object_id, object_name): + """Ad an object - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :param object_category_uuid: the UUID of the object category - :type object_category_uuid: string - :param object_category_name: the name of the object category - :type object_category_name: string - :return: a dictionnary with the object catgory added {"uuid1": "name1"} + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :param object_id: Object UUID + :type object_id: string + :param object_name: Object name + :type object_name: string + :return: the added object {"uuid1": "name1"} """ raise exception.NotImplemented() # pragma: no cover - def remove_object_category(self, extension_uuid, object_category_uuid): - """Remove one object category + def del_object(self, intra_extension_id, object_id): + """Remove an object - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :param object_category_uuid: the UUID of object category to remove - :type object_category_uuid: string - :return: a dictionary containing all object categories {"uuid1": "name1", "uuid2": "name2"} + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :param object_id: Object UUID + :type object_id: string + :return: None """ raise exception.NotImplemented() # pragma: no cover - # Getter ad Setter for action_category - - def get_action_category_dict(self, extension_uuid): - """Get a list of all action categories + def get_action_dict(self, intra_extension_id): + """ Get the list of action for that IntraExtension - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :return: a dictionary containing all action categories {"uuid1": "name1", "uuid2": "name2"} + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :return: a dictionary containing all actions for that IntraExtension, eg. {"uuid1": "name1", "uuid2": "name2"} """ raise exception.NotImplemented() # pragma: no cover - def set_action_category_dict(self, extension_uuid, action_categories): - """Set the list of all action categories + def set_action_dict(self, intra_extension_id, action_dict): + """ Set the list of action for that IntraExtension - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :param action_categories: dict of action categories {"uuid1": "name1", "uuid2": "name2"} - :type action_categories: dict - :return: a dictionary containing all action categories {"uuid1": "name1", "uuid2": "name2"} + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :param action_dict: dict of actions: {"uuid1": "name1", "uuid2": "name2"} + :type action_dict: dict + :return: a dictionary containing all actions for that IntraExtension, eg. {"uuid1": "name1", "uuid2": "name2"} """ raise exception.NotImplemented() # pragma: no cover - def add_action_category_dict(self, extension_uuid, action_category_uuid, action_category_name): - """Add a action category + def add_action(self, intra_extension_id, action_id, action_name): + """Ad an action - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :param action_category_uuid: the UUID of the action category - :type action_category_uuid: string - :param action_category_name: the name of the action category - :type action_category_name: string - :return: a dictionnary with the action catgory added {"uuid1": "name1"} + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :param action_id: Action UUID + :type action_id: string + :param action_name: Action name + :type action_name: string + :return: the added action {"uuid1": "name1"} """ raise exception.NotImplemented() # pragma: no cover - def remove_action_category(self, extension_uuid, action_category_uuid): - """Remove one action category + def del_action(self, intra_extension_id, action_id): + """Remove an action - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :param action_category_uuid: the UUID of action category to remove - :type action_category_uuid: string - :return: a dictionary containing all action categories {"uuid1": "name1", "uuid2": "name2"} + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :param action_id: Action UUID + :type action_id: string + :return: None """ raise exception.NotImplemented() # pragma: no cover - # Getter and Setter for subject_category_value_scope + # Scope functions - def get_subject_category_scope_dict(self, extension_uuid, category): + def get_subject_scope_dict(self, intra_extension_id, subject_category_id): """Get a list of all subject category scope - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :param category: the category UUID where the scope values are - :type category: string + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :param subject_category_id: the category UUID where the scope values are + :type subject_category_id: string :return: a dictionary containing all subject category scope {"category1": {"scope_uuid1": "scope_name1}} """ raise exception.NotImplemented() # pragma: no cover - def set_subject_category_scope_dict(self, extension_uuid, subject_category, scope): + def set_subject_scope_dict(self, intra_extension_id, subject_category_id, subject_scope_dict): """Set the list of all scope for that subject category - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :param subject_category: the UUID of the subject category where this scope will be set - :type subject_category: string + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :param subject_category_id: the UUID of the subject category where this scope will be set + :type subject_category_id: string :return: a dictionary containing all scope {"scope_uuid1": "scope_name1, "scope_uuid2": "scope_name2} """ raise exception.NotImplemented() # pragma: no cover - def add_subject_category_scope_dict(self, extension_uuid, subject_category, scope_uuid, scope_name): + def add_subject_scope(self, intra_extension_id, subject_category_id, subject_scope_id, subject_scope_name): """Add a subject category - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :param subject_category: the subject category UUID where the scope will be added - :type subject_category: string - :param scope_uuid: the UUID of the subject category - :type scope_uuid: string - :param scope_name: the name of the subject category - :type scope_name: string + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :param subject_category_id: the subject category UUID where the scope will be added + :type subject_category_id: string + :param subject_scope_id: the UUID of the subject category + :type subject_scope_id: string + :param subject_scope_name: the name of the subject category + :type subject_scope_name: string :return: a dictionary containing the subject category scope added {"category1": {"scope_uuid1": "scope_name1}} """ raise exception.NotImplemented() # pragma: no cover - def remove_subject_category_scope_dict(self, extension_uuid, subject_category, scope_uuid): + def del_subject_scope(self, intra_extension_id, subject_category_id, subject_scope_id): """Remove one scope belonging to a subject category - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :param subject_category: the UUID of subject categorywhere we can find the scope to remove - :type subject_category: string - :param scope_uuid: the UUID of the scope to remove - :type scope_uuid: string + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :param subject_category_id: the UUID of subject categorywhere we can find the scope to remove + :type subject_category_id: string + :param subject_scope_id: the UUID of the scope to remove + :type subject_scope_id: string :return: None """ raise exception.NotImplemented() # pragma: no cover - # Getter and Setter for object_category_scope - - def get_object_category_scope_dict(self, extension_uuid, category): + def get_object_scope_dict(self, intra_extension_id, object_category_id): """Get a list of all object category scope - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :param category: the category UUID where the scope values are - :type category: string + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :param object_category_id: the category UUID where the scope values are + :type object_category_id: string :return: a dictionary containing all object category scope {"category1": {"scope_uuid1": "scope_name1}} """ raise exception.NotImplemented() # pragma: no cover - def set_object_category_scope_dict(self, extension_uuid, object_category, scope): + def set_object_scope_dict(self, intra_extension_id, object_category_id, object_scope_dict): """Set the list of all scope for that object category - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :param object_category: the UUID of the object category where this scope will be set - :type object_category: string + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :param object_category_id: the UUID of the object category where this scope will be set + :type object_category_id: string :return: a dictionary containing all scope {"scope_uuid1": "scope_name1, "scope_uuid2": "scope_name2} """ raise exception.NotImplemented() # pragma: no cover - def add_object_category_scope_dict(self, extension_uuid, object_category, scope_uuid, scope_name): + def add_object_scope(self, intra_extension_id, object_category_id, object_scope_id, object_scope_name): """Add a object category - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :param object_category: the object category UUID where the scope will be added - :type object_category: string - :param scope_uuid: the UUID of the object category - :type scope_uuid: string - :param scope_name: the name of the object category - :type scope_name: string + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :param object_category_id: the object category UUID where the scope will be added + :type object_category_id: string + :param object_scope_id: the UUID of the object category + :type object_scope_id: string + :param object_scope_name: the name of the object category + :type object_scope_name: string :return: a dictionary containing the object category scope added {"category1": {"scope_uuid1": "scope_name1}} """ raise exception.NotImplemented() # pragma: no cover - def remove_object_category_scope_dict(self, extension_uuid, object_category, scope_uuid): + def del_object_scope(self, intra_extension_id, object_category_id, object_scope_id): """Remove one scope belonging to a object category - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :param object_category: the UUID of object categorywhere we can find the scope to remove - :type object_category: string - :param scope_uuid: the UUID of the scope to remove - :type scope_uuid: string + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :param object_category_id: the UUID of object categorywhere we can find the scope to remove + :type object_category_id: string + :param object_scope_id: the UUID of the scope to remove + :type object_scope_id: string :return: None """ raise exception.NotImplemented() # pragma: no cover - # Getter and Setter for action_category_scope - - def get_action_category_scope_dict(self, extension_uuid, category): + def get_action_scope_dict(self, intra_extension_id, action_category_id): """Get a list of all action category scope - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :param category: the category UUID where the scope values are - :type category: string + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :param action_category_id: the category UUID where the scope values are + :type action_category_id: string :return: a dictionary containing all action category scope {"category1": {"scope_uuid1": "scope_name1}} """ raise exception.NotImplemented() # pragma: no cover - def set_action_category_scope_dict(self, extension_uuid, action_category, scope): + def set_action_scope_dict(self, intra_extension_id, action_category_id, action_scope_id): """Set the list of all scope for that action category - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :param action_category: the UUID of the action category where this scope will be set - :type action_category: string + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :param action_category_id: the UUID of the action category where this scope will be set + :type action_category_id: string :return: a dictionary containing all scope {"scope_uuid1": "scope_name1, "scope_uuid2": "scope_name2} """ raise exception.NotImplemented() # pragma: no cover - def add_action_category_scope_dict(self, extension_uuid, action_category, scope_uuid, scope_name): + def add_action_scope(self, intra_extension_id, action_category_id, action_scope_id, action_scope_name): """Add a action category - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :param action_category: the action category UUID where the scope will be added - :type action_category: string - :param scope_uuid: the UUID of the action category - :type scope_uuid: string - :param scope_name: the name of the action category - :type scope_name: string + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :param action_category_id: the action category UUID where the scope will be added + :type action_category_id: string + :param action_scope_id: the UUID of the action category + :type action_scope_id: string + :param action_scope_name: the name of the action category + :type action_scope_name: string :return: a dictionary containing the action category scope added {"category1": {"scope_uuid1": "scope_name1}} """ raise exception.NotImplemented() # pragma: no cover - def remove_action_category_scope_dict(self, extension_uuid, action_category, scope_uuid): + def del_action_scope(self, intra_extension_id, action_category_id, action_scope_id): """Remove one scope belonging to a action category - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :param action_category: the UUID of action categorywhere we can find the scope to remove - :type action_category: string - :param scope_uuid: the UUID of the scope to remove - :type scope_uuid: string + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :param action_category_id: the UUID of action categorywhere we can find the scope to remove + :type action_category_id: string + :param action_scope_id: the UUID of the scope to remove + :type action_scope_id: string :return: None """ raise exception.NotImplemented() # pragma: no cover - # Getter and Setter for subject_category_assignment + # Assignment functions - def get_subject_category_assignment_dict(self, extension_uuid, subject_uuid): + def get_subject_assignment_dict(self, intra_extension_id, subject_id): """Get the assignment for a given subject_uuid - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :param subject_uuid: subject UUID - :type subject_uuid: string + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :param subject_id: subject UUID + :type subject_id: string :return: a dictionary of assignment for the given subject {"cat1": ["scope_uuid1", "scope_uuid2"]} :raises: IntraExtensionNotFound, SubjectUnknown, SubjectCategoryAssignmentUnknown, SubjectCategoryAssignmentOutOfScope """ raise exception.NotImplemented() # pragma: no cover - def set_subject_category_assignment_dict(self, extension_uuid, subject_uuid, assignment_dict): + def set_subject_assignment_dict(self, intra_extension_id, subject_id, subject_assignment_dict): """Set the assignment for a given subject_uuid - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :param subject_uuid: subject UUID - :type subject_uuid: string - :param assignment_dict: the assignment dictionary {"cat1": ["scope_uuid1", "scope_uuid2"]} - :type assignment_dict: dict + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :param subject_id: subject UUID + :type subject_id: string + :param subject_assignment_dict: the assignment dictionary {"cat1": ["scope_uuid1", "scope_uuid2"]} + :type subject_assignment_dict: dict :return: a dictionary of assignment for the given subject {"cat1": ["scope_uuid1", "scope_uuid2"]} """ raise exception.NotImplemented() # pragma: no cover - def add_subject_category_assignment_dict(self, extension_uuid, subject_uuid, category_uuid, scope_uuid): + def add_subject_assignment(self, intra_extension_id, subject_id, subject_category_id, subject_scope_id): """Add a scope to a category and to a subject - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :param subject_uuid: the subject UUID - :type subject_uuid: string - :param category_uuid: the category UUID - :type category_uuid: string - :param scope_uuid: the scope UUID - :type scope_uuid: string + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :param subject_id: the subject UUID + :type subject_id: string + :param subject_category_id: the category UUID + :type subject_category_id: string + :param subject_scope_id: the scope UUID + :type subject_scope_id: string :return: a dictionary of assignment for the given subject {"cat1": ["scope_uuid1", "scope_uuid2"]} """ raise exception.NotImplemented() # pragma: no cover - def remove_subject_category_assignment(self, extension_uuid, subject_uuid, category_uuid, scope_uuid): + def del_subject_assignment(self, intra_extension_id, subject_id, subject_category_id, subject_scope_id): """Remove a scope from a category and from a subject - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :param subject_uuid: the subject UUID - :type subject_uuid: string - :param category_uuid: the category UUID - :type category_uuid: string - :param scope_uuid: the scope UUID - :type scope_uuid: string + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :param subject_id: the subject UUID + :type subject_id: string + :param subject_category_id: the category UUID + :type subject_category_id: string + :param subject_scope_id: the scope UUID + :type subject_scope_id: string :return: None """ raise exception.NotImplemented() # pragma: no cover - # Getter and Setter for object_category_assignment - - def get_object_category_assignment_dict(self, extension_uuid, object_uuid): + def get_object_assignment_dict(self, intra_extension_id, object_id): """Get the assignment for a given object_uuid - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :param object_uuid: object UUID - :type object_uuid: string + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :param object_id: object UUID + :type object_id: string :return: a dictionary of assignment for the given object {"cat1": ["scope_uuid1", "scope_uuid2"]} :raises: IntraExtensionNotFound, ObjectUnknown, ObjectCategoryAssignmentUnknown, ObjectCategoryAssignmentOutOfScope """ raise exception.NotImplemented() # pragma: no cover - def set_object_category_assignment_dict(self, extension_uuid, object_uuid, assignment_dict): + def set_object_assignment_dict(self, intra_extension_id, object_id, object_assignment_dict): """Set the assignment for a given object_uuid - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :param object_uuid: object UUID - :type object_uuid: string - :param assignment_dict: the assignment dictionary {"cat1": ["scope_uuid1", "scope_uuid2"]} - :type assignment_dict: dict + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :param object_id: object UUID + :type object_id: string + :param object_assignment_dict: the assignment dictionary {"cat1": ["scope_uuid1", "scope_uuid2"]} + :type object_assignment_dict: dict :return: a dictionary of assignment for the given object {"cat1": ["scope_uuid1", "scope_uuid2"]} """ raise exception.NotImplemented() # pragma: no cover - def add_object_category_assignment_dict(self, extension_uuid, object_uuid, category_uuid, scope_uuid): + def add_object_assignment(self, intra_extension_id, object_id, object_category_id, object_scope_id): """Add a scope to a category and to a object - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :param object_uuid: the object UUID - :type object_uuid: string - :param category_uuid: the category UUID - :type category_uuid: string - :param scope_uuid: the scope UUID - :type scope_uuid: string + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :param object_id: the object UUID + :type object_id: string + :param object_category_id: the category UUID + :type object_category_id: string + :param object_scope_id: the scope UUID + :type object_scope_id: string :return: a dictionary of assignment for the given object {"cat1": ["scope_uuid1", "scope_uuid2"]} """ raise exception.NotImplemented() # pragma: no cover - def remove_object_category_assignment(self, extension_uuid, object_uuid, category_uuid, scope_uuid): + def del_object_assignment(self, intra_extension_id, object_id, object_category_id, object_scope_id): """Remove a scope from a category and from a object - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :param object_uuid: the object UUID - :type object_uuid: string - :param category_uuid: the category UUID - :type category_uuid: string - :param scope_uuid: the scope UUID - :type scope_uuid: string + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :param object_id: the object UUID + :type object_id: string + :param object_category_id: the category UUID + :type object_category_id: string + :param object_scope_id: the scope UUID + :type object_scope_id: string :return: None """ raise exception.NotImplemented() # pragma: no cover - # Getter and Setter for action_category_assignment - - def get_action_category_assignment_dict(self, extension_uuid, action_uuid): + def get_action_assignment_dict(self, intra_extension_id, action_id): """Get the assignment for a given action_uuid - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :param action_uuid: action UUID - :type action_uuid: string + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :param action_id: action UUID + :type action_id: string :return: a dictionary of assignment for the given action {"cat1": ["scope_uuid1", "scope_uuid2"]} :raises: IntraExtensionNotFound, ActionUnknown, ActionCategoryAssignmentUnknown, ActionCategoryAssignmentOutOfScope """ raise exception.NotImplemented() # pragma: no cover - def set_action_category_assignment_dict(self, extension_uuid, action_uuid, assignment_dict): + def set_action_assignment_dict(self, intra_extension_id, action_id, action_assignment_dict): """Set the assignment for a given action_uuid - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :param action_uuid: action UUID - :type action_uuid: string - :param assignment_dict: the assignment dictionary {"cat1": ["scope_uuid1", "scope_uuid2"]} - :type assignment_dict: dict + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :param action_id: action UUID + :type action_id: string + :param action_assignment_dict: the assignment dictionary {"cat1": ["scope_uuid1", "scope_uuid2"]} + :type action_assignment_dict: dict :return: a dictionary of assignment for the given action {"cat1": ["scope_uuid1", "scope_uuid2"]} """ raise exception.NotImplemented() # pragma: no cover - def add_action_category_assignment_dict(self, extension_uuid, action_uuid, category_uuid, scope_uuid): + def add_action_assignment(self, intra_extension_id, action_id, action_category_id, action_scope_id): """Add a scope to a category and to a action - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :param action_uuid: the action UUID - :type action_uuid: string - :param category_uuid: the category UUID - :type category_uuid: string - :param scope_uuid: the scope UUID - :type scope_uuid: string + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :param action_id: the action UUID + :type action_id: string + :param action_category_id: the category UUID + :type action_category_id: string + :param action_scope_id: the scope UUID + :type action_scope_id: string :return: a dictionary of assignment for the given action {"cat1": ["scope_uuid1", "scope_uuid2"]} """ raise exception.NotImplemented() # pragma: no cover - def remove_action_category_assignment(self, extension_uuid, action_uuid, category_uuid, scope_uuid): + def del_action_assignment(self, intra_extension_id, action_id, action_category_id, action_scope_id): """Remove a scope from a category and from a action - :param extension_uuid: IntraExtension UUID - :type extension_uuid: string - :param action_uuid: the action UUID - :type action_uuid: string - :param category_uuid: the category UUID - :type category_uuid: string - :param scope_uuid: the scope UUID - :type scope_uuid: string + :param intra_extension_id: IntraExtension UUID + :type intra_extension_id: string + :param action_id: the action UUID + :type action_id: string + :param action_category_id: the category UUID + :type action_category_id: string + :param action_scope_id: the scope UUID + :type action_scope_id: string :return: None """ raise exception.NotImplemented() # pragma: no cover - # Getter and Setter for meta_rule + # Meta_rule functions def get_meta_rule_dict(self, extension_uuid): """Get the Meta rule @@ -2353,7 +2387,7 @@ class IntraExtensionDriver(object): """ raise exception.NotImplemented() # pragma: no cover - # Getter and Setter for rules + # Rule functions def get_rule_dict(self, extension_uuid): """Get all rules @@ -2394,61 +2428,6 @@ class IntraExtensionDriver(object): raise exception.NotImplemented() # pragma: no cover -class UpdateDriver(object): - - def get_intra_extensions(self): - raise exception.NotImplemented() # pragma: no cover - - def get_intra_extension(self, extension_uuid): - raise exception.NotImplemented() # pragma: no cover - - def create_intra_extensions(self, extension_uuid, intra_extension): - raise exception.NotImplemented() # pragma: no cover - - def delete_intra_extensions(self, extension_uuid): - raise exception.NotImplemented() # pragma: no cover - - # Getter and setter for tenant - - def get_tenant(self, uuid): - raise exception.NotImplemented() # pragma: no cover - - def set_tenant(self, uuid, tenant_id): - raise exception.NotImplemented() # pragma: no cover - - # Getter and setter for name - - def get_name(self, uuid): - raise exception.NotImplemented() # pragma: no cover - - def set_name(self, uuid, name): - raise exception.NotImplemented() # pragma: no cover - - # Getter and setter for model - - def get_model(self, uuid): - raise exception.NotImplemented() # pragma: no cover - - def set_model(self, uuid, model): - raise exception.NotImplemented() # pragma: no cover - - # Getter and setter for genre - - def get_genre(self, uuid): - raise exception.NotImplemented() # pragma: no cover - - def set_genre(self, uuid, genre): - raise exception.NotImplemented() # pragma: no cover - - # Getter and setter for description - - def get_description(self, uuid): - raise exception.NotImplemented() # pragma: no cover - - def set_description(self, uuid, args): - raise exception.NotImplemented() # pragma: no cover - - class LogDriver(object): def authz(self, message): diff --git a/keystone-moon/keystone/contrib/moon/exception.py b/keystone-moon/keystone/contrib/moon/exception.py index 21cf666d..3108b7c2 100644 --- a/keystone-moon/keystone/contrib/moon/exception.py +++ b/keystone-moon/keystone/contrib/moon/exception.py @@ -126,6 +126,11 @@ class AuthzAssignment(AuthzException): title = 'Assignment Exception' +class AuthzMetaRule(AuthzException): + code = 400 + title = 'Aggregation Algorithm Exception' + + class AuthzRule(AuthzException): code = 400 title = 'Rule Exception' @@ -194,45 +199,66 @@ class ActionScopeUnknown(AuthzScope): logger = "ERROR" -class SubjectCategoryAssignmentOutOfScope(AuthzScope): - message_format = _("The given subject category scope value is out of scope.") +class SubjectAssignmentOutOfScope(AuthzScope): + message_format = _("The given subject scope value is out of scope.") code = 400 - title = 'Subject Category Assignment Out Of Scope' + title = 'Subject Assignment Out Of Scope' logger = "WARNING" -class ActionCategoryAssignmentOutOfScope(AuthzScope): - message_format = _("The given action category scope value is out of scope.") +class ActionAssignmentOutOfScope(AuthzScope): + message_format = _("The given action scope value is out of scope.") code = 400 - title = 'Action Category Assignment Out Of Scope' + title = 'Action Assignment Out Of Scope' logger = "WARNING" -class ObjectCategoryAssignmentOutOfScope(AuthzScope): - message_format = _("The given object category scope value is out of scope.") +class ObjectAssignmentOutOfScope(AuthzScope): + message_format = _("The given object scope value is out of scope.") code = 400 - title = 'Object Category Assignment Out Of Scope' + title = 'Object Assignment Out Of Scope' logger = "WARNING" -class SubjectCategoryAssignmentUnknown(AuthzAssignment): - message_format = _("The given subject category assignment value is unknown.") +class SubjectAssignmentUnknown(AuthzAssignment): + message_format = _("The given subject assignment value is unknown.") + code = 400 + title = 'Subject Assignment Unknown' + logger = "ERROR" + + +class ObjectAssignmentUnknown(AuthzAssignment): + message_format = _("The given object assignment value is unknown.") + code = 400 + title = 'Object Assignment Unknown' + logger = "ERROR" + + +class ActionAssignmentUnknown(AuthzAssignment): + message_format = _("The given action assignment value is unknown.") + code = 400 + title = 'Action Assignment Unknown' + logger = "ERROR" + + +class AggregationAlgorithmNotExisting(AuthzMetadata): + message_format = _("The given aggregation algorithm is not exsiting.") code = 400 - title = 'Subject Category Assignment Unknown' + title = 'Aggregation Algorithm Not Existing' logger = "ERROR" -class ObjectCategoryAssignmentUnknown(AuthzAssignment): - message_format = _("The given object category assignment value is unknown.") +class AggregationAlgorithmOutOfScope(AuthzMetadata): + message_format = _("The given aggregation algorithm is out of scope.") code = 400 - title = 'Object Category Assignment Unknown' + title = 'Aggregation Algorithm Out Of Scope' logger = "ERROR" -class ActionCategoryAssignmentUnknown(AuthzAssignment): - message_format = _("The given action category assignment value is unknown.") +class SubMetaRuleOutOfScope(AuthzMetadata): + message_format = _("The given sub meta rule is out of scope.") code = 400 - title = 'Action Category Assignment Unknown' + title = 'Sub Meta Rule Out Of Scope' logger = "ERROR" @@ -326,40 +352,40 @@ class ActionDelNotAuthorized(AdminPerimeter): title = 'Action Del Not Authorized' -class SubjectCategoryScopeReadNotAuthorized(AuthzException): - title = 'Subject Category Scope Read Not Authorized' +class SubjectScopeReadNotAuthorized(AuthzException): + title = 'Subject Scope Read Not Authorized' -class SubjectCategoryScopeAddNotAuthorized(AuthzException): - title = 'Subject Category Scope Add Not Authorized' +class SubjectScopeAddNotAuthorized(AuthzException): + title = 'Subject Scope Add Not Authorized' -class SubjectCategoryScopeDelNotAuthorized(AuthzException): - title = 'Subject Category Scope Del Not Authorized' +class SubjectScopeDelNotAuthorized(AuthzException): + title = 'Subject Scope Del Not Authorized' -class ObjectCategoryScopeReadNotAuthorized(AuthzException): - title = 'Object Category Scope Read Not Authorized' +class ObjectScopeReadNotAuthorized(AuthzException): + title = 'Object Scope Read Not Authorized' -class ObjectCategoryScopeAddNotAuthorized(AuthzException): - title = 'Object Category Scope Add Not Authorized' +class ObjectScopeAddNotAuthorized(AuthzException): + title = 'Object Scope Add Not Authorized' -class ObjectCategoryScopeDelNotAuthorized(AuthzException): - title = 'Object Category Scope Del Not Authorized' +class ObjectScopeDelNotAuthorized(AuthzException): + title = 'Object Scope Del Not Authorized' -class ActionCategoryScopeReadNotAuthorized(AuthzException): - title = 'Action Category Scope Read Not Authorized' +class ActionScopeReadNotAuthorized(AuthzException): + title = 'Action Scope Read Not Authorized' -class ActionCategoryScopeAddNotAuthorized(AuthzException): - title = 'Action Category Scope Add Not Authorized' +class ActionScopeAddNotAuthorized(AuthzException): + title = 'Action Scope Add Not Authorized' -class ActionCategoryScopeDelNotAuthorized(AuthzException): - title = 'Action Category Scope Del Not Authorized' +class ActionScopeDelNotAuthorized(AuthzException): + title = 'Action Scope Del Not Authorized' class SubjectCategoryReadNotAuthorized(AdminMetadata): @@ -399,40 +425,40 @@ class ActionCategoryDelNotAuthorized(AdminMetadata): title = 'Action Category Del Not Authorized' -class SubjectCategoryAssignmentReadNotAuthorized(AdminAssignment): - title = 'Subject Category Assignment Read Not Authorized' +class SubjectAssignmentReadNotAuthorized(AdminAssignment): + title = 'Subject Assignment Read Not Authorized' -class SubjectCategoryAssignmentAddNotAuthorized(AdminAssignment): - title = 'Subject Category Assignment Add Not Authorized' +class SubjectAssignmentAddNotAuthorized(AdminAssignment): + title = 'Subject Assignment Add Not Authorized' -class SubjectCategoryAssignmentDelNotAuthorized(AdminAssignment): - title = 'Subject Category Assignment Del Not Authorized' +class SubjectAssignmentDelNotAuthorized(AdminAssignment): + title = 'Subject Assignment Del Not Authorized' -class ObjectCategoryAssignmentReadNotAuthorized(AdminAssignment): - title = 'Object Category Assignment Read Not Authorized' +class ObjectAssignmentReadNotAuthorized(AdminAssignment): + title = 'Object Assignment Read Not Authorized' -class ObjectCategoryAssignmentAddNotAuthorized(AdminAssignment): - title = 'Object Category Assignment Add Not Authorized' +class ObjectAssignmentAddNotAuthorized(AdminAssignment): + title = 'Object Assignment Add Not Authorized' -class ObjectCategoryAssignmentDelNotAuthorized(AdminAssignment): - title = 'Object Category Assignment Del Not Authorized' +class ObjectAssignmentDelNotAuthorized(AdminAssignment): + title = 'Object Assignment Del Not Authorized' -class ActionCategoryAssignmentReadNotAuthorized(AdminAssignment): - title = 'Action Category Assignment Read Not Authorized' +class ActionAssignmentReadNotAuthorized(AdminAssignment): + title = 'Action Assignment Read Not Authorized' -class ActionCategoryAssignmentAddNotAuthorized(AdminAssignment): - title = 'Action Category Assignment Add Not Authorized' +class ActionAssignmentAddNotAuthorized(AdminAssignment): + title = 'Action Assignment Add Not Authorized' -class ActionCategoryAssignmentDelNotAuthorized(AdminAssignment): - title = 'Action Category Assignment Del Not Authorized' +class ActionAssignmentDelNotAuthorized(AdminAssignment): + title = 'Action Assignment Del Not Authorized' class RuleReadNotAuthorized(AdminRule): diff --git a/keystone-moon/keystone/contrib/moon/routers.py b/keystone-moon/keystone/contrib/moon/routers.py index 28409136..0aa71ff8 100644 --- a/keystone-moon/keystone/contrib/moon/routers.py +++ b/keystone-moon/keystone/contrib/moon/routers.py @@ -32,19 +32,6 @@ class Routers(wsgi.RoutersBase): logs_controller = controllers.Logs() inter_ext_controller = controllers.InterExtensions() - # Authz route - self._add_resource( - mapper, authz_controller, - path=self.PATH_PREFIX+'/authz/{tenant_id}/{subject_id}/{object_id}/{action_id}', - get_action='get_authz', - rel=self._get_rel('authz'), - path_vars={ - 'tenant_id': self._get_path('tenants'), - 'subject_id': self._get_path('subjects'), - 'object_id': self._get_path('objects'), - 'action_id': self._get_path('actions'), - }) - # Configuration route self._add_resource( mapper, configuration_controller, @@ -65,7 +52,38 @@ class Routers(wsgi.RoutersBase): rel=self._get_rel('sub_meta_rule_algorithms'), path_vars={}) - # IntraExtensions route + # Tenants route + self._add_resource( + mapper, tenants_controller, + path=self.PATH_PREFIX+'/tenants', + get_action='get_tenants', + post_action='add_tenant', + rel=self._get_rel('tenants'), + path_vars={}) + self._add_resource( + mapper, tenants_controller, + path=self.PATH_PREFIX+'/tenant/{tenant_uuid}', + get_action='get_tenant', + delete_action='del_tenant', + rel=self._get_rel('tenants'), + path_vars={ + 'tenant_uuid': self._get_path('tenants'), + }) + + # Authz route + self._add_resource( + mapper, authz_controller, + path=self.PATH_PREFIX+'/authz/{tenant_id}/{subject_id}/{object_id}/{action_id}', + get_action='get_authz', + rel=self._get_rel('authz'), + path_vars={ + 'tenant_id': self._get_path('tenants'), + 'subject_id': self._get_path('subjects'), + 'object_id': self._get_path('objects'), + 'action_id': self._get_path('actions'), + }) + + # IntraExtensions/Admin route self._add_resource( mapper, intra_ext_controller, path=self.PATH_PREFIX+'/intra_extensions', @@ -198,55 +216,55 @@ class Routers(wsgi.RoutersBase): # Scope route self._add_resource( mapper, intra_ext_controller, - path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/subject_category_scopes/{subject_category_id}', - get_action='get_subject_category_scopes', - post_action='add_subject_category_scope', - rel=self._get_rel('subject_category_scope'), + path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/subject_scopes/{subject_category_id}', + get_action='get_subject_scopes', + post_action='add_subject_scope', + rel=self._get_rel('subject_scope'), path_vars={ 'intra_extension_id': self._get_path('intra_extensions'), }) self._add_resource( mapper, intra_ext_controller, - path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/subject_category_scopes/{subject_category_id}/{subject_category_scope_id}', - get_action='get_subject_category_scope', - delete_action='del_subject_category_scope', - rel=self._get_rel('subject_category_scope'), + path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/subject_scopes/{subject_category_id}/{subject_scope_id}', + get_action='get_subject_scope', + delete_action='del_subject_scope', + rel=self._get_rel('subject_scope'), path_vars={ 'intra_extension_id': self._get_path('intra_extensions'), }) self._add_resource( mapper, intra_ext_controller, - path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/object_category_scopes/{object_category_id}', - get_action='get_object_category_scopes', - post_action='add_object_category_scope', - rel=self._get_rel('object_category_scope'), + path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/object_scopes/{object_category_id}', + get_action='get_object_scopes', + post_action='add_object_scope', + rel=self._get_rel('object_scope'), path_vars={ 'intra_extension_id': self._get_path('intra_extensions'), }) self._add_resource( mapper, intra_ext_controller, - path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/object_category_scopes/{object_category_id}/{object_category_scope_id}', - get_action='get_object_category_scope', - delete_action='del_object_category_scope', - rel=self._get_rel('object_category_scope'), + path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/object_scopes/{object_category_id}/{object_scope_id}', + get_action='get_object_scope', + delete_action='del_object_scope', + rel=self._get_rel('object_scope'), path_vars={ 'intra_extension_id': self._get_path('intra_extensions'), }) self._add_resource( mapper, intra_ext_controller, - path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/action_category_scopes/{action_category_id}', - get_action='get_action_category_scopes', - post_action='add_action_category_scope', - rel=self._get_rel('action_category_scope'), + path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/action_scopes/{action_category_id}', + get_action='get_action_scopes', + post_action='add_action_scope', + rel=self._get_rel('action_scope'), path_vars={ 'intra_extension_id': self._get_path('intra_extensions'), }) self._add_resource( mapper, intra_ext_controller, - path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/action_category_scopes/{action_category_id}/{action_category_scope_id}', - get_action='get_action_category_scope', - delete_action='del_action_category_scope', - rel=self._get_rel('action_category_scope'), + path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/action_scopes/{action_category_id}/{action_scope_id}', + get_action='get_action_scope', + delete_action='del_action_scope', + rel=self._get_rel('action_scope'), path_vars={ 'intra_extension_id': self._get_path('intra_extensions'), }) @@ -280,7 +298,7 @@ class Routers(wsgi.RoutersBase): self._add_resource( mapper, intra_ext_controller, path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/' - 'subject_assignments/{subject_id}/{subject_category_id}/{subject_category_scope_id}', + 'subject_assignments/{subject_id}/{subject_category_id}/{subject_scope_id}', delete_action='del_subject_assignment', rel=self._get_rel('subject_assignments'), path_vars={ @@ -305,7 +323,7 @@ class Routers(wsgi.RoutersBase): self._add_resource( mapper, intra_ext_controller, path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/' - 'object_assignments/{object_id}/{object_category}', + 'object_assignments/{object_id}/{object_category_id}', get_action='get_object_assignment', rel=self._get_rel('object_assignments'), path_vars={ @@ -314,7 +332,7 @@ class Routers(wsgi.RoutersBase): self._add_resource( mapper, intra_ext_controller, path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/' - 'object_assignments/{object_id}/{object_category}/{object_category_scope}', + 'object_assignments/{object_id}/{object_category_id}/{object_scope_id}', delete_action='del_object_assignment', rel=self._get_rel('object_assignments'), path_vars={ @@ -339,7 +357,7 @@ class Routers(wsgi.RoutersBase): self._add_resource( mapper, intra_ext_controller, path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/' - 'action_assignments/{action_id}/{action_category}', + 'action_assignments/{action_id}/{action_category_id}', get_action='get_action_assignment', rel=self._get_rel('action_assignments'), path_vars={ @@ -348,7 +366,7 @@ class Routers(wsgi.RoutersBase): self._add_resource( mapper, intra_ext_controller, path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/' - 'action_assignments/{action_id}/{action_category}/{action_category_scope}', + 'action_assignments/{action_id}/{action_category_id}/{action_scope_id}', delete_action='del_action_assignment', rel=self._get_rel('action_assignments'), path_vars={ @@ -358,7 +376,7 @@ class Routers(wsgi.RoutersBase): # Metarule route self._add_resource( mapper, intra_ext_controller, - path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/aggregation_algorithms', + path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/aggregation_algorithm', post_action='add_aggregation_algorithm', rel=self._get_rel('aggregation_algorithms'), path_vars={ @@ -366,7 +384,7 @@ class Routers(wsgi.RoutersBase): }) self._add_resource( mapper, intra_ext_controller, - path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/aggregation_algorithms/{aggregation_algorithm_id}', + path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/aggregation_algorithm/{aggregation_algorithm_id}', get_action='get_aggregation_algorithm', delete_action='del_aggregation_algorithm', rel=self._get_rel('aggregation_algorithms'), @@ -395,7 +413,7 @@ class Routers(wsgi.RoutersBase): # Rules route self._add_resource( mapper, intra_ext_controller, - path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/rules/{sub_meta_rule_id}', + path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/rule/{sub_meta_rule_id}', get_action='get_rules', post_action='add_rule', rel=self._get_rel('rules'), @@ -404,7 +422,7 @@ class Routers(wsgi.RoutersBase): }) self._add_resource( mapper, intra_ext_controller, - path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/rules/{sub_meta_rule_id}/{rule_id}', + path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/rule/{sub_meta_rule_id}/{rule_id}', get_action='get_rule', delete_action='del_rule', rel=self._get_rel('rules'), @@ -412,24 +430,6 @@ class Routers(wsgi.RoutersBase): 'intra_extension_id': self._get_path('intra_extensions'), }) - # Tenants route - self._add_resource( - mapper, tenants_controller, - path=self.PATH_PREFIX+'/tenants', - get_action='get_tenants', - post_action='add_tenant', - rel=self._get_rel('tenants'), - path_vars={}) - self._add_resource( - mapper, tenants_controller, - path=self.PATH_PREFIX+'/tenant/{tenant_uuid}', - get_action='get_tenant', - delete_action='del_tenant', - rel=self._get_rel('tenants'), - path_vars={ - 'tenant_uuid': self._get_path('tenants'), - }) - # Logs route self._add_resource( mapper, logs_controller, diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py index f527ee9e..0e5d69d4 100644 --- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py +++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py @@ -96,7 +96,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): return _user def delete_admin_intra_extension(self): - self.manager.delete_intra_extension(self.ref["id"]) + self.manager.del_intra_extension(self.ref["id"]) def test_subjects(self): self.create_user("demo") @@ -134,7 +134,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): self.assertNotIn(new_subject["id"], subjects["subjects"]) # Add a particular subject - subjects = self.manager.add_subject_dict("admin", self.ref["id"], new_subject["id"]) + subjects = self.manager.add_subject("admin", self.ref["id"], new_subject["id"]) self.assertIsInstance(subjects, dict) self.assertIn("subject", subjects) self.assertIn("uuid", subjects["subject"]) @@ -183,7 +183,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): self.assertNotIn(new_object["id"], objects["objects"]) # Add a particular object - objects = self.manager.add_object_dict("admin", self.ref["id"], new_object["name"]) + objects = self.manager.add_object("admin", self.ref["id"], new_object["name"]) self.assertIsInstance(objects, dict) self.assertIn("object", objects) self.assertIn("uuid", objects["object"]) @@ -233,7 +233,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): self.assertNotIn(new_action["id"], actions["actions"]) # Add a particular action - actions = self.manager.add_action_dict("admin", self.ref["id"], new_action["name"]) + actions = self.manager.add_action("admin", self.ref["id"], new_action["name"]) self.assertIsInstance(actions, dict) self.assertIn("action", actions) self.assertIn("uuid", actions["action"]) @@ -283,7 +283,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): self.assertNotIn(new_subject_category["id"], subject_categories["subject_categories"]) # Add a particular subject_category - subject_categories = self.manager.add_subject_category_dict( + subject_categories = self.manager.add_subject_category( "admin", self.ref["id"], new_subject_category["name"]) @@ -338,7 +338,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): self.assertNotIn(new_object_category["id"], object_categories["object_categories"]) # Add a particular object_category - object_categories = self.manager.add_object_category_dict( + object_categories = self.manager.add_object_category( "admin", self.ref["id"], new_object_category["name"]) @@ -393,7 +393,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): self.assertNotIn(new_action_category["id"], action_categories["action_categories"]) # Add a particular action_category - action_categories = self.manager.add_action_category_dict( + action_categories = self.manager.add_action_category( "admin", self.ref["id"], new_action_category["name"]) @@ -427,7 +427,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): ) for subject_category in subject_categories["subject_categories"]: - subject_category_scope = self.manager.get_subject_category_scope_dict( + subject_category_scope = self.manager.get_subject_scope_dict( "admin", self.ref["id"], subject_category) @@ -441,7 +441,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): new_subject_category_scope = dict() new_subject_category_scope_uuid = uuid.uuid4().hex new_subject_category_scope[new_subject_category_scope_uuid] = "new_subject_category_scope" - subject_category_scope = self.manager.set_subject_category_scope_dict( + subject_category_scope = self.manager.set_subject_scope_dict( "admin", self.ref["id"], subject_category, @@ -455,12 +455,12 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): subject_category_scope["subject_category_scope"][subject_category].values()) # Delete the new subject_category_scope - self.manager.del_subject_category_scope( + self.manager.del_subject_scope( "admin", self.ref["id"], subject_category, new_subject_category_scope_uuid) - subject_category_scope = self.manager.get_subject_category_scope_dict( + subject_category_scope = self.manager.get_subject_scope_dict( "admin", self.ref["id"], subject_category) @@ -472,7 +472,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): self.assertNotIn(new_subject_category_scope_uuid, subject_category_scope["subject_category_scope"]) # Add a particular subject_category_scope - subject_category_scope = self.manager.add_subject_category_scope_dict( + subject_category_scope = self.manager.add_subject_scope( "admin", self.ref["id"], subject_category, @@ -482,7 +482,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): self.assertIn("uuid", subject_category_scope["subject_category_scope"]) self.assertEqual(new_subject_category_scope[new_subject_category_scope_uuid], subject_category_scope["subject_category_scope"]["name"]) - subject_category_scope = self.manager.get_subject_category_scope_dict( + subject_category_scope = self.manager.get_subject_scope_dict( "admin", self.ref["id"], subject_category) @@ -508,7 +508,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): ) for object_category in object_categories["object_categories"]: - object_category_scope = self.manager.get_object_category_scope_dict( + object_category_scope = self.manager.get_object_scope_dict( "admin", self.ref["id"], object_category) @@ -522,7 +522,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): new_object_category_scope = dict() new_object_category_scope_uuid = uuid.uuid4().hex new_object_category_scope[new_object_category_scope_uuid] = "new_object_category_scope" - object_category_scope = self.manager.set_object_category_scope_dict( + object_category_scope = self.manager.set_object_scope_dict( "admin", self.ref["id"], object_category, @@ -536,12 +536,12 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): object_category_scope["object_category_scope"][object_category].values()) # Delete the new object_category_scope - self.manager.del_object_category_scope( + self.manager.del_object_scope( "admin", self.ref["id"], object_category, new_object_category_scope_uuid) - object_category_scope = self.manager.get_object_category_scope_dict( + object_category_scope = self.manager.get_object_scope_dict( "admin", self.ref["id"], object_category) @@ -553,7 +553,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): self.assertNotIn(new_object_category_scope_uuid, object_category_scope["object_category_scope"]) # Add a particular object_category_scope - object_category_scope = self.manager.add_object_category_scope_dict( + object_category_scope = self.manager.add_object_scope( "admin", self.ref["id"], object_category, @@ -563,7 +563,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): self.assertIn("uuid", object_category_scope["object_category_scope"]) self.assertEqual(new_object_category_scope[new_object_category_scope_uuid], object_category_scope["object_category_scope"]["name"]) - object_category_scope = self.manager.get_object_category_scope_dict( + object_category_scope = self.manager.get_object_scope_dict( "admin", self.ref["id"], object_category) @@ -589,7 +589,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): ) for action_category in action_categories["action_categories"]: - action_category_scope = self.manager.get_action_category_scope_dict( + action_category_scope = self.manager.get_action_scope_dict( "admin", self.ref["id"], action_category) @@ -603,7 +603,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): new_action_category_scope = dict() new_action_category_scope_uuid = uuid.uuid4().hex new_action_category_scope[new_action_category_scope_uuid] = "new_action_category_scope" - action_category_scope = self.manager.set_action_category_scope_dict( + action_category_scope = self.manager.set_action_scope_dict( "admin", self.ref["id"], action_category, @@ -617,12 +617,12 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): action_category_scope["action_category_scope"][action_category].values()) # Delete the new action_category_scope - self.manager.del_action_category_scope( + self.manager.del_action_scope( "admin", self.ref["id"], action_category, new_action_category_scope_uuid) - action_category_scope = self.manager.get_action_category_scope_dict( + action_category_scope = self.manager.get_action_scope_dict( "admin", self.ref["id"], action_category) @@ -634,7 +634,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): self.assertNotIn(new_action_category_scope_uuid, action_category_scope["action_category_scope"]) # Add a particular action_category_scope - action_category_scope = self.manager.add_action_category_scope_dict( + action_category_scope = self.manager.add_action_scope( "admin", self.ref["id"], action_category, @@ -644,7 +644,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): self.assertIn("uuid", action_category_scope["action_category_scope"]) self.assertEqual(new_action_category_scope[new_action_category_scope_uuid], action_category_scope["action_category_scope"]["name"]) - action_category_scope = self.manager.get_action_category_scope_dict( + action_category_scope = self.manager.get_action_scope_dict( "admin", self.ref["id"], action_category) @@ -676,7 +676,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): ) for subject_category in subject_categories["subject_categories"]: - subject_category_scope = self.manager.get_subject_category_scope_dict( + subject_category_scope = self.manager.get_subject_scope_dict( "admin", self.ref["id"], subject_category) @@ -690,7 +690,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): new_subject_category_scope = dict() new_subject_category_scope_uuid = uuid.uuid4().hex new_subject_category_scope[new_subject_category_scope_uuid] = "admin" - subject_category_scope = self.manager.set_subject_category_scope_dict( + subject_category_scope = self.manager.set_subject_scope_dict( "admin", self.ref["id"], subject_category, @@ -706,7 +706,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): new_subject_category_scope2 = dict() new_subject_category_scope2_uuid = uuid.uuid4().hex new_subject_category_scope2[new_subject_category_scope2_uuid] = "dev" - subject_category_scope = self.manager.set_subject_category_scope_dict( + subject_category_scope = self.manager.set_subject_scope_dict( "admin", self.ref["id"], subject_category, @@ -719,7 +719,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): self.assertIn(new_subject_category_scope2[new_subject_category_scope2_uuid], subject_category_scope["subject_category_scope"][subject_category].values()) - subject_category_assignments = self.manager.get_subject_category_assignment_dict( + subject_category_assignments = self.manager.get_subject_assignment_dict( "admin", self.ref["id"], new_subject["id"] @@ -731,7 +731,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): self.assertEqual(self.ref["id"], subject_category_assignments["intra_extension_uuid"]) self.assertEqual({}, subject_category_assignments["subject_category_assignments"][new_subject["id"]]) - subject_category_assignments = self.manager.set_subject_category_assignment_dict( + subject_category_assignments = self.manager.set_subject_assignment_dict( "admin", self.ref["id"], new_subject["id"], @@ -747,7 +747,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): self.assertEqual( {new_subject_category_uuid: [new_subject_category_scope_uuid, new_subject_category_scope2_uuid]}, subject_category_assignments["subject_category_assignments"][new_subject["id"]]) - subject_category_assignments = self.manager.get_subject_category_assignment_dict( + subject_category_assignments = self.manager.get_subject_assignment_dict( "admin", self.ref["id"], new_subject["id"] @@ -761,14 +761,14 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): {new_subject_category_uuid: [new_subject_category_scope_uuid, new_subject_category_scope2_uuid]}, subject_category_assignments["subject_category_assignments"][new_subject["id"]]) - self.manager.del_subject_category_assignment( + self.manager.del_subject_assignment( "admin", self.ref["id"], new_subject["id"], new_subject_category_uuid, new_subject_category_scope_uuid ) - subject_category_assignments = self.manager.get_subject_category_assignment_dict( + subject_category_assignments = self.manager.get_subject_assignment_dict( "admin", self.ref["id"], new_subject["id"] @@ -782,7 +782,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): {new_subject_category_uuid: [new_subject_category_scope2_uuid, ]}, subject_category_assignments["subject_category_assignments"][new_subject["id"]]) - data = self.manager.add_subject_category_assignment_dict( + data = self.manager.add_subject_assignment( "admin", self.ref["id"], new_subject["id"], @@ -790,7 +790,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): new_subject_category_scope_uuid ) - subject_category_assignments = self.manager.get_subject_category_assignment_dict( + subject_category_assignments = self.manager.get_subject_assignment_dict( "admin", self.ref["id"], new_subject["id"] @@ -825,7 +825,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): ) for object_category in object_categories["object_categories"]: - object_category_scope = self.manager.get_object_category_scope_dict( + object_category_scope = self.manager.get_object_scope_dict( "admin", self.ref["id"], object_category) @@ -839,7 +839,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): new_object_category_scope = dict() new_object_category_scope_uuid = uuid.uuid4().hex new_object_category_scope[new_object_category_scope_uuid] = "admin" - object_category_scope = self.manager.set_object_category_scope_dict( + object_category_scope = self.manager.set_object_scope_dict( "admin", self.ref["id"], object_category, @@ -855,7 +855,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): new_object_category_scope2 = dict() new_object_category_scope2_uuid = uuid.uuid4().hex new_object_category_scope2[new_object_category_scope2_uuid] = "dev" - object_category_scope = self.manager.set_object_category_scope_dict( + object_category_scope = self.manager.set_object_scope_dict( "admin", self.ref["id"], object_category, @@ -868,7 +868,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): self.assertIn(new_object_category_scope2[new_object_category_scope2_uuid], object_category_scope["object_category_scope"][object_category].values()) - object_category_assignments = self.manager.get_object_category_assignment_dict( + object_category_assignments = self.manager.get_object_assignment_dict( "admin", self.ref["id"], new_object["id"] @@ -896,7 +896,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): self.assertEqual( {new_object_category_uuid: [new_object_category_scope_uuid, new_object_category_scope2_uuid]}, object_category_assignments["object_category_assignments"][new_object["id"]]) - object_category_assignments = self.manager.get_object_category_assignment_dict( + object_category_assignments = self.manager.get_object_assignment_dict( "admin", self.ref["id"], new_object["id"] @@ -910,14 +910,14 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): {new_object_category_uuid: [new_object_category_scope_uuid, new_object_category_scope2_uuid]}, object_category_assignments["object_category_assignments"][new_object["id"]]) - self.manager.del_object_category_assignment( + self.manager.del_object_assignment( "admin", self.ref["id"], new_object["id"], new_object_category_uuid, new_object_category_scope_uuid ) - object_category_assignments = self.manager.get_object_category_assignment_dict( + object_category_assignments = self.manager.get_object_assignment_dict( "admin", self.ref["id"], new_object["id"] @@ -931,7 +931,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): {new_object_category_uuid: [new_object_category_scope2_uuid, ]}, object_category_assignments["object_category_assignments"][new_object["id"]]) - self.manager.add_object_category_assignment_dict( + self.manager.add_object_assignment( "admin", self.ref["id"], new_object["id"], @@ -939,7 +939,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): new_object_category_scope_uuid ) - object_category_assignments = self.manager.get_object_category_assignment_dict( + object_category_assignments = self.manager.get_object_assignment_dict( "admin", self.ref["id"], new_object["id"] @@ -974,7 +974,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): ) for action_category in action_categories["action_categories"]: - action_category_scope = self.manager.get_action_category_scope_dict( + action_category_scope = self.manager.get_action_scope_dict( "admin", self.ref["id"], action_category) @@ -988,7 +988,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): new_action_category_scope = dict() new_action_category_scope_uuid = uuid.uuid4().hex new_action_category_scope[new_action_category_scope_uuid] = "admin" - action_category_scope = self.manager.set_action_category_scope_dict( + action_category_scope = self.manager.set_action_scope_dict( "admin", self.ref["id"], action_category, @@ -1004,7 +1004,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): new_action_category_scope2 = dict() new_action_category_scope2_uuid = uuid.uuid4().hex new_action_category_scope2[new_action_category_scope2_uuid] = "dev" - action_category_scope = self.manager.set_action_category_scope_dict( + action_category_scope = self.manager.set_action_scope_dict( "admin", self.ref["id"], action_category, @@ -1017,7 +1017,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): self.assertIn(new_action_category_scope2[new_action_category_scope2_uuid], action_category_scope["action_category_scope"][action_category].values()) - action_category_assignments = self.manager.get_action_category_assignment_dict( + action_category_assignments = self.manager.get_action_assignment_dict( "admin", self.ref["id"], new_action["id"] @@ -1029,7 +1029,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): self.assertEqual(self.ref["id"], action_category_assignments["intra_extension_uuid"]) self.assertEqual({}, action_category_assignments["action_category_assignments"][new_action["id"]]) - action_category_assignments = self.manager.set_action_category_assignment_dict( + action_category_assignments = self.manager.set_action_assignment_dict( "admin", self.ref["id"], new_action["id"], @@ -1045,7 +1045,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): self.assertEqual( {new_action_category_uuid: [new_action_category_scope_uuid, new_action_category_scope2_uuid]}, action_category_assignments["action_category_assignments"][new_action["id"]]) - action_category_assignments = self.manager.get_action_category_assignment_dict( + action_category_assignments = self.manager.get_action_assignment_dict( "admin", self.ref["id"], new_action["id"] @@ -1059,14 +1059,14 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): {new_action_category_uuid: [new_action_category_scope_uuid, new_action_category_scope2_uuid]}, action_category_assignments["action_category_assignments"][new_action["id"]]) - self.manager.del_action_category_assignment( + self.manager.del_action_assignment( "admin", self.ref["id"], new_action["id"], new_action_category_uuid, new_action_category_scope_uuid ) - action_category_assignments = self.manager.get_action_category_assignment_dict( + action_category_assignments = self.manager.get_action_assignment_dict( "admin", self.ref["id"], new_action["id"] @@ -1080,7 +1080,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): {new_action_category_uuid: [new_action_category_scope2_uuid, ]}, action_category_assignments["action_category_assignments"][new_action["id"]]) - self.manager.add_action_category_assignment_dict( + self.manager.add_action_assignment( "admin", self.ref["id"], new_action["id"], @@ -1088,7 +1088,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): new_action_category_scope_uuid ) - action_category_assignments = self.manager.get_action_category_assignment_dict( + action_category_assignments = self.manager.get_action_assignment_dict( "admin", self.ref["id"], new_action["id"] @@ -1125,7 +1125,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): self.assertIn("aggregation", aggregation_algorithm) self.assertIn(aggregation_algorithm["aggregation"], aggregation_algorithms["aggregation_algorithms"]) - sub_meta_rules = self.manager.get_sub_meta_rule("admin", self.ref["id"]) + sub_meta_rules = self.manager.get_sub_meta_rule_dict("admin", self.ref["id"]) self.assertIsInstance(sub_meta_rules, dict) self.assertIn("sub_meta_rules", sub_meta_rules) sub_meta_rules_conf = json.load(open(os.path.join(self.policy_directory, self.ref["model"], "metarule.json"))) @@ -1155,7 +1155,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): new_subject_category = {"id": uuid.uuid4().hex, "name": "subject_category_test"} # Add a particular subject_category - data = self.manager.add_subject_category_dict( + data = self.manager.add_subject_category( "admin", self.ref["id"], new_subject_category["name"]) @@ -1170,7 +1170,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): self.assertEqual(self.ref["id"], subject_categories["intra_extension_uuid"]) self.assertIn(new_subject_category["id"], subject_categories["subject_categories"]) metarule[relation]["subject_categories"].append(new_subject_category["id"]) - _sub_meta_rules = self.manager.set_sub_meta_rule("admin", self.ref["id"], metarule) + _sub_meta_rules = self.manager.set_sub_meta_rule_dict("admin", self.ref["id"], metarule) self.assertIn(relation, metarule) for item in ("subject_categories", "object_categories", "action_categories"): self.assertEqual( @@ -1183,7 +1183,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): self.create_user("admin") self.create_intra_extension() - sub_meta_rules = self.manager.get_sub_meta_rule("admin", self.ref["id"]) + sub_meta_rules = self.manager.get_sub_meta_rule_dict("admin", self.ref["id"]) self.assertIsInstance(sub_meta_rules, dict) self.assertIn("sub_meta_rules", sub_meta_rules) @@ -1196,9 +1196,9 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): rules[relation] = list() for rule in sub_rules["rules"][relation]: for cat, cat_func, func_name in ( - ("subject_categories", self.manager.get_subject_category_scope_dict, "subject_category_scope"), - ("action_categories", self.manager.get_action_category_scope_dict, "action_category_scope"), - ("object_categories", self.manager.get_object_category_scope_dict, "object_category_scope"), + ("subject_categories", self.manager.get_subject_scope_dict, "subject_category_scope"), + ("action_categories", self.manager.get_action_scope_dict, "action_category_scope"), + ("object_categories", self.manager.get_object_scope_dict, "object_category_scope"), ): for cat_value in sub_meta_rules["sub_meta_rules"][relation][cat]: scope = cat_func( @@ -1215,9 +1215,9 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): relation = sub_rules["rules"].keys()[0] sub_rule = [] for cat, cat_func, func_name in ( - ("subject_categories", self.manager.get_subject_category_scope_dict, "subject_category_scope"), - ("action_categories", self.manager.get_action_category_scope_dict, "action_category_scope"), - ("object_categories", self.manager.get_object_category_scope_dict, "object_category_scope"), + ("subject_categories", self.manager.get_subject_scope_dict, "subject_category_scope"), + ("action_categories", self.manager.get_action_scope_dict, "action_category_scope"), + ("object_categories", self.manager.get_object_scope_dict, "object_category_scope"), ): for cat_value in sub_meta_rules["sub_meta_rules"][relation][cat]: scope = cat_func( @@ -1238,9 +1238,9 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase): rules[relation] = list() for rule in sub_rules["rules"][relation]: for cat, cat_func, func_name in ( - ("subject_categories", self.manager.get_subject_category_scope_dict, "subject_category_scope"), - ("action_categories", self.manager.get_action_category_scope_dict, "action_category_scope"), - ("object_categories", self.manager.get_object_category_scope_dict, "object_category_scope"), + ("subject_categories", self.manager.get_subject_scope_dict, "subject_category_scope"), + ("action_categories", self.manager.get_action_scope_dict, "action_category_scope"), + ("object_categories", self.manager.get_object_scope_dict, "object_category_scope"), ): for cat_value in sub_meta_rules["sub_meta_rules"][relation][cat]: scope = cat_func( @@ -1368,10 +1368,10 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): # Add a particular subject self.assertRaises( SubjectAddNotAuthorized, - self.manager.add_subject_dict, + self.manager.add_subject, demo_user["id"], ref["id"], new_subject["id"]) - subjects = self.manager.add_subject_dict(admin_user["id"], ref["id"], new_subject["id"]) + subjects = self.manager.add_subject(admin_user["id"], ref["id"], new_subject["id"]) self.assertIsInstance(subjects, dict) self.assertIn("subject", subjects) self.assertIn("uuid", subjects["subject"]) @@ -1438,10 +1438,10 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): # Add a particular object self.assertRaises( ObjectAddNotAuthorized, - self.manager.add_object_dict, + self.manager.add_object, demo_user["id"], ref["id"], new_object["name"]) - objects = self.manager.add_object_dict(admin_user["id"], ref["id"], new_object["name"]) + objects = self.manager.add_object(admin_user["id"], ref["id"], new_object["name"]) self.assertIsInstance(objects, dict) self.assertIn("object", objects) self.assertIn("uuid", objects["object"]) @@ -1509,10 +1509,10 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): # Add a particular action self.assertRaises( ActionAddNotAuthorized, - self.manager.add_action_dict, + self.manager.add_action, demo_user["id"], ref["id"], new_action["name"]) - actions = self.manager.add_action_dict(admin_user["id"], ref["id"], new_action["name"]) + actions = self.manager.add_action(admin_user["id"], ref["id"], new_action["name"]) self.assertIsInstance(actions, dict) self.assertIn("action", actions) self.assertIn("uuid", actions["action"]) @@ -1580,10 +1580,10 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): # Add a particular subject_category self.assertRaises( SubjectCategoryAddNotAuthorized, - self.manager.add_subject_category_dict, + self.manager.add_subject_category, demo_user["id"], ref["id"], new_subject_category["name"]) - subject_categories = self.manager.add_subject_category_dict( + subject_categories = self.manager.add_subject_category( admin_user["id"], ref["id"], new_subject_category["name"]) @@ -1659,7 +1659,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): self.manager.add_object_category, demo_user["id"], ref["id"], new_object_category["name"]) - object_categories = self.manager.add_object_category_dict( + object_categories = self.manager.add_object_category( admin_user["id"], ref["id"], new_object_category["name"]) @@ -1737,10 +1737,10 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): # Add a particular action_category self.assertRaises( ActionCategoryAddNotAuthorized, - self.manager.add_action_category_dict, + self.manager.add_action_category, demo_user["id"], ref["id"], new_action_category["name"]) - action_categories = self.manager.add_action_category_dict( + action_categories = self.manager.add_action_category( admin_user["id"], ref["id"], new_action_category["name"]) @@ -1776,10 +1776,10 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): for subject_category in subject_categories["subject_categories"]: self.assertRaises( SubjectCategoryScopeReadNotAuthorized, - self.manager.get_subject_category_scope_dict, + self.manager.get_subject_scope_dict, demo_user["id"], ref["id"], subject_category) - subject_category_scope = self.manager.get_subject_category_scope_dict( + subject_category_scope = self.manager.get_subject_scope_dict( admin_user["id"], ref["id"], subject_category) @@ -1796,10 +1796,10 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): self.assertRaises( SubjectCategoryScopeAddNotAuthorized, - self.manager.set_subject_category_scope_dict, + self.manager.set_subject_scope_dict, demo_user["id"], ref["id"], subject_category, new_subject_category_scope) - subject_category_scope = self.manager.set_subject_category_scope_dict( + subject_category_scope = self.manager.set_subject_scope_dict( admin_user["id"], ref["id"], subject_category, @@ -1818,12 +1818,12 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): self.manager.del_subject_category_scope_dict, demo_user["id"], ref["id"], subject_category, new_subject_category_scope_uuid) - self.manager.del_subject_category_scope( + self.manager.del_subject_scope( admin_user["id"], ref["id"], subject_category, new_subject_category_scope_uuid) - subject_category_scope = self.manager.get_subject_category_scope_dict( + subject_category_scope = self.manager.get_subject_scope_dict( admin_user["id"], ref["id"], subject_category) @@ -1837,11 +1837,11 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): # Add a particular subject_category_scope self.assertRaises( SubjectCategoryScopeAddNotAuthorized, - self.manager.add_subject_category_scope_dict, + self.manager.add_subject_scope, demo_user["id"], ref["id"], subject_category, new_subject_category_scope[new_subject_category_scope_uuid]) - subject_category_scope = self.manager.add_subject_category_scope_dict( + subject_category_scope = self.manager.add_subject_scope( admin_user["id"], ref["id"], subject_category, @@ -1851,7 +1851,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): self.assertIn("uuid", subject_category_scope["subject_category_scope"]) self.assertEqual(new_subject_category_scope[new_subject_category_scope_uuid], subject_category_scope["subject_category_scope"]["name"]) - subject_category_scope = self.manager.get_subject_category_scope_dict( + subject_category_scope = self.manager.get_subject_scope_dict( admin_user["id"], ref["id"], subject_category) @@ -1879,10 +1879,10 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): for object_category in object_categories["object_categories"]: self.assertRaises( ObjectCategoryScopeReadNotAuthorized, - self.manager.get_object_category_scope_dict, + self.manager.get_object_scope_dict, demo_user["id"], ref["id"], object_category) - object_category_scope = self.manager.get_object_category_scope_dict( + object_category_scope = self.manager.get_object_scope_dict( admin_user["id"], ref["id"], object_category) @@ -1899,10 +1899,10 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): self.assertRaises( ObjectCategoryScopeAddNotAuthorized, - self.manager.set_object_category_scope_dict, + self.manager.set_object_scope_dict, demo_user["id"], ref["id"], object_category, new_object_category_scope) - object_category_scope = self.manager.set_object_category_scope_dict( + object_category_scope = self.manager.set_object_scope_dict( admin_user["id"], ref["id"], object_category, @@ -1921,12 +1921,12 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): self.manager.del_object_category_scope_dict, demo_user["id"], ref["id"], object_category, new_object_category_scope) - self.manager.del_object_category_scope( + self.manager.del_object_scope( admin_user["id"], ref["id"], object_category, new_object_category_scope_uuid) - object_category_scope = self.manager.get_object_category_scope_dict( + object_category_scope = self.manager.get_object_scope_dict( admin_user["id"], ref["id"], object_category) @@ -1940,12 +1940,12 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): # Add a particular object_category_scope self.assertRaises( ObjectCategoryScopeAddNotAuthorized, - self.manager.add_object_category_scope_dict, + self.manager.add_object_scope, demo_user["id"], ref["id"], object_category, new_object_category_scope[new_object_category_scope_uuid] ) - object_category_scope = self.manager.add_object_category_scope_dict( + object_category_scope = self.manager.add_object_scope( admin_user["id"], ref["id"], object_category, @@ -1955,7 +1955,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): self.assertIn("uuid", object_category_scope["object_category_scope"]) self.assertEqual(new_object_category_scope[new_object_category_scope_uuid], object_category_scope["object_category_scope"]["name"]) - object_category_scope = self.manager.get_object_category_scope_dict( + object_category_scope = self.manager.get_object_scope_dict( admin_user["id"], ref["id"], object_category) @@ -1983,10 +1983,10 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): for action_category in action_categories["action_categories"]: self.assertRaises( ActionCategoryScopeReadNotAuthorized, - self.manager.get_object_category_scope_dict, + self.manager.get_object_scope_dict, demo_user["id"], ref["id"], action_category) - action_category_scope = self.manager.get_action_category_scope_dict( + action_category_scope = self.manager.get_action_scope_dict( admin_user["id"], ref["id"], action_category) @@ -2003,10 +2003,10 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): self.assertRaises( ActionCategoryScopeAddNotAuthorized, - self.manager.set_action_category_scope_dict, + self.manager.set_action_scope_dict, demo_user["id"], ref["id"], action_category, new_action_category_scope) - action_category_scope = self.manager.set_action_category_scope_dict( + action_category_scope = self.manager.set_action_scope_dict( admin_user["id"], ref["id"], action_category, @@ -2027,12 +2027,12 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): new_action_category_scope_uuid ) - self.manager.del_action_category_scope( + self.manager.del_action_scope( admin_user["id"], ref["id"], action_category, new_action_category_scope_uuid) - action_category_scope = self.manager.get_action_category_scope_dict( + action_category_scope = self.manager.get_action_scope_dict( admin_user["id"], ref["id"], action_category) @@ -2046,12 +2046,12 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): # Add a particular action_category_scope self.assertRaises( ActionCategoryScopeAddNotAuthorized, - self.manager.add_action_category_scope_dict, + self.manager.add_action_scope, demo_user["id"], ref["id"], action_category, new_action_category_scope[new_action_category_scope_uuid] ) - action_category_scope = self.manager.add_action_category_scope_dict( + action_category_scope = self.manager.add_action_scope( admin_user["id"], ref["id"], action_category, @@ -2061,7 +2061,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): self.assertIn("uuid", action_category_scope["action_category_scope"]) self.assertEqual(new_action_category_scope[new_action_category_scope_uuid], action_category_scope["action_category_scope"]["name"]) - action_category_scope = self.manager.get_action_category_scope_dict( + action_category_scope = self.manager.get_action_scope_dict( admin_user["id"], ref["id"], action_category) @@ -2093,7 +2093,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): ) for subject_category in subject_categories["subject_categories"]: - subject_category_scope = self.manager.get_subject_category_scope_dict( + subject_category_scope = self.manager.get_subject_scope_dict( admin_user["id"], ref["id"], subject_category) @@ -2107,7 +2107,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): new_subject_category_scope = dict() new_subject_category_scope_uuid = uuid.uuid4().hex new_subject_category_scope[new_subject_category_scope_uuid] = admin_user["id"] - subject_category_scope = self.manager.set_subject_category_scope_dict( + subject_category_scope = self.manager.set_subject_scope_dict( admin_user["id"], ref["id"], subject_category, @@ -2123,7 +2123,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): new_subject_category_scope2 = dict() new_subject_category_scope2_uuid = uuid.uuid4().hex new_subject_category_scope2[new_subject_category_scope2_uuid] = "dev" - subject_category_scope = self.manager.set_subject_category_scope_dict( + subject_category_scope = self.manager.set_subject_scope_dict( admin_user["id"], ref["id"], subject_category, @@ -2138,10 +2138,10 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): self.assertRaises( SubjectCategoryAssignmentReadNotAuthorized, - self.manager.get_subject_category_assignment_dict, + self.manager.get_subject_assignment_dict, demo_user["id"], ref["id"], new_subject["id"]) - subject_category_assignments = self.manager.get_subject_category_assignment_dict( + subject_category_assignments = self.manager.get_subject_assignment_dict( admin_user["id"], ref["id"], new_subject["id"] @@ -2155,14 +2155,14 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): self.assertRaises( SubjectCategoryAssignmentAddNotAuthorized, - self.manager.set_subject_category_assignment_dict, + self.manager.set_subject_assignment_dict, demo_user["id"], ref["id"], new_subject["id"], { new_subject_category_uuid: [new_subject_category_scope_uuid, new_subject_category_scope2_uuid], } ) - subject_category_assignments = self.manager.set_subject_category_assignment_dict( + subject_category_assignments = self.manager.set_subject_assignment_dict( admin_user["id"], ref["id"], new_subject["id"], @@ -2178,7 +2178,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): self.assertEqual( {new_subject_category_uuid: [new_subject_category_scope_uuid, new_subject_category_scope2_uuid]}, subject_category_assignments["subject_category_assignments"][new_subject["id"]]) - subject_category_assignments = self.manager.get_subject_category_assignment_dict( + subject_category_assignments = self.manager.get_subject_assignment_dict( admin_user["id"], ref["id"], new_subject["id"] @@ -2200,14 +2200,14 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): new_subject_category_scope_uuid ) - self.manager.del_subject_category_assignment( + self.manager.del_subject_assignment( admin_user["id"], ref["id"], new_subject["id"], new_subject_category_uuid, new_subject_category_scope_uuid ) - subject_category_assignments = self.manager.get_subject_category_assignment_dict( + subject_category_assignments = self.manager.get_subject_assignment_dict( admin_user["id"], ref["id"], new_subject["id"] @@ -2223,13 +2223,13 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): self.assertRaises( SubjectCategoryAssignmentAddNotAuthorized, - self.manager.add_subject_category_assignment_dict, + self.manager.add_subject_assignment, demo_user["id"], ref["id"], new_subject["id"], new_subject_category_uuid, new_subject_category_scope_uuid ) - data = self.manager.add_subject_category_assignment_dict( + data = self.manager.add_subject_assignment( admin_user["id"], ref["id"], new_subject["id"], @@ -2237,7 +2237,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): new_subject_category_scope_uuid ) - subject_category_assignments = self.manager.get_subject_category_assignment_dict( + subject_category_assignments = self.manager.get_subject_assignment_dict( admin_user["id"], ref["id"], new_subject["id"] @@ -2272,7 +2272,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): ) for object_category in object_categories["object_categories"]: - object_category_scope = self.manager.get_object_category_scope_dict( + object_category_scope = self.manager.get_object_scope_dict( admin_user["id"], ref["id"], object_category) @@ -2286,7 +2286,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): new_object_category_scope = dict() new_object_category_scope_uuid = uuid.uuid4().hex new_object_category_scope[new_object_category_scope_uuid] = admin_user["id"] - object_category_scope = self.manager.set_object_category_scope_dict( + object_category_scope = self.manager.set_object_scope_dict( admin_user["id"], ref["id"], object_category, @@ -2302,7 +2302,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): new_object_category_scope2 = dict() new_object_category_scope2_uuid = uuid.uuid4().hex new_object_category_scope2[new_object_category_scope2_uuid] = "dev" - object_category_scope = self.manager.set_object_category_scope_dict( + object_category_scope = self.manager.set_object_scope_dict( admin_user["id"], ref["id"], object_category, @@ -2317,11 +2317,11 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): self.assertRaises( ObjectCategoryAssignmentReadNotAuthorized, - self.manager.get_object_category_assignment_dict, + self.manager.get_object_assignment_dict, demo_user["id"], ref["id"], new_object["id"] ) - object_category_assignments = self.manager.get_object_category_assignment_dict( + object_category_assignments = self.manager.get_object_assignment_dict( admin_user["id"], ref["id"], new_object["id"] @@ -2358,7 +2358,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): self.assertEqual( {new_object_category_uuid: [new_object_category_scope_uuid, new_object_category_scope2_uuid]}, object_category_assignments["object_category_assignments"][new_object["id"]]) - object_category_assignments = self.manager.get_object_category_assignment_dict( + object_category_assignments = self.manager.get_object_assignment_dict( admin_user["id"], ref["id"], new_object["id"] @@ -2380,14 +2380,14 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): new_object_category_scope_uuid ) - self.manager.del_object_category_assignment( + self.manager.del_object_assignment( admin_user["id"], ref["id"], new_object["id"], new_object_category_uuid, new_object_category_scope_uuid ) - object_category_assignments = self.manager.get_object_category_assignment_dict( + object_category_assignments = self.manager.get_object_assignment_dict( admin_user["id"], ref["id"], new_object["id"] @@ -2403,13 +2403,13 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): self.assertRaises( ObjectCategoryAssignmentAddNotAuthorized, - self.manager.add_object_category_assignment_dict, + self.manager.add_object_assignment, demo_user["id"], ref["id"], new_object["id"], new_object_category_uuid, new_object_category_scope_uuid ) - self.manager.add_object_category_assignment_dict( + self.manager.add_object_assignment( admin_user["id"], ref["id"], new_object["id"], @@ -2417,7 +2417,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): new_object_category_scope_uuid ) - object_category_assignments = self.manager.get_object_category_assignment_dict( + object_category_assignments = self.manager.get_object_assignment_dict( admin_user["id"], ref["id"], new_object["id"] @@ -2452,7 +2452,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): ) for action_category in action_categories["action_categories"]: - action_category_scope = self.manager.get_action_category_scope_dict( + action_category_scope = self.manager.get_action_scope_dict( admin_user["id"], ref["id"], action_category) @@ -2466,7 +2466,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): new_action_category_scope = dict() new_action_category_scope_uuid = uuid.uuid4().hex new_action_category_scope[new_action_category_scope_uuid] = admin_user["id"] - action_category_scope = self.manager.set_action_category_scope_dict( + action_category_scope = self.manager.set_action_scope_dict( admin_user["id"], ref["id"], action_category, @@ -2482,7 +2482,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): new_action_category_scope2 = dict() new_action_category_scope2_uuid = uuid.uuid4().hex new_action_category_scope2[new_action_category_scope2_uuid] = "dev" - action_category_scope = self.manager.set_action_category_scope_dict( + action_category_scope = self.manager.set_action_scope_dict( admin_user["id"], ref["id"], action_category, @@ -2497,11 +2497,11 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): self.assertRaises( ActionCategoryAssignmentReadNotAuthorized, - self.manager.get_action_category_assignment_dict, + self.manager.get_action_assignment_dict, demo_user["id"], ref["id"], new_action["id"] ) - action_category_assignments = self.manager.get_action_category_assignment_dict( + action_category_assignments = self.manager.get_action_assignment_dict( admin_user["id"], ref["id"], new_action["id"] @@ -2515,14 +2515,14 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): self.assertRaises( ActionCategoryAssignmentAddNotAuthorized, - self.manager.set_action_category_assignment_dict, + self.manager.set_action_assignment_dict, demo_user["id"], ref["id"], new_action["id"], { new_action_category_uuid: [new_action_category_scope_uuid, new_action_category_scope2_uuid], } ) - action_category_assignments = self.manager.set_action_category_assignment_dict( + action_category_assignments = self.manager.set_action_assignment_dict( admin_user["id"], ref["id"], new_action["id"], @@ -2538,7 +2538,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): self.assertEqual( {new_action_category_uuid: [new_action_category_scope_uuid, new_action_category_scope2_uuid]}, action_category_assignments["action_category_assignments"][new_action["id"]]) - action_category_assignments = self.manager.get_action_category_assignment_dict( + action_category_assignments = self.manager.get_action_assignment_dict( admin_user["id"], ref["id"], new_action["id"] @@ -2560,14 +2560,14 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): new_action_category_scope_uuid ) - self.manager.del_action_category_assignment( + self.manager.del_action_assignment( admin_user["id"], ref["id"], new_action["id"], new_action_category_uuid, new_action_category_scope_uuid ) - action_category_assignments = self.manager.get_action_category_assignment_dict( + action_category_assignments = self.manager.get_action_assignment_dict( admin_user["id"], ref["id"], new_action["id"] @@ -2583,13 +2583,13 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): self.assertRaises( ActionCategoryAssignmentAddNotAuthorized, - self.manager.add_action_category_assignment_dict, + self.manager.add_action_assignment, demo_user["id"], ref["id"], new_action["id"], new_action_category_uuid, new_action_category_scope_uuid ) - self.manager.add_action_category_assignment_dict( + self.manager.add_action_assignment( admin_user["id"], ref["id"], new_action["id"], @@ -2597,7 +2597,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): new_action_category_scope_uuid ) - action_category_assignments = self.manager.get_action_category_assignment_dict( + action_category_assignments = self.manager.get_action_assignment_dict( admin_user["id"], ref["id"], new_action["id"] @@ -2649,11 +2649,11 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): self.assertRaises( MetaRuleReadNotAuthorized, - self.manager.get_sub_meta_rule, + self.manager.get_sub_meta_rule_dict, demo_user["id"], ref["id"] ) - sub_meta_rules = self.manager.get_sub_meta_rule(admin_user["id"], ref["id"]) + sub_meta_rules = self.manager.get_sub_meta_rule_dict(admin_user["id"], ref["id"]) self.assertIsInstance(sub_meta_rules, dict) self.assertIn("sub_meta_rules", sub_meta_rules) sub_meta_rules_conf = json.load(open(os.path.join(self.policy_directory, ref["model"], "metarule.json"))) @@ -2683,7 +2683,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): new_subject_category = {"id": uuid.uuid4().hex, "name": "subject_category_test"} # Add a particular subject_category - data = self.manager.add_subject_category_dict( + data = self.manager.add_subject_category( admin_user["id"], ref["id"], new_subject_category["name"]) @@ -2701,11 +2701,11 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): self.assertRaises( MetaRuleAddNotAuthorized, - self.manager.set_sub_meta_rule, + self.manager.set_sub_meta_rule_dict, demo_user["id"], ref["id"], metarule ) - _sub_meta_rules = self.manager.set_sub_meta_rule(admin_user["id"], ref["id"], metarule) + _sub_meta_rules = self.manager.set_sub_meta_rule_dict(admin_user["id"], ref["id"], metarule) self.assertIn(relation, metarule) for item in ("subject_categories", "object_categories", "action_categories"): self.assertEqual( @@ -2718,7 +2718,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): admin_user = self.create_user("admin") ref = self.create_intra_extension() - sub_meta_rules = self.manager.get_sub_meta_rule(admin_user["id"], ref["id"]) + sub_meta_rules = self.manager.get_sub_meta_rule_dict(admin_user["id"], ref["id"]) self.assertIsInstance(sub_meta_rules, dict) self.assertIn("sub_meta_rules", sub_meta_rules) @@ -2737,9 +2737,9 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): rules[relation] = list() for rule in sub_rules["rules"][relation]: for cat, cat_func, func_name in ( - ("subject_categories", self.manager.get_subject_category_scope_dict, "subject_category_scope"), - ("action_categories", self.manager.get_action_category_scope_dict, "action_category_scope"), - ("object_categories", self.manager.get_object_category_scope_dict, "object_category_scope"), + ("subject_categories", self.manager.get_subject_scope_dict, "subject_category_scope"), + ("action_categories", self.manager.get_action_scope_dict, "action_category_scope"), + ("object_categories", self.manager.get_object_scope_dict, "object_category_scope"), ): for cat_value in sub_meta_rules["sub_meta_rules"][relation][cat]: scope = cat_func( @@ -2756,9 +2756,9 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): relation = sub_rules["rules"].keys()[0] sub_rule = [] for cat, cat_func, func_name in ( - ("subject_categories", self.manager.get_subject_category_scope_dict, "subject_category_scope"), - ("action_categories", self.manager.get_action_category_scope_dict, "action_category_scope"), - ("object_categories", self.manager.get_object_category_scope_dict, "object_category_scope"), + ("subject_categories", self.manager.get_subject_scope_dict, "subject_category_scope"), + ("action_categories", self.manager.get_action_scope_dict, "action_category_scope"), + ("object_categories", self.manager.get_object_scope_dict, "object_category_scope"), ): for cat_value in sub_meta_rules["sub_meta_rules"][relation][cat]: scope = cat_func( @@ -2785,9 +2785,9 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase): rules[relation] = list() for rule in sub_rules["rules"][relation]: for cat, cat_func, func_name in ( - ("subject_categories", self.manager.get_subject_category_scope_dict, "subject_category_scope"), - ("action_categories", self.manager.get_action_category_scope_dict, "action_category_scope"), - ("object_categories", self.manager.get_object_category_scope_dict, "object_category_scope"), + ("subject_categories", self.manager.get_subject_scope_dict, "subject_category_scope"), + ("action_categories", self.manager.get_action_scope_dict, "action_category_scope"), + ("object_categories", self.manager.get_object_scope_dict, "object_category_scope"), ): for cat_value in sub_meta_rules["sub_meta_rules"][relation][cat]: scope = cat_func( diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py index b07b4c1d..707c138d 100644 --- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py +++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py @@ -137,7 +137,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): def test_delete_admin_intra_extension(self): self.assertRaises( AdminException, - self.manager.delete_intra_extension, + self.manager.del_intra_extension, self.ref["id"]) def test_authz_exceptions(self): @@ -162,7 +162,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): # Test when subject is known but not the object demo_user = self.create_user("demo") - self.manager.add_subject_dict( + self.manager.add_subject( admin_user['id'], self.ref["id"], demo_user["id"] @@ -175,7 +175,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): ) # Test when subject and object are known but not the action - _tmp = self.manager.add_object_dict( + _tmp = self.manager.add_object( admin_user['id'], self.ref["id"], "my_object" @@ -189,7 +189,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): ) # Test when subject and object and action are known - _tmp = self.manager.add_action_dict( + _tmp = self.manager.add_action( admin_user['id'], self.ref["id"], "my_action" @@ -203,14 +203,14 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): ) # Add a subject scope and test ObjectCategoryAssignmentOutOfScope - _tmp = self.manager.add_subject_category_dict( + _tmp = self.manager.add_subject_category( admin_user['id'], self.ref["id"], "my_subject_category" ) my_subject_category = {"id": _tmp[0], "name": _tmp[1]} - _tmp = self.manager.add_subject_category_scope_dict( + _tmp = self.manager.add_subject_scope( admin_user['id'], self.ref["id"], my_subject_category["id"], @@ -225,14 +225,14 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): ) # Add an object scope and test ActionCategoryAssignmentOutOfScope - _tmp = self.manager.add_object_category_dict( + _tmp = self.manager.add_object_category( admin_user['id'], self.ref["id"], "my_object_category" ) my_object_category = {"id": _tmp[0], "name": _tmp[1]} - _tmp = self.manager.add_object_category_scope_dict( + _tmp = self.manager.add_object_scope( admin_user['id'], self.ref["id"], my_object_category["id"], @@ -247,14 +247,14 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): ) # Add an action scope and test SubjectCategoryAssignmentUnknown - _tmp = self.manager.add_action_category_dict( + _tmp = self.manager.add_action_category( admin_user['id'], self.ref["id"], "my_action_category" ) my_action_category = {"id": _tmp[0], "name": _tmp[1]} - _tmp = self.manager.add_action_category_scope_dict( + _tmp = self.manager.add_action_scope( admin_user['id'], self.ref["id"], my_action_category["id"], @@ -269,7 +269,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): ) # Add a subject assignment and test ObjectCategoryAssignmentUnknown - self.manager.add_subject_category_assignment_dict( + self.manager.add_subject_assignment( admin_user['id'], self.ref["id"], demo_user["id"], @@ -284,7 +284,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): ) # Add an object assignment and test ActionCategoryAssignmentUnknown - self.manager.add_object_category_assignment_dict( + self.manager.add_object_assignment( admin_user['id'], self.ref["id"], demo_user["id"], @@ -299,7 +299,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): ) # Add an action assignment and test RuleUnknown - self.manager.add_action_category_assignment_dict( + self.manager.add_action_assignment( admin_user['id'], self.ref["id"], demo_user["id"], @@ -322,7 +322,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): "relation": "relation_super" } } - self.manager.set_sub_meta_rule( + self.manager.set_sub_meta_rule_dict( admin_user['id'], self.ref["id"], my_meta_rule @@ -370,7 +370,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): # Add a particular subject self.assertRaises( SubjectAddNotAuthorized, - self.manager.add_subject_dict, + self.manager.add_subject, admin_user["id"], ref["id"], new_subject["id"]) def test_objects(self): @@ -406,7 +406,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): # Add a particular object self.assertRaises( ObjectAddNotAuthorized, - self.manager.add_object_dict, + self.manager.add_object, admin_user["id"], ref["id"], new_object["name"]) def test_actions(self): @@ -442,7 +442,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): # Add a particular action self.assertRaises( ActionAddNotAuthorized, - self.manager.add_action_dict, + self.manager.add_action, admin_user["id"], ref["id"], new_action["id"]) def test_subject_categories(self): @@ -478,7 +478,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): # Add a particular subject_category self.assertRaises( SubjectCategoryAddNotAuthorized, - self.manager.add_subject_category_dict, + self.manager.add_subject_category, admin_user["id"], ref["id"], new_subject_category["name"]) def test_object_categories(self): @@ -514,7 +514,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): # Add a particular object_category self.assertRaises( ObjectCategoryAddNotAuthorized, - self.manager.add_object_category_dict, + self.manager.add_object_category, admin_user["id"], ref["id"], new_object_category["name"]) def test_action_categories(self): @@ -550,7 +550,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): # Add a particular action_category self.assertRaises( ActionCategoryAddNotAuthorized, - self.manager.add_action_category_dict, + self.manager.add_action_category, admin_user["id"], ref["id"], new_action_category["name"]) def test_subject_category_scope(self): @@ -571,7 +571,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): ) for subject_category in subject_categories["subject_categories"]: - subject_category_scope = self.manager.get_subject_category_scope_dict( + subject_category_scope = self.manager.get_subject_scope_dict( admin_user["id"], ref["id"], subject_category) @@ -587,19 +587,19 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): new_subject_category_scope[new_subject_category_scope_uuid] = "new_subject_category_scope" self.assertRaises( SubjectCategoryScopeAddNotAuthorized, - self.manager.set_subject_category_scope_dict, + self.manager.set_subject_scope_dict, admin_user["id"], ref["id"], subject_category, new_subject_category_scope) # Delete the new subject_category_scope self.assertRaises( SubjectCategoryScopeDelNotAuthorized, - self.manager.del_subject_category_scope, + self.manager.del_subject_scope, admin_user["id"], ref["id"], subject_category, new_subject_category_scope_uuid) # Add a particular subject_category_scope self.assertRaises( SubjectCategoryScopeAddNotAuthorized, - self.manager.add_subject_category_scope_dict, + self.manager.add_subject_scope, admin_user["id"], ref["id"], subject_category, new_subject_category_scope[new_subject_category_scope_uuid]) def test_object_category_scope(self): @@ -620,7 +620,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): ) for object_category in object_categories["object_categories"]: - object_category_scope = self.manager.get_object_category_scope_dict( + object_category_scope = self.manager.get_object_scope_dict( admin_user["id"], ref["id"], object_category) @@ -636,19 +636,19 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): new_object_category_scope[new_object_category_scope_uuid] = "new_object_category_scope" self.assertRaises( ObjectCategoryScopeAddNotAuthorized, - self.manager.set_object_category_scope_dict, + self.manager.set_object_scope_dict, admin_user["id"], ref["id"], object_category, new_object_category_scope) # Delete the new object_category_scope self.assertRaises( ObjectCategoryScopeDelNotAuthorized, - self.manager.del_object_category_scope, + self.manager.del_object_scope, admin_user["id"], ref["id"], object_category, new_object_category_scope_uuid) # Add a particular object_category_scope self.assertRaises( ObjectCategoryScopeAddNotAuthorized, - self.manager.add_object_category_scope_dict, + self.manager.add_object_scope, admin_user["id"], ref["id"], object_category, new_object_category_scope[new_object_category_scope_uuid]) def test_action_category_scope(self): @@ -669,7 +669,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): ) for action_category in action_categories["action_categories"]: - action_category_scope = self.manager.get_action_category_scope_dict( + action_category_scope = self.manager.get_action_scope_dict( admin_user["id"], ref["id"], action_category) @@ -685,19 +685,19 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): new_action_category_scope[new_action_category_scope_uuid] = "new_action_category_scope" self.assertRaises( ActionCategoryScopeAddNotAuthorized, - self.manager.set_action_category_scope_dict, + self.manager.set_action_scope_dict, admin_user["id"], ref["id"], action_category, new_action_category_scope) # Delete the new action_category_scope self.assertRaises( ActionCategoryScopeDelNotAuthorized, - self.manager.del_action_category_scope, + self.manager.del_action_scope, admin_user["id"], ref["id"], action_category, new_action_category_scope_uuid) # Add a particular action_category_scope self.assertRaises( ActionCategoryScopeAddNotAuthorized, - self.manager.add_action_category_scope_dict, + self.manager.add_action_scope, admin_user["id"], ref["id"], action_category, new_action_category_scope[new_action_category_scope_uuid]) def test_subject_category_assignment(self): @@ -724,7 +724,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): ) for subject_category in subject_categories["subject_categories"]: - subject_category_scope = self.admin_manager.get_subject_category_scope_dict( + subject_category_scope = self.admin_manager.get_subject_scope_dict( admin_user["id"], ref["id"], subject_category) @@ -738,7 +738,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): new_subject_category_scope = dict() new_subject_category_scope_uuid = uuid.uuid4().hex new_subject_category_scope[new_subject_category_scope_uuid] = admin_user["id"] - subject_category_scope = self.admin_manager.set_subject_category_scope_dict( + subject_category_scope = self.admin_manager.set_subject_scope_dict( admin_user["id"], ref["id"], subject_category, @@ -754,7 +754,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): new_subject_category_scope2 = dict() new_subject_category_scope2_uuid = uuid.uuid4().hex new_subject_category_scope2[new_subject_category_scope2_uuid] = "dev" - subject_category_scope = self.admin_manager.set_subject_category_scope_dict( + subject_category_scope = self.admin_manager.set_subject_scope_dict( admin_user["id"], ref["id"], subject_category, @@ -767,7 +767,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): self.assertIn(new_subject_category_scope2[new_subject_category_scope2_uuid], subject_category_scope["subject_category_scope"][subject_category].values()) - subject_category_assignments = self.manager.get_subject_category_assignment_dict( + subject_category_assignments = self.manager.get_subject_assignment_dict( admin_user["id"], ref["id"], new_subject["id"] @@ -781,7 +781,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): self.assertRaises( SubjectCategoryAssignmentAddNotAuthorized, - self.manager.set_subject_category_assignment_dict, + self.manager.set_subject_assignment_dict, admin_user["id"], ref["id"], new_subject["id"], { new_subject_category_uuid: [new_subject_category_scope_uuid, new_subject_category_scope2_uuid], @@ -789,14 +789,14 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): self.assertRaises( SubjectCategoryAssignmentDelNotAuthorized, - self.manager.del_subject_category_assignment, + self.manager.del_subject_assignment, admin_user["id"], ref["id"], new_subject["id"], new_subject_category_uuid, new_subject_category_scope_uuid) self.assertRaises( SubjectCategoryAssignmentAddNotAuthorized, - self.manager.add_subject_category_assignment_dict, + self.manager.add_subject_assignment, admin_user["id"], ref["id"], new_subject["id"], new_subject_category_uuid, new_subject_category_scope_uuid) @@ -825,7 +825,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): ) for object_category in object_categories["object_categories"]: - object_category_scope = self.admin_manager.get_object_category_scope_dict( + object_category_scope = self.admin_manager.get_object_scope_dict( admin_user["id"], ref["id"], object_category) @@ -839,7 +839,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): new_object_category_scope = dict() new_object_category_scope_uuid = uuid.uuid4().hex new_object_category_scope[new_object_category_scope_uuid] = admin_user["id"] - object_category_scope = self.admin_manager.set_object_category_scope_dict( + object_category_scope = self.admin_manager.set_object_scope_dict( admin_user["id"], ref["id"], object_category, @@ -855,7 +855,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): new_object_category_scope2 = dict() new_object_category_scope2_uuid = uuid.uuid4().hex new_object_category_scope2[new_object_category_scope2_uuid] = "dev" - object_category_scope = self.admin_manager.set_object_category_scope_dict( + object_category_scope = self.admin_manager.set_object_scope_dict( admin_user["id"], ref["id"], object_category, @@ -868,7 +868,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): self.assertIn(new_object_category_scope2[new_object_category_scope2_uuid], object_category_scope["object_category_scope"][object_category].values()) - object_category_assignments = self.manager.get_object_category_assignment_dict( + object_category_assignments = self.manager.get_object_assignment_dict( admin_user["id"], ref["id"], new_object["id"] @@ -890,14 +890,14 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): self.assertRaises( ObjectCategoryAssignmentDelNotAuthorized, - self.manager.del_object_category_assignment, + self.manager.del_object_assignment, admin_user["id"], ref["id"], new_object["id"], new_object_category_uuid, new_object_category_scope_uuid) self.assertRaises( ObjectCategoryAssignmentAddNotAuthorized, - self.manager.add_object_category_assignment_dict, + self.manager.add_object_assignment, admin_user["id"], ref["id"], new_object["id"], new_object_category_uuid, new_object_category_scope_uuid) @@ -926,7 +926,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): ) for action_category in action_categories["action_categories"]: - action_category_scope = self.admin_manager.get_action_category_scope_dict( + action_category_scope = self.admin_manager.get_action_scope_dict( admin_user["id"], ref["id"], action_category) @@ -940,7 +940,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): new_action_category_scope = dict() new_action_category_scope_uuid = uuid.uuid4().hex new_action_category_scope[new_action_category_scope_uuid] = admin_user["id"] - action_category_scope = self.admin_manager.set_action_category_scope_dict( + action_category_scope = self.admin_manager.set_action_scope_dict( admin_user["id"], ref["id"], action_category, @@ -956,7 +956,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): new_action_category_scope2 = dict() new_action_category_scope2_uuid = uuid.uuid4().hex new_action_category_scope2[new_action_category_scope2_uuid] = "dev" - action_category_scope = self.admin_manager.set_action_category_scope_dict( + action_category_scope = self.admin_manager.set_action_scope_dict( admin_user["id"], ref["id"], action_category, @@ -969,7 +969,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): self.assertIn(new_action_category_scope2[new_action_category_scope2_uuid], action_category_scope["action_category_scope"][action_category].values()) - action_category_assignments = self.manager.get_action_category_assignment_dict( + action_category_assignments = self.manager.get_action_assignment_dict( admin_user["id"], ref["id"], new_action["id"] @@ -983,7 +983,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): self.assertRaises( ActionCategoryAssignmentAddNotAuthorized, - self.manager.set_action_category_assignment_dict, + self.manager.set_action_assignment_dict, admin_user["id"], ref["id"], new_action["id"], { new_action_category_uuid: [new_action_category_scope_uuid, new_action_category_scope2_uuid], @@ -991,14 +991,14 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): self.assertRaises( ActionCategoryAssignmentDelNotAuthorized, - self.manager.del_action_category_assignment, + self.manager.del_action_assignment, admin_user["id"], ref["id"], new_action["id"], new_action_category_uuid, new_action_category_scope_uuid) self.assertRaises( ActionCategoryAssignmentAddNotAuthorized, - self.manager.add_action_category_assignment_dict, + self.manager.add_action_assignment, admin_user["id"], ref["id"], new_action["id"], new_action_category_uuid, new_action_category_scope_uuid) @@ -1029,7 +1029,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): self.manager.set_aggregation_algorithm, admin_user["id"], ref["id"], _aggregation_algorithm[0]) - sub_meta_rules = self.manager.get_sub_meta_rule(admin_user["id"], ref["id"]) + sub_meta_rules = self.manager.get_sub_meta_rule_dict(admin_user["id"], ref["id"]) self.assertIsInstance(sub_meta_rules, dict) self.assertIn("sub_meta_rules", sub_meta_rules) sub_meta_rules_conf = json.load(open(os.path.join(self.policy_directory, ref["model"], "metarule.json"))) @@ -1059,7 +1059,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): new_subject_category = {"id": uuid.uuid4().hex, "name": "subject_category_test"} # Add a particular subject_category - data = self.admin_manager.add_subject_category_dict( + data = self.admin_manager.add_subject_category( admin_user["id"], ref["id"], new_subject_category["name"]) @@ -1076,7 +1076,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): metarule[relation]["subject_categories"].append(new_subject_category["id"]) self.assertRaises( MetaRuleAddNotAuthorized, - self.manager.set_sub_meta_rule, + self.manager.set_sub_meta_rule_dict, admin_user["id"], ref["id"], metarule) def test_sub_rules(self): @@ -1087,7 +1087,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): ref_admin = self.create_intra_extension("policy_admin") self.create_mapping(tenant, ref["id"], ref_admin["id"]) - sub_meta_rules = self.manager.get_sub_meta_rule(admin_user["id"], ref["id"]) + sub_meta_rules = self.manager.get_sub_meta_rule_dict(admin_user["id"], ref["id"]) self.assertIsInstance(sub_meta_rules, dict) self.assertIn("sub_meta_rules", sub_meta_rules) @@ -1100,9 +1100,9 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): rules[relation] = list() for rule in sub_rules["rules"][relation]: for cat, cat_func, func_name in ( - ("subject_categories", self.manager.get_subject_category_scope_dict, "subject_category_scope"), - ("action_categories", self.manager.get_action_category_scope_dict, "action_category_scope"), - ("object_categories", self.manager.get_object_category_scope_dict, "object_category_scope"), + ("subject_categories", self.manager.get_subject_scope_dict, "subject_category_scope"), + ("action_categories", self.manager.get_action_scope_dict, "action_category_scope"), + ("object_categories", self.manager.get_object_scope_dict, "object_category_scope"), ): for cat_value in sub_meta_rules["sub_meta_rules"][relation][cat]: scope = cat_func( @@ -1118,9 +1118,9 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase): relation = sub_rules["rules"].keys()[0] sub_rule = [] for cat, cat_func, func_name in ( - ("subject_categories", self.manager.get_subject_category_scope_dict, "subject_category_scope"), - ("action_categories", self.manager.get_action_category_scope_dict, "action_category_scope"), - ("object_categories", self.manager.get_object_category_scope_dict, "object_category_scope"), + ("subject_categories", self.manager.get_subject_scope_dict, "subject_category_scope"), + ("action_categories", self.manager.get_action_scope_dict, "action_category_scope"), + ("object_categories", self.manager.get_object_scope_dict, "object_category_scope"), ): for cat_value in sub_meta_rules["sub_meta_rules"][relation][cat]: scope = cat_func( diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_log.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_log.py index 49f6812c..a4ea1d36 100644 --- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_log.py +++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_log.py @@ -98,7 +98,7 @@ class TestIntraExtensionAdminManager(tests.TestCase): return _user def delete_admin_intra_extension(self): - self.manager.delete_intra_extension(self.ref["id"]) + self.manager.del_intra_extension(self.ref["id"]) def send_logs(self): log_authz = "Test for authz " + uuid.uuid4().hex -- cgit 1.2.3-korg