from keystone import config
from keystone.contrib.moon.core import ConfigurationDriver
from oslo_log import log
-
+import hashlib
CONF = config.CONF
LOG = log.getLogger(__name__)
def __init__(self):
super(ConfigurationConnector, self).__init__()
self.aggregation_algorithms_dict = dict()
- self.aggregation_algorithms_dict[uuid4().hex] = {'name': 'all_true', 'description': 'all_true'}
- self.aggregation_algorithms_dict[uuid4().hex] = {'name': 'one_true', 'description': 'one_true'}
+ self.aggregation_algorithms_dict[hashlib.sha224("all_true").hexdigest()[:32]] = \
+ {'name': 'all_true', 'description': 'all rules must match'}
+ self.aggregation_algorithms_dict[hashlib.sha224("one_true").hexdigest()[:32]] = \
+ {'name': 'one_true', 'description': 'only one rule has to match'}
self.sub_meta_rule_algorithms_dict = dict()
self.sub_meta_rule_algorithms_dict[uuid4().hex] = {'name': 'inclusion', 'description': 'inclusion'}
self.sub_meta_rule_algorithms_dict[uuid4().hex] = {'name': 'comparison', 'description': 'comparison'}
# Getter and Setter for sub_meta_rule
- def get_aggregation_algorithm_dict(self, intra_extension_id):
+ def get_aggregation_algorithm_id(self, intra_extension_id):
with sql.transaction() as session:
- query = session.query(AggregationAlgorithm)
- query = query.filter_by(intra_extension_id=intra_extension_id)
+ query = session.query(IntraExtension)
+ query = query.filter_by(id=intra_extension_id)
ref = query.first()
try:
- return {ref.id: ref.aggregation_algorithm}
- except AttributeError:
- return {}
+ return ref.intra_extension["aggregation_algorithm"]
+ except KeyError:
+ return ""
- def set_aggregation_algorithm_dict(self, intra_extension_id, aggregation_algorithm_id, aggregation_algorithm_dict):
+ def set_aggregation_algorithm_id(self, intra_extension_id, aggregation_algorithm_id):
with sql.transaction() as session:
- query = session.query(AggregationAlgorithm)
- query = query.filter_by(intra_extension_id=intra_extension_id)
+ query = session.query(IntraExtension)
+ query = query.filter_by(id=intra_extension_id)
ref = query.first()
- new_ref = AggregationAlgorithm.from_dict(
- {
- "id": aggregation_algorithm_id,
- 'aggregation_algorithm': aggregation_algorithm_dict,
- 'intra_extension_id': intra_extension_id
- }
- )
- if ref:
- session.delete(ref)
- session.add(new_ref)
- session.flush()
- return self.get_aggregation_algorithm_dict(intra_extension_id)
+ intra_extension_dict = dict(ref.intra_extension)
+ intra_extension_dict["aggregation_algorithm"] = aggregation_algorithm_id
+ setattr(ref, "intra_extension", intra_extension_dict)
+ return self.get_aggregation_algorithm_id(intra_extension_id)
- def del_aggregation_algorithm(self, intra_extension_id, aggregation_algorithm_id):
+ def del_aggregation_algorithm(self, intra_extension_id):
with sql.transaction() as session:
query = session.query(AggregationAlgorithm)
- query = query.filter_by(intra_extension_id=intra_extension_id, id=aggregation_algorithm_id)
+ query = query.filter_by(intra_extension_id=intra_extension_id)
ref = query.first()
session.delete(ref)
user_id = self._get_user_id_from_token(context.get('token_id'))
intra_extension_id = kw.get('intra_extension_id', None)
aggregation_algorithm_id = kw.get('aggregation_algorithm_id', None)
- aggregation_algorithm_dict = dict()
- aggregation_algorithm_dict['name'] = kw.get('aggregation_algorithm_name', None)
- aggregation_algorithm_dict['description'] = kw.get('aggregation_algorithm_description', None)
- return self.admin_api.set_aggregation_algorithm_dict(user_id, intra_extension_id, aggregation_algorithm_id, aggregation_algorithm_dict)
+ return self.admin_api.set_aggregation_algorithm_dict(user_id, intra_extension_id, aggregation_algorithm_id)
@controller.protected()
def get_sub_meta_rules(self, context, **kw):
@dependency.provider('tenant_api')
+@dependency.requires('admin_api', 'resource_api', 'root_api')
@dependency.requires('moonlog_api', 'admin_api', 'configuration_api', 'root_api', 'resource_api')
class TenantManager(manager.Manager):
return self.driver.set_tenant_dict(tenant_id, tenant_dict)
+
@dependency.requires('identity_api', 'tenant_api', 'configuration_api', 'authz_api', 'admin_api', 'moonlog_api', 'root_api')
class IntraExtensionManager(manager.Manager):
def __init__(self):
super(IntraExtensionManager, self).__init__(CONF.moon.intraextension_driver)
+ self.__init_aggregation_algorithm()
+
+ def __init_aggregation_algorithm(self):
+ try:
+ self.root_extension_id = self.root_api.get_root_extension_id()
+ self.aggregation_algorithm_dict = self.configuration_api.get_aggregation_algorithms_dict(self.root_extension_id)
+ except AttributeError:
+ self.root_extension_id = None
+ self.aggregation_algorithm_dict = {}
def __get_authz_buffer(self, intra_extension_id, subject_id, object_id, action_id):
"""
meta_rule_dict[sub_meta_rule_id],
self.driver.get_rules_dict(intra_extension_id, sub_meta_rule_id).values())
- aggregation_algorithm_dict = self.driver.get_aggregation_algorithm_dict(intra_extension_id)
- # We suppose here that we have only one aggregation algorithm for one intra_extension
- # TODO: need more work on this part of the model HR: what to do?
- aggregation_algorithm_id = aggregation_algorithm_dict.keys()[0]
- if aggregation_algorithm_dict[aggregation_algorithm_id]['name'] == 'all_true':
+ if not self.root_extension_id:
+ self.__init_aggregation_algorithm()
+ aggregation_algorithm_id = self.driver.get_aggregation_algorithm_id(intra_extension_id)
+ if self.aggregation_algorithm_dict[aggregation_algorithm_id]['name'] == 'all_true':
decision = all_true(decision_buffer)
- elif aggregation_algorithm_dict[aggregation_algorithm_id]['name'] == 'one_true':
+ elif self.aggregation_algorithm_dict[aggregation_algorithm_id]['name'] == 'one_true':
decision = one_true(decision_buffer)
if not decision:
raise AuthzException("{} {}-{}-{}".format(intra_extension_id, subject_id, action_id, object_id))
"aggregation": json_metarule["aggregation"],
"sub_meta_rules": metarule
}
- self.driver.set_aggregation_algorithm_dict(intra_extension_dict["id"], uuid4().hex,
- {
- "name": json_metarule["aggregation"],
- "description": json_metarule["aggregation"],
- })
+ for _id, _value in self.configuration_api.driver.get_aggregation_algorithms_dict().iteritems():
+ if _value["name"] == json_metarule["aggregation"]:
+ self.driver.set_aggregation_algorithm_id(intra_extension_dict["id"], _id)
def __load_rule_file(self, intra_extension_dict, policy_dir):
for rule_id in self.driver.get_rules_dict(intra_extension_id, sub_meta_rule_id):
self.driver.del_rule(intra_extension_id, sub_meta_rule_id, rule_id)
self.driver.del_sub_meta_rule(intra_extension_id, sub_meta_rule_id)
- for aggregation_algorithm_id in self.driver.get_aggregation_algorithm_dict(intra_extension_id):
- self.driver.del_aggregation_algorithm(intra_extension_id, aggregation_algorithm_id)
+ self.driver.del_aggregation_algorithm(intra_extension_id)
for subject_id in self.driver.get_subjects_dict(intra_extension_id):
for subject_category_id in self.driver.get_subject_categories_dict(intra_extension_id):
self.driver.del_subject_scope(intra_extension_id, None, None)
@filter_input
@enforce("read", "aggregation_algorithm")
- def get_aggregation_algorithm_dict(self, user_id, intra_extension_id):
+ def get_aggregation_algorithm_id(self, user_id, intra_extension_id):
"""
:param user_id:
:param intra_extension_id:
aggregation_algorithm_id: {name: xxx, description: yyy}
}
"""
- aggregation_algorithm_dict = self.driver.get_aggregation_algorithm_dict(intra_extension_id)
- if not aggregation_algorithm_dict:
+ aggregation_algorithm_id = self.driver.get_aggregation_algorithm_id(intra_extension_id)
+ if not aggregation_algorithm_id:
raise AggregationAlgorithmNotExisting()
- return aggregation_algorithm_dict
+ return aggregation_algorithm_id
@filter_input
@enforce(("read", "write"), "aggregation_algorithm")
- def set_aggregation_algorithm_dict(self, user_id, intra_extension_id, aggregation_algorithm_id, aggregation_algorithm_dict):
+ def set_aggregation_algorithm_id(self, user_id, intra_extension_id, aggregation_algorithm_id):
if aggregation_algorithm_id:
- if aggregation_algorithm_id not in self.configuration_api.get_aggregation_algorithms_dict(self.root_api.get_root_admin_id()):
+ if aggregation_algorithm_id not in self.configuration_api.get_aggregation_algorithms_dict(
+ self.root_api.get_root_admin_id()):
raise AggregationAlgorithmUnknown()
- else:
- aggregation_algorithm_id = uuid4().hex
- return self.driver.set_aggregation_algorithm_dict(intra_extension_id, aggregation_algorithm_id, aggregation_algorithm_dict)
+ return self.driver.set_aggregation_algorithm_id(intra_extension_id, aggregation_algorithm_id)
@filter_input
@enforce("read", "sub_meta_rules")
@dependency.provider('authz_api')
+#@dependency.requires('resource_api')
class IntraExtensionAuthzManager(IntraExtensionManager):
def __init__(self):
def del_action_assignment(self, user_id, intra_extension_id, action_id, action_category_id, action_scope_id):
raise AuthzException()
- def set_aggregation_algorithm_dict(self, user_id, intra_extension_id, aggregation_algorithm_id, aggregation_algorithm_dict):
+ def set_aggregation_algorithm_id(self, user_id, intra_extension_id, aggregation_algorithm_id):
raise AuthzException()
- def del_aggregation_algorithm_dict(self, user_id, intra_extension_id, aggregation_algorithm_id):
+ def del_aggregation_algorithm_(self, user_id, intra_extension_id):
raise AuthzException()
def add_sub_meta_rule_dict(self, user_id, intra_extension_id, sub_meta_rule_dict):
@dependency.provider('admin_api')
+#@dependency.requires('resource_api')
class IntraExtensionAdminManager(IntraExtensionManager):
def __init__(self):
@dependency.provider('root_api')
-@dependency.requires('moonlog_api', 'admin_api', 'tenant_api')
+#@dependency.requires('admin_api')
class IntraExtensionRootManager(IntraExtensionManager):
def __init__(self):
@dependency.provider('moonlog_api')
# Next line is mandatory in order to force keystone to process dependencies.
-@dependency.requires('identity_api', 'tenant_api', 'configuration_api', 'authz_api', 'admin_api', 'root_api')
+#@dependency.requires('identity_api', 'tenant_api', 'configuration_api', 'authz_api', 'admin_api', 'root_api')
class LogManager(manager.Manager):
driver_namespace = 'keystone.moon.log'
def get_policy_templates_dict(self):
raise exception.NotImplemented() # pragma: no cover
- def get_aggregation_algorithm_dict(self):
+ def get_aggregation_algorithm_id(self):
raise exception.NotImplemented() # pragma: no cover
def get_sub_meta_rule_algorithms_dict(self):
# Meta_rule functions
- def set_aggregation_algorithm_dict(self, intra_extension_id, aggregation_algorithm_id, aggregation_algorithm_dict):
+ def set_aggregation_algorithm_id(self, intra_extension_id, aggregation_algorithm_id):
raise exception.NotImplemented() # pragma: no cover
- def get_aggregation_algorithm_dict(self, intra_extension_id):
+ def get_aggregation_algorithm_id(self, intra_extension_id):
raise exception.NotImplemented() # pragma: no cover
- def del_aggregation_algorithm(self, intra_extension_id, aggregation_algorithm_id):
+ def del_aggregation_algorithm(self, intra_extension_id):
raise exception.NotImplemented() # pragma: no cover
def get_sub_meta_rules_dict(self, intra_extension_id):
mapper, intra_ext_controller,
path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/aggregation_algorithm',
post_action='set_aggregation_algorithm',
- rel=self._get_rel('aggregation_algorithms'),
- path_vars={
- 'intra_extension_id': self._get_path('intra_extensions'),
- })
- self._add_resource(
- mapper, intra_ext_controller,
- path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/aggregation_algorithm/{aggregation_algorithm_id}',
get_action='get_aggregation_algorithm',
rel=self._get_rel('aggregation_algorithms'),
path_vars={
from keystone.contrib.moon.core import LogManager
from keystone.contrib.moon.core import IntraExtensionAdminManager
from keystone.contrib.moon.core import IntraExtensionRootManager
+from keystone.contrib.moon.core import ConfigurationManager
+from keystone.contrib.moon.core import IntraExtensionAuthzManager
from keystone.tests.moon.unit import *
CONF = cfg.CONF
return {
"moonlog_api": LogManager(),
"admin_api": IntraExtensionAdminManager(),
- "root_api": IntraExtensionRootManager()
+ "configuration_api": ConfigurationManager(),
+ "root_api": IntraExtensionRootManager(),
+ "authz_api": IntraExtensionAuthzManager()
}
def config_overrides(self):
from oslo_config import cfg
from keystone.tests import unit as tests
from keystone.contrib.moon.core import IntraExtensionAdminManager, IntraExtensionAuthzManager
+from keystone.contrib.moon.core import IntraExtensionRootManager, ConfigurationManager
from keystone.tests.unit.ksfixtures import database
from keystone import resource
from keystone.contrib.moon.exception import *
"tenant_api": TenantManager(),
"admin_api": IntraExtensionAdminManager(),
"authz_api": IntraExtensionAuthzManager(),
+ "configuration_api": ConfigurationManager(),
# "resource_api": resource.Manager(),
}
demo_subject_id, demo_subject_dict = \
self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
- aggregation_algorithms = self.admin_manager.get_aggregation_algorithm_dict(admin_subject_id, authz_ie_dict["id"])
- for key, value in aggregation_algorithms.iteritems():
- self.assertIsInstance(value, dict)
- self.assertIn("name", value)
- self.assertIn("description", value)
+ aggregation_algorithm = self.admin_manager.get_aggregation_algorithm_id(admin_subject_id, authz_ie_dict["id"])
+ self.assertIsInstance(aggregation_algorithm, basestring)
# TODO: need more tests on aggregation_algorithms (set and del)
"tenant_api": TenantManager(),
"admin_api": IntraExtensionAdminManager(),
"authz_api": IntraExtensionAuthzManager(),
+ "configuration_api": ConfigurationManager(),
# "resource_api": resource.Manager(),
}
demo_subject_id, demo_subject_dict = \
self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
- aggregation_algorithms = self.admin_manager.get_aggregation_algorithm_dict(admin_subject_id, authz_ie_dict["id"])
- for key, value in aggregation_algorithms.iteritems():
- self.assertIsInstance(value, dict)
- self.assertIn("name", value)
- self.assertIn("description", value)
+ aggregation_algorithm = self.admin_manager.get_aggregation_algorithm_id(admin_subject_id, authz_ie_dict["id"])
+ self.assertIsInstance(aggregation_algorithm, basestring)
# TODO: need more tests on aggregation_algorithms (set and del)
self.assertIn(object_category_id, categories["object_categories"])
for subject_category_id in value["subject_categories"]:
self.assertIn(subject_category_id, categories["subject_categories"])
- # TODO: need more tests (set and del)
+ # TODO: need more tests (set and del)
def test_sub_rules(self):
authz_ie_dict = create_intra_extension(self, "policy_authz")
for relation_id in sub_meta_rules:
rules = self.admin_manager.get_rules_dict(admin_subject_id, authz_ie_dict["id"], relation_id)
rule_length = len(sub_meta_rules[relation_id]["subject_categories"]) + \
- len(sub_meta_rules[relation_id]["object_categories"]) + \
- len(sub_meta_rules[relation_id]["action_categories"]) + 1
+ len(sub_meta_rules[relation_id]["object_categories"]) + \
+ len(sub_meta_rules[relation_id]["action_categories"]) + 1
for rule_id in rules:
self.assertEqual(rule_length, len(rules[rule_id]))
rule = list(rules[rule_id])
for cat, cat_func, func_name in (
- ("subject_categories", self.admin_manager.get_subject_scopes_dict, "subject_scope"),
- ("action_categories", self.admin_manager.get_action_scopes_dict, "action_scope"),
- ("object_categories", self.admin_manager.get_object_scopes_dict, "object_scope"),
+ ("subject_categories", self.admin_manager.get_subject_scopes_dict, "subject_scope"),
+ ("action_categories", self.admin_manager.get_action_scopes_dict, "action_scope"),
+ ("object_categories", self.admin_manager.get_object_scopes_dict, "object_scope"),
):
for cat_value in sub_meta_rules[relation_id][cat]:
scope = cat_func(
sub_rule = []
for cat, cat_func, func_name in (
- ("subject_categories", self.admin_manager.get_subject_scopes_dict, "subject_scope"),
- ("action_categories", self.admin_manager.get_action_scopes_dict, "action_scope"),
- ("object_categories", self.admin_manager.get_object_scopes_dict, "object_scope"),
+ ("subject_categories", self.admin_manager.get_subject_scopes_dict, "subject_scope"),
+ ("action_categories", self.admin_manager.get_action_scopes_dict, "action_scope"),
+ ("object_categories", self.admin_manager.get_object_scopes_dict, "object_scope"),
):
for cat_value in sub_meta_rules[relation_id][cat]:
scope = cat_func(
for rule_id, rule_value in sub_rules.iteritems():
for cat, cat_func, func_name in (
- ("subject_categories", self.admin_manager.get_subject_scopes_dict, "subject_category_scope"),
- ("action_categories", self.admin_manager.get_action_scopes_dict, "action_category_scope"),
- ("object_categories", self.admin_manager.get_object_scopes_dict, "object_category_scope"),
+ ("subject_categories", self.admin_manager.get_subject_scopes_dict, "subject_category_scope"),
+ ("action_categories", self.admin_manager.get_action_scopes_dict, "action_category_scope"),
+ ("object_categories", self.admin_manager.get_object_scopes_dict, "object_category_scope"),
):
for cat_value in sub_meta_rules[relation_id][cat]:
scope = cat_func(
a_scope = rule_value.pop(0)
self.assertIn(a_scope, scope.keys())
- # TODO: add test for the delete function
+ # TODO: add test for the delete function
from oslo_config import cfg
from keystone.tests import unit as tests
from keystone.contrib.moon.core import IntraExtensionAdminManager, IntraExtensionAuthzManager, IntraExtensionRootManager
+from keystone.contrib.moon.core import ConfigurationManager
from keystone.tests.unit.ksfixtures import database
from keystone import resource
from keystone.contrib.moon.exception import *
"description": "a simple description."
}
-@dependency.requires('admin_api', 'authz_api', 'tenant_api', 'configuration_api', 'moonlog_api')
+#@dependency.requires('admin_api', 'authz_api', 'tenant_api', 'configuration_api', 'moonlog_api')
class TestIntraExtensionAuthzManagerAuthzOK(tests.TestCase):
def setUp(self):
"tenant_api": TenantManager(),
"admin_api": IntraExtensionAdminManager(),
"authz_api": IntraExtensionAuthzManager(),
+ "configuration_api": ConfigurationManager(),
# "resource_api": resource.Manager(),
}
demo_subject_id, demo_subject_dict = \
self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
- aggregation_algorithms = self.admin_manager.get_aggregation_algorithm_dict(admin_subject_id, authz_ie_dict["id"])
- for key, value in aggregation_algorithms.iteritems():
- self.assertIsInstance(value, dict)
- self.assertIn("name", value)
- self.assertIn("description", value)
+ aggregation_algorithm = self.admin_manager.get_aggregation_algorithm_id(admin_subject_id, authz_ie_dict["id"])
+ self.assertIsInstance(aggregation_algorithm, basestring)
# TODO: need more tests on aggregation_algorithms (set and del)
# TODO: add test for the delete function
-@dependency.requires('admin_api', 'authz_api', 'tenant_api', 'configuration_api', 'moonlog_api', 'identity_api', 'root_api')
+#@dependency.requires('admin_api', 'authz_api', 'tenant_api', 'configuration_api', 'moonlog_api', 'identity_api', 'root_api')
class TestIntraExtensionAuthzManagerAuthzKO(tests.TestCase):
def setUp(self):
return {
"moonlog_api": LogManager(),
"tenant_api": TenantManager(),
+ "configuration_api": ConfigurationManager(),
"admin_api": IntraExtensionAdminManager(),
"authz_api": IntraExtensionAuthzManager(),
"root_api": IntraExtensionRootManager(),
aggregation_algorithms = self.configuration_api.get_aggregation_algorithms_dict(admin_subject_id)
for _id in aggregation_algorithms:
if aggregation_algorithms[_id]["name"] == "one_true":
- agg = self.admin_manager.set_aggregation_algorithm_dict(admin_subject_id, authz_ie_dict["id"],
- _id,
- aggregation_algorithms[_id])
+ agg = self.admin_manager.set_aggregation_algorithm_id(admin_subject_id, authz_ie_dict["id"], _id)
rule = self.admin_manager.add_rule_dict(
admin_subject_id,
demo_subject_id, demo_subject_dict = \
self.admin_api.get_subject_dict_from_keystone_name(tenant['id'], admin_ie_dict['id'], 'demo').iteritems().next()
- aggregation_algorithms = self.admin_manager.get_aggregation_algorithm_dict(admin_subject_id, authz_ie_dict["id"])
- for key, value in aggregation_algorithms.iteritems():
- self.assertIsInstance(value, dict)
- self.assertIn("name", value)
- self.assertIn("description", value)
+ aggregation_algorithm = self.admin_manager.get_aggregation_algorithm_id(admin_subject_id, authz_ie_dict["id"])
+ self.assertIsInstance(aggregation_algorithm, basestring)
# TODO: need more tests on aggregation_algorithms (set and del)
self.assertIn(object_category_id, categories["object_categories"])
for subject_category_id in value["subject_categories"]:
self.assertIn(subject_category_id, categories["subject_categories"])
- # TODO: need more tests (set and del)
+ # TODO: need more tests (set and del)
def test_sub_rules(self):
authz_ie_dict = create_intra_extension(self, "policy_authz")
for relation_id in sub_meta_rules:
rules = self.admin_manager.get_rules_dict(admin_subject_id, authz_ie_dict["id"], relation_id)
rule_length = len(sub_meta_rules[relation_id]["subject_categories"]) + \
- len(sub_meta_rules[relation_id]["object_categories"]) + \
- len(sub_meta_rules[relation_id]["action_categories"]) + 1
+ len(sub_meta_rules[relation_id]["object_categories"]) + \
+ len(sub_meta_rules[relation_id]["action_categories"]) + 1
for rule_id in rules:
self.assertEqual(rule_length, len(rules[rule_id]))
rule = list(rules[rule_id])
for cat, cat_func, func_name in (
- ("subject_categories", self.admin_manager.get_subject_scopes_dict, "subject_scope"),
- ("action_categories", self.admin_manager.get_action_scopes_dict, "action_scope"),
- ("object_categories", self.admin_manager.get_object_scopes_dict, "object_scope"),
+ ("subject_categories", self.admin_manager.get_subject_scopes_dict, "subject_scope"),
+ ("action_categories", self.admin_manager.get_action_scopes_dict, "action_scope"),
+ ("object_categories", self.admin_manager.get_object_scopes_dict, "object_scope"),
):
for cat_value in sub_meta_rules[relation_id][cat]:
scope = cat_func(
sub_rule = []
for cat, cat_func, func_name in (
- ("subject_categories", self.admin_manager.get_subject_scopes_dict, "subject_scope"),
- ("action_categories", self.admin_manager.get_action_scopes_dict, "action_scope"),
- ("object_categories", self.admin_manager.get_object_scopes_dict, "object_scope"),
+ ("subject_categories", self.admin_manager.get_subject_scopes_dict, "subject_scope"),
+ ("action_categories", self.admin_manager.get_action_scopes_dict, "action_scope"),
+ ("object_categories", self.admin_manager.get_object_scopes_dict, "object_scope"),
):
for cat_value in sub_meta_rules[relation_id][cat]:
scope = cat_func(
for rule_id, rule_value in sub_rules.iteritems():
for cat, cat_func, func_name in (
- ("subject_categories", self.admin_manager.get_subject_scopes_dict, "subject_category_scope"),
- ("action_categories", self.admin_manager.get_action_scopes_dict, "action_category_scope"),
- ("object_categories", self.admin_manager.get_object_scopes_dict, "object_category_scope"),
+ ("subject_categories", self.admin_manager.get_subject_scopes_dict, "subject_category_scope"),
+ ("action_categories", self.admin_manager.get_action_scopes_dict, "action_category_scope"),
+ ("object_categories", self.admin_manager.get_object_scopes_dict, "object_category_scope"),
):
for cat_value in sub_meta_rules[relation_id][cat]:
scope = cat_func(
a_scope = rule_value.pop(0)
self.assertIn(a_scope, scope.keys())
- # TODO: add test for the delete function
+ # TODO: add test for the delete function
import time
from oslo_config import cfg
from keystone.tests import unit as tests
-from keystone.contrib.moon.core import IntraExtensionAdminManager
+from keystone.contrib.moon.core import ConfigurationManager
+from keystone.contrib.moon.core import IntraExtensionAuthzManager
from keystone.tests.unit.ksfixtures import database
from keystone import resource
from keystone.contrib.moon.exception import *
def load_extra_backends(self):
return {
"moonlog_api": LogManager(),
+ "authz_api": IntraExtensionAuthzManager(),
"tenant_api": TenantManager(),
+ "configuration_api": ConfigurationManager(),
# "resource_api": resource.Manager(),
}
import uuid
from oslo_config import cfg
from keystone.tests import unit as tests
-from keystone.contrib.moon.core import TenantManager
+from keystone.contrib.moon.core import ConfigurationManager
from keystone.tests.unit.ksfixtures import database
from keystone.contrib.moon.exception import *
from keystone.tests.unit import default_fixtures
from keystone.contrib.moon.core import LogManager
-from keystone.contrib.moon.core import ConfigurationManager
+from keystone.contrib.moon.core import IntraExtensionRootManager
+from keystone.contrib.moon.core import IntraExtensionAdminManager
from keystone.common import dependency
from keystone.tests.moon.unit import *
def load_extra_backends(self):
return {
- "moonlog_api": LogManager()
+ "moonlog_api": LogManager(),
+ "admin_api": IntraExtensionAdminManager(),
+ "configuration_api": ConfigurationManager(),
+ "root_api": IntraExtensionRootManager(),
}
def config_overrides(self):
Code Review / moon.git / commitdiff