aboutsummaryrefslogtreecommitdiffstats
path: root/moonv4
diff options
context:
space:
mode:
authorThomas Duval <thomas.duval@orange.com>2017-10-20 23:12:10 +0200
committerThomas Duval <thomas.duval@orange.com>2017-10-20 23:21:34 +0200
commit593f0e8556b023ed383ed600adf3aa85b395b2ea (patch)
treeb4c1460d78f8354d3090e351cfeffdc6c43dd1f6 /moonv4
parentf2f75ef07b5e5495973e5af82b3e9a43619e0cc3 (diff)
Send 500 HTTP error in case of error.
Change-Id: Iac854d2b30900377e016711218090e7efc906986
Diffstat (limited to 'moonv4')
-rw-r--r--moonv4/moon_manager/moon_manager/api/assignments.py18
-rw-r--r--moonv4/moon_manager/moon_manager/api/data.py83
-rw-r--r--moonv4/moon_manager/moon_manager/api/meta_data.py45
-rw-r--r--moonv4/moon_manager/moon_manager/api/meta_rules.py41
-rw-r--r--moonv4/moon_manager/moon_manager/api/models.py14
-rw-r--r--moonv4/moon_manager/moon_manager/api/pdp.py14
-rw-r--r--moonv4/moon_manager/moon_manager/api/perimeter.py87
-rw-r--r--moonv4/moon_manager/moon_manager/api/policies.py14
-rw-r--r--moonv4/moon_manager/moon_manager/api/rules.py40
-rw-r--r--moonv4/moon_manager/moon_manager/http_server.py4
10 files changed, 217 insertions, 143 deletions
diff --git a/moonv4/moon_manager/moon_manager/api/assignments.py b/moonv4/moon_manager/moon_manager/api/assignments.py
index bc585304..3bb6ed29 100644
--- a/moonv4/moon_manager/moon_manager/api/assignments.py
+++ b/moonv4/moon_manager/moon_manager/api/assignments.py
@@ -60,7 +60,7 @@ class SubjectAssignments(Resource):
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"subject_assignments": data}
@check_auth
@@ -97,7 +97,7 @@ class SubjectAssignments(Resource):
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"subject_assignments": data}
@check_auth
@@ -122,7 +122,7 @@ class SubjectAssignments(Resource):
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"result": True}
@@ -164,7 +164,7 @@ class ObjectAssignments(Resource):
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"object_assignments": data}
@check_auth
@@ -201,7 +201,7 @@ class ObjectAssignments(Resource):
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"object_assignments": data}
@check_auth
@@ -226,7 +226,7 @@ class ObjectAssignments(Resource):
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"result": True}
@@ -268,7 +268,7 @@ class ActionAssignments(Resource):
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"action_assignments": data}
@check_auth
@@ -305,7 +305,7 @@ class ActionAssignments(Resource):
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"action_assignments": data}
@check_auth
@@ -330,5 +330,5 @@ class ActionAssignments(Resource):
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"result": True}
diff --git a/moonv4/moon_manager/moon_manager/api/data.py b/moonv4/moon_manager/moon_manager/api/data.py
index fbf26fd9..85faf415 100644
--- a/moonv4/moon_manager/moon_manager/api/data.py
+++ b/moonv4/moon_manager/moon_manager/api/data.py
@@ -27,12 +27,14 @@ class SubjectData(Resource):
"/policies/<string:uuid>/subject_data",
"/policies/<string:uuid>/subject_data/",
"/policies/<string:uuid>/subject_data/<string:category_id>",
- "/policies/<string:uuid>/subject_data/<string:category_id>/<string:data_id>",
+ "/policies/<string:uuid>/subject_data/<string:category_id>/"
+ "<string:data_id>",
)
@check_auth
def get(self, uuid=None, category_id=None, data_id=None, user_id=None):
- """Retrieve all subject categories or a specific one if sid is given for a given policy
+ """Retrieve all subject categories or a specific one if sid is given
+ for a given policy
:param uuid: uuid of the policy
:param category_id: uuid of the subject category
@@ -51,12 +53,14 @@ class SubjectData(Resource):
:internal_api: get_subject_data
"""
try:
- data = PolicyManager.get_subject_data(user_id=user_id, policy_id=uuid,
- category_id=category_id, data_id=data_id)
+ data = PolicyManager.get_subject_data(user_id=user_id,
+ policy_id=uuid,
+ category_id=category_id,
+ data_id=data_id)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"subject_data": data}
@check_auth
@@ -84,12 +88,14 @@ class SubjectData(Resource):
:internal_api: add_subject_data
"""
try:
- data = PolicyManager.set_subject_data(user_id=user_id, policy_id=uuid,
- category_id=category_id, value=request.json)
+ data = PolicyManager.set_subject_data(user_id=user_id,
+ policy_id=uuid,
+ category_id=category_id,
+ value=request.json)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"subject_data": data}
@check_auth
@@ -107,12 +113,13 @@ class SubjectData(Resource):
:internal_api: delete_subject_data
"""
try:
- data = PolicyManager.delete_subject_data(user_id=user_id, policy_id=uuid,
+ data = PolicyManager.delete_subject_data(user_id=user_id,
+ policy_id=uuid,
data_id=data_id)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"result": True}
@@ -125,12 +132,14 @@ class ObjectData(Resource):
"/policies/<string:uuid>/object_data",
"/policies/<string:uuid>/object_data/",
"/policies/<string:uuid>/object_data/<string:category_id>",
- "/policies/<string:uuid>/object_data/<string:category_id>/<string:data_id>",
+ "/policies/<string:uuid>/object_data/<string:category_id>/"
+ "<string:data_id>",
)
@check_auth
def get(self, uuid=None, category_id=None, data_id=None, user_id=None):
- """Retrieve all object categories or a specific one if sid is given for a given policy
+ """Retrieve all object categories or a specific one if sid is given
+ for a given policy
:param uuid: uuid of the policy
:param category_id: uuid of the object category
@@ -149,12 +158,14 @@ class ObjectData(Resource):
:internal_api: get_object_data
"""
try:
- data = PolicyManager.get_object_data(user_id=user_id, policy_id=uuid,
- category_id=category_id, data_id=data_id)
+ data = PolicyManager.get_object_data(user_id=user_id,
+ policy_id=uuid,
+ category_id=category_id,
+ data_id=data_id)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"object_data": data}
@check_auth
@@ -182,12 +193,14 @@ class ObjectData(Resource):
:internal_api: add_object_data
"""
try:
- data = PolicyManager.add_object_data(user_id=user_id, policy_id=uuid,
- category_id=category_id, value=request.json)
+ data = PolicyManager.add_object_data(user_id=user_id,
+ policy_id=uuid,
+ category_id=category_id,
+ value=request.json)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"object_data": data}
@check_auth
@@ -205,12 +218,13 @@ class ObjectData(Resource):
:internal_api: delete_object_data
"""
try:
- data = PolicyManager.delete_object_data(user_id=user_id, policy_id=uuid,
- data_id=data_id)
+ data = PolicyManager.delete_object_data(user_id=user_id,
+ policy_id=uuid,
+ data_id=data_id)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"result": True}
@@ -223,12 +237,14 @@ class ActionData(Resource):
"/policies/<string:uuid>/action_data",
"/policies/<string:uuid>/action_data/",
"/policies/<string:uuid>/action_data/<string:category_id>",
- "/policies/<string:uuid>/action_data/<string:category_id>/<string:data_id>",
+ "/policies/<string:uuid>/action_data/<string:category_id>/"
+ "<string:data_id>",
)
@check_auth
def get(self, uuid=None, category_id=None, data_id=None, user_id=None):
- """Retrieve all action categories or a specific one if sid is given for a given policy
+ """Retrieve all action categories or a specific one if sid is given
+ for a given policy
:param uuid: uuid of the policy
:param category_id: uuid of the action category
@@ -247,12 +263,14 @@ class ActionData(Resource):
:internal_api: get_action_data
"""
try:
- data = PolicyManager.get_action_data(user_id=user_id, policy_id=uuid,
- category_id=category_id, data_id=data_id)
+ data = PolicyManager.get_action_data(user_id=user_id,
+ policy_id=uuid,
+ category_id=category_id,
+ data_id=data_id)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"action_data": data}
@check_auth
@@ -280,12 +298,14 @@ class ActionData(Resource):
:internal_api: add_action_data
"""
try:
- data = PolicyManager.add_action_data(user_id=user_id, policy_id=uuid,
- category_id=category_id, value=request.json)
+ data = PolicyManager.add_action_data(user_id=user_id,
+ policy_id=uuid,
+ category_id=category_id,
+ value=request.json)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"action_data": data}
@check_auth
@@ -303,12 +323,13 @@ class ActionData(Resource):
:internal_api: delete_action_data
"""
try:
- data = PolicyManager.delete_action_data(user_id=user_id, policy_id=uuid,
+ data = PolicyManager.delete_action_data(user_id=user_id,
+ policy_id=uuid,
data_id=data_id)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"result": True}
diff --git a/moonv4/moon_manager/moon_manager/api/meta_data.py b/moonv4/moon_manager/moon_manager/api/meta_data.py
index 0f9078ed..95cd58cc 100644
--- a/moonv4/moon_manager/moon_manager/api/meta_data.py
+++ b/moonv4/moon_manager/moon_manager/api/meta_data.py
@@ -44,11 +44,12 @@ class SubjectCategories(Resource):
:internal_api: get_subject_categories
"""
try:
- data = ModelManager.get_subject_categories(user_id=user_id, category_id=category_id)
+ data = ModelManager.get_subject_categories(
+ user_id=user_id, category_id=category_id)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"subject_categories": data}
@check_auth
@@ -70,11 +71,12 @@ class SubjectCategories(Resource):
:internal_api: add_subject_category
"""
try:
- data = ModelManager.add_subject_category(user_id=user_id, value=request.json)
+ data = ModelManager.add_subject_category(
+ user_id=user_id, value=request.json)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"subject_categories": data}
@check_auth
@@ -90,11 +92,12 @@ class SubjectCategories(Resource):
:internal_api: delete_subject_category
"""
try:
- data = ModelManager.delete_subject_category(user_id=user_id, category_id=category_id)
+ data = ModelManager.delete_subject_category(
+ user_id=user_id, category_id=category_id)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"result": True}
@@ -124,11 +127,12 @@ class ObjectCategories(Resource):
:internal_api: get_object_categories
"""
try:
- data = ModelManager.get_object_categories(user_id=user_id, category_id=category_id)
+ data = ModelManager.get_object_categories(
+ user_id=user_id, category_id=category_id)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"object_categories": data}
@check_auth
@@ -150,11 +154,12 @@ class ObjectCategories(Resource):
:internal_api: add_object_category
"""
try:
- data = ModelManager.add_object_category(user_id=user_id, value=request.json)
+ data = ModelManager.add_object_category(
+ user_id=user_id, value=request.json)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"object_categories": data}
@check_auth
@@ -170,11 +175,12 @@ class ObjectCategories(Resource):
:internal_api: delete_object_category
"""
try:
- data = ModelManager.delete_object_category(user_id=user_id, category_id=category_id)
+ data = ModelManager.delete_object_category(
+ user_id=user_id, category_id=category_id)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"result": True}
@@ -204,11 +210,12 @@ class ActionCategories(Resource):
:internal_api: get_action_categories
"""
try:
- data = ModelManager.get_action_categories(user_id=user_id, category_id=category_id)
+ data = ModelManager.get_action_categories(
+ user_id=user_id, category_id=category_id)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"action_categories": data}
@check_auth
@@ -230,11 +237,12 @@ class ActionCategories(Resource):
:internal_api: add_action_category
"""
try:
- data = ModelManager.add_action_category(user_id=user_id, value=request.json)
+ data = ModelManager.add_action_category(
+ user_id=user_id, value=request.json)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"action_categories": data}
@check_auth
@@ -250,9 +258,10 @@ class ActionCategories(Resource):
:internal_api: delete_action_category
"""
try:
- data = ModelManager.delete_action_category(user_id=user_id, category_id=category_id)
+ data = ModelManager.delete_action_category(
+ user_id=user_id, category_id=category_id)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"result": True}
diff --git a/moonv4/moon_manager/moon_manager/api/meta_rules.py b/moonv4/moon_manager/moon_manager/api/meta_rules.py
index dc3ea0db..45e2b5ee 100644
--- a/moonv4/moon_manager/moon_manager/api/meta_rules.py
+++ b/moonv4/moon_manager/moon_manager/api/meta_rules.py
@@ -39,7 +39,8 @@ class MetaRules(Resource):
"meta_rule_id1": {
"name": "name of the meta rule",
"algorithm": "name of the meta rule algorithm",
- "subject_categories": ["subject_category_id1", "subject_category_id2"],
+ "subject_categories": ["subject_category_id1",
+ "subject_category_id2"],
"object_categories": ["object_category_id1"],
"action_categories": ["action_category_id1"]
},
@@ -48,11 +49,12 @@ class MetaRules(Resource):
:internal_api: get_meta_rules
"""
try:
- data = ModelManager.get_meta_rules(user_id=user_id, meta_rule_id=meta_rule_id)
+ data = ModelManager.get_meta_rules(
+ user_id=user_id, meta_rule_id=meta_rule_id)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"meta_rules": data}
@check_auth
@@ -63,7 +65,8 @@ class MetaRules(Resource):
:param user_id: user ID who do the request
:request body: post = {
"name": "name of the meta rule",
- "subject_categories": ["subject_category_id1", "subject_category_id2"],
+ "subject_categories": ["subject_category_id1",
+ "subject_category_id2"],
"object_categories": ["object_category_id1"],
"action_categories": ["action_category_id1"]
}
@@ -71,7 +74,8 @@ class MetaRules(Resource):
"meta_rules": {
"meta_rule_id1": {
"name": "name of the meta rule",
- "subject_categories": ["subject_category_id1", "subject_category_id2"],
+ "subject_categories": ["subject_category_id1",
+ "subject_category_id2"],
"object_categories": ["object_category_id1"],
"action_categories": ["action_category_id1"]
},
@@ -80,11 +84,12 @@ class MetaRules(Resource):
:internal_api: add_meta_rules
"""
try:
- data = ModelManager.add_meta_rule(user_id=user_id, meta_rule_id=None, value=request.json)
+ data = ModelManager.add_meta_rule(
+ user_id=user_id, meta_rule_id=None, value=request.json)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"meta_rules": data}
@check_auth
@@ -95,7 +100,8 @@ class MetaRules(Resource):
:param user_id: user ID who do the request
:request body: patch = {
"name": "name of the meta rule",
- "subject_categories": ["subject_category_id1", "subject_category_id2"],
+ "subject_categories": ["subject_category_id1",
+ "subject_category_id2"],
"object_categories": ["object_category_id1"],
"action_categories": ["action_category_id1"]
}
@@ -103,7 +109,8 @@ class MetaRules(Resource):
"meta_rules": {
"meta_rule_id1": {
"name": "name of the meta rule",
- "subject_categories": ["subject_category_id1", "subject_category_id2"],
+ "subject_categories": ["subject_category_id1",
+ "subject_category_id2"],
"object_categories": ["object_category_id1"],
"action_categories": ["action_category_id1"]
},
@@ -112,11 +119,12 @@ class MetaRules(Resource):
:internal_api: set_meta_rules
"""
try:
- data = ModelManager.set_meta_rule(user_id=user_id, meta_rule_id=meta_rule_id, value=request.json)
+ data = ModelManager.set_meta_rule(
+ user_id=user_id, meta_rule_id=meta_rule_id, value=request.json)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"meta_rules": data}
@check_auth
@@ -127,7 +135,8 @@ class MetaRules(Resource):
:param user_id: user ID who do the request
:request body: delete = {
"name": "name of the meta rule",
- "subject_categories": ["subject_category_id1", "subject_category_id2"],
+ "subject_categories": ["subject_category_id1",
+ "subject_category_id2"],
"object_categories": ["object_category_id1"],
"action_categories": ["action_category_id1"]
}
@@ -135,7 +144,8 @@ class MetaRules(Resource):
"meta_rules": {
"meta_rule_id1": {
"name": "name of the meta rule",
- "subject_categories": ["subject_category_id1", "subject_category_id2"],
+ "subject_categories": ["subject_category_id1",
+ "subject_category_id2"],
"object_categories": ["object_category_id1"],
"action_categories": ["action_category_id1"]
},
@@ -144,10 +154,11 @@ class MetaRules(Resource):
:internal_api: delete_meta_rules
"""
try:
- data = ModelManager.delete_meta_rule(user_id=user_id, meta_rule_id=meta_rule_id)
+ data = ModelManager.delete_meta_rule(
+ user_id=user_id, meta_rule_id=meta_rule_id)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"result": True}
diff --git a/moonv4/moon_manager/moon_manager/api/models.py b/moonv4/moon_manager/moon_manager/api/models.py
index cec899f5..0a050c7f 100644
--- a/moonv4/moon_manager/moon_manager/api/models.py
+++ b/moonv4/moon_manager/moon_manager/api/models.py
@@ -49,7 +49,7 @@ class Models(Resource):
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"models": data}
@check_auth
@@ -73,11 +73,12 @@ class Models(Resource):
:internal_api: add_model
"""
try:
- data = ModelManager.add_model(user_id=user_id, model_id=uuid, value=request.json)
+ data = ModelManager.add_model(
+ user_id=user_id, model_id=uuid, value=request.json)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"models": data}
@check_auth
@@ -97,7 +98,7 @@ class Models(Resource):
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"result": True}
@check_auth
@@ -116,10 +117,11 @@ class Models(Resource):
:internal_api: update_model
"""
try:
- data = ModelManager.update_model(user_id=user_id, model_id=uuid, value=request.json)
+ data = ModelManager.update_model(
+ user_id=user_id, model_id=uuid, value=request.json)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"models": data}
diff --git a/moonv4/moon_manager/moon_manager/api/pdp.py b/moonv4/moon_manager/moon_manager/api/pdp.py
index 15f4988f..ff996e4a 100644
--- a/moonv4/moon_manager/moon_manager/api/pdp.py
+++ b/moonv4/moon_manager/moon_manager/api/pdp.py
@@ -58,7 +58,7 @@ class PDP(Resource):
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"pdps": data}
@check_auth
@@ -84,11 +84,12 @@ class PDP(Resource):
:internal_api: add_pdp
"""
try:
- data = PDPManager.add_pdp(user_id=user_id, pdp_id=None, value=request.json)
+ data = PDPManager.add_pdp(
+ user_id=user_id, pdp_id=None, value=request.json)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"pdps": data}
@check_auth
@@ -108,7 +109,7 @@ class PDP(Resource):
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"result": True}
@check_auth
@@ -128,11 +129,12 @@ class PDP(Resource):
:internal_api: update_pdp
"""
try:
- data = PDPManager.update_pdp(user_id=user_id, pdp_id=uuid, value=request.json)
+ data = PDPManager.update_pdp(
+ user_id=user_id, pdp_id=uuid, value=request.json)
add_container(uuid=uuid, pipeline=data[uuid]['security_pipeline'])
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"pdps": data}
diff --git a/moonv4/moon_manager/moon_manager/api/perimeter.py b/moonv4/moon_manager/moon_manager/api/perimeter.py
index cc2c0561..2eb80652 100644
--- a/moonv4/moon_manager/moon_manager/api/perimeter.py
+++ b/moonv4/moon_manager/moon_manager/api/perimeter.py
@@ -3,8 +3,10 @@
# license which can be found in the file 'LICENSE' in this package distribution
# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
"""
-* Subjects are the source of an action on an object (examples : users, virtual machines)
-* Objects are the destination of an action (examples virtual machines, virtual Routers)
+* Subjects are the source of an action on an object
+ (examples : users, virtual machines)
+* Objects are the destination of an action
+ (examples virtual machines, virtual Routers)
* Actions are what subject wants to do on an object
"""
@@ -35,7 +37,8 @@ class Subjects(Resource):
@check_auth
def get(self, uuid=None, perimeter_id=None, user_id=None):
- """Retrieve all subjects or a specific one if perimeter_id is given for a given policy
+ """Retrieve all subjects or a specific one if perimeter_id is
+ given for a given policy
:param uuid: uuid of the policy
:param perimeter_id: uuid of the subject
@@ -58,7 +61,7 @@ class Subjects(Resource):
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"subjects": data}
@check_auth
@@ -87,18 +90,20 @@ class Subjects(Resource):
"""
try:
if not perimeter_id:
- data = PolicyManager.get_subjects(user_id=user_id, policy_id=None)
+ data = PolicyManager.get_subjects(user_id=user_id,
+ policy_id=None)
if 'name' in request.json:
for data_id, data_value in data.items():
if data_value['name'] == request.json['name']:
perimeter_id = data_id
break
- data = PolicyManager.add_subject(user_id=user_id, policy_id=uuid,
- perimeter_id=perimeter_id, value=request.json)
+ data = PolicyManager.add_subject(
+ user_id=user_id, policy_id=uuid,
+ perimeter_id=perimeter_id, value=request.json)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"subjects": data}
@check_auth
@@ -127,18 +132,20 @@ class Subjects(Resource):
"""
try:
if not perimeter_id:
- data = PolicyManager.get_subjects(user_id=user_id, policy_id=None)
+ data = PolicyManager.get_subjects(user_id=user_id,
+ policy_id=None)
if 'name' in request.json:
for data_id, data_value in data.items():
if data_value['name'] == request.json['name']:
perimeter_id = data_id
break
- data = PolicyManager.add_subject(user_id=user_id, policy_id=uuid,
- perimeter_id=perimeter_id, value=request.json)
+ data = PolicyManager.add_subject(
+ user_id=user_id, policy_id=uuid,
+ perimeter_id=perimeter_id, value=request.json)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"subjects": data}
@check_auth
@@ -160,11 +167,12 @@ class Subjects(Resource):
:internal_api: delete_subject
"""
try:
- data = PolicyManager.delete_subject(user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id)
+ data = PolicyManager.delete_subject(
+ user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"result": True}
@@ -184,7 +192,8 @@ class Objects(Resource):
@check_auth
def get(self, uuid=None, perimeter_id=None, user_id=None):
- """Retrieve all objects or a specific one if perimeter_id is given for a given policy
+ """Retrieve all objects or a specific one if perimeter_id is
+ given for a given policy
:param uuid: uuid of the policy
:param perimeter_id: uuid of the object
@@ -206,7 +215,7 @@ class Objects(Resource):
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"objects": data}
@check_auth
@@ -235,12 +244,13 @@ class Objects(Resource):
if data_value['name'] == request.json['name']:
perimeter_id = data_id
break
- data = PolicyManager.add_object(user_id=user_id, policy_id=uuid,
- perimeter_id=perimeter_id, value=request.json)
+ data = PolicyManager.add_object(
+ user_id=user_id, policy_id=uuid,
+ perimeter_id=perimeter_id, value=request.json)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"objects": data}
@check_auth
@@ -269,12 +279,13 @@ class Objects(Resource):
if data_value['name'] == request.json['name']:
perimeter_id = data_id
break
- data = PolicyManager.add_object(user_id=user_id, policy_id=uuid,
- perimeter_id=perimeter_id, value=request.json)
+ data = PolicyManager.add_object(
+ user_id=user_id, policy_id=uuid,
+ perimeter_id=perimeter_id, value=request.json)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"objects": data}
@check_auth
@@ -293,11 +304,12 @@ class Objects(Resource):
:internal_api: delete_object
"""
try:
- data = PolicyManager.delete_object(user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id)
+ data = PolicyManager.delete_object(
+ user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"result": True}
@@ -317,7 +329,8 @@ class Actions(Resource):
@check_auth
def get(self, uuid=None, perimeter_id=None, user_id=None):
- """Retrieve all actions or a specific one if perimeter_id is given for a given policy
+ """Retrieve all actions or a specific one if perimeter_id
+ is given for a given policy
:param uuid: uuid of the policy
:param perimeter_id: uuid of the action
@@ -331,11 +344,12 @@ class Actions(Resource):
:internal_api: get_actions
"""
try:
- data = PolicyManager.get_actions(user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id)
+ data = PolicyManager.get_actions(
+ user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"actions": data}
@check_auth
@@ -364,12 +378,13 @@ class Actions(Resource):
if data_value['name'] == request.json['name']:
perimeter_id = data_id
break
- data = PolicyManager.add_action(user_id=user_id, policy_id=uuid,
- perimeter_id=perimeter_id, value=request.json)
+ data = PolicyManager.add_action(
+ user_id=user_id, policy_id=uuid,
+ perimeter_id=perimeter_id, value=request.json)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"actions": data}
@check_auth
@@ -398,12 +413,13 @@ class Actions(Resource):
if data_value['name'] == request.json['name']:
perimeter_id = data_id
break
- data = PolicyManager.add_action(user_id=user_id, policy_id=uuid,
- perimeter_id=perimeter_id, value=request.json)
+ data = PolicyManager.add_action(
+ user_id=user_id, policy_id=uuid,
+ perimeter_id=perimeter_id, value=request.json)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"actions": data}
@check_auth
@@ -422,9 +438,10 @@ class Actions(Resource):
:internal_api: delete_action
"""
try:
- data = PolicyManager.delete_action(user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id)
+ data = PolicyManager.delete_action(
+ user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"result": True}
diff --git a/moonv4/moon_manager/moon_manager/api/policies.py b/moonv4/moon_manager/moon_manager/api/policies.py
index 737b988e..8ef11a0d 100644
--- a/moonv4/moon_manager/moon_manager/api/policies.py
+++ b/moonv4/moon_manager/moon_manager/api/policies.py
@@ -51,7 +51,7 @@ class Policies(Resource):
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"policies": data}
@check_auth
@@ -77,11 +77,12 @@ class Policies(Resource):
:internal_api: add_policy
"""
try:
- data = PolicyManager.add_policy(user_id=user_id, policy_id=uuid, value=request.json)
+ data = PolicyManager.add_policy(
+ user_id=user_id, policy_id=uuid, value=request.json)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"policies": data}
@check_auth
@@ -101,7 +102,7 @@ class Policies(Resource):
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"result": True}
@check_auth
@@ -121,10 +122,11 @@ class Policies(Resource):
:internal_api: update_policy
"""
try:
- data = PolicyManager.update_policy(user_id=user_id, policy_id=uuid, value=request.json)
+ data = PolicyManager.update_policy(
+ user_id=user_id, policy_id=uuid, value=request.json)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"policies": data}
diff --git a/moonv4/moon_manager/moon_manager/api/rules.py b/moonv4/moon_manager/moon_manager/api/rules.py
index 8b1cf635..f7771f1a 100644
--- a/moonv4/moon_manager/moon_manager/api/rules.py
+++ b/moonv4/moon_manager/moon_manager/api/rules.py
@@ -9,7 +9,6 @@ Rules (TODO)
from flask import request
from flask_restful import Resource
from oslo_log import log as logging
-from moon_utilities.security_functions import call
from moon_utilities.security_functions import check_auth
from moon_db.core import PolicyManager
@@ -40,8 +39,10 @@ class Rules(Resource):
"rules": [
"policy_id": "policy_id1",
"meta_rule_id": "meta_rule_id1",
- "rule_id1": ["subject_data_id1", "object_data_id1", "action_data_id1"],
- "rule_id2": ["subject_data_id2", "object_data_id2", "action_data_id2"],
+ "rule_id1":
+ ["subject_data_id1", "object_data_id1", "action_data_id1"],
+ "rule_id2":
+ ["subject_data_id2", "object_data_id2", "action_data_id2"],
]
}
:internal_api: get_rules
@@ -53,7 +54,7 @@ class Rules(Resource):
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"rules": data}
@check_auth
@@ -75,23 +76,31 @@ class Rules(Resource):
"rules": [
"meta_rule_id": "meta_rule_id1",
"rule_id1": {
- "rule": ["subject_data_id1", "object_data_id1", "action_data_id1"],
+ "rule": ["subject_data_id1",
+ "object_data_id1",
+ "action_data_id1"],
"instructions": (
- {"decision": "grant"}, # "grant" to immediately exit,
- # "continue" to wait for the result of next policy
- # "deny" to deny the request
+ {"decision": "grant"},
+ # "grant" to immediately exit,
+ # "continue" to wait for the result of next policy
+ # "deny" to deny the request
)
}
"rule_id2": {
- "rule": ["subject_data_id2", "object_data_id2", "action_data_id2"],
+ "rule": ["subject_data_id2",
+ "object_data_id2",
+ "action_data_id2"],
"instructions": (
{
"update": {
- "operation": "add", # operations may be "add" or "delete"
- "target": "rbac:role:admin" # add the role admin to the current user
+ "operation": "add",
+ # operations may be "add" or "delete"
+ "target": "rbac:role:admin"
+ # add the role admin to the current user
}
},
- {"chain": {"name": "rbac"}} # chain with the policy named rbac
+ {"chain": {"name": "rbac"}}
+ # chain with the policy named rbac
)
}
]
@@ -107,7 +116,7 @@ class Rules(Resource):
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"rules": data}
@check_auth
@@ -121,10 +130,11 @@ class Rules(Resource):
:internal_api: delete_rule
"""
try:
- data = PolicyManager.delete_rule(user_id=user_id, policy_id=uuid, rule_id=rule_id)
+ data = PolicyManager.delete_rule(
+ user_id=user_id, policy_id=uuid, rule_id=rule_id)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"result": True}
diff --git a/moonv4/moon_manager/moon_manager/http_server.py b/moonv4/moon_manager/moon_manager/http_server.py
index a59921f0..dfaa23ae 100644
--- a/moonv4/moon_manager/moon_manager/http_server.py
+++ b/moonv4/moon_manager/moon_manager/http_server.py
@@ -18,7 +18,7 @@ from moon_manager.api.perimeter import Subjects, Objects, Actions
from moon_manager.api.data import SubjectData, ObjectData, ActionData
from moon_manager.api.assignments import SubjectAssignments, ObjectAssignments, ActionAssignments
from moon_manager.api.rules import Rules
-from moon_manager.api.containers import Container
+# from moon_manager.api.containers import Container
from moon_utilities import configuration, exceptions
logger = logging.getLogger("moon.manager.http")
@@ -73,7 +73,7 @@ __API__ = (
Subjects, Objects, Actions,
SubjectAssignments, ObjectAssignments, ActionAssignments,
SubjectData, ObjectData, ActionData,
- Rules, Container,
+ Rules, #Container,
Models, Policies, PDP
)