diff options
author | Thomas Duval <thomas.duval@orange.com> | 2018-06-19 16:13:31 +0200 |
---|---|---|
committer | Thomas Duval <thomas.duval@orange.com> | 2018-06-19 16:30:55 +0200 |
commit | 2dbe655587ca98b67c1a3e3798c63fd47229adc0 (patch) | |
tree | df374b5378225c9946ec0c97968bfa591fb9f9b6 /python_moondb/python_moondb/api | |
parent | d28f8e68ac176a15dbbd7873f757f5a9f221d118 (diff) |
Update code to 4.5 official version
Change-Id: I5075da0e2a3247ae1564f21b358748f482b75aa4
Diffstat (limited to 'python_moondb/python_moondb/api')
-rw-r--r-- | python_moondb/python_moondb/api/model.py | 43 | ||||
-rw-r--r-- | python_moondb/python_moondb/api/pdp.py | 8 | ||||
-rw-r--r-- | python_moondb/python_moondb/api/policy.py | 59 |
3 files changed, 106 insertions, 4 deletions
diff --git a/python_moondb/python_moondb/api/model.py b/python_moondb/python_moondb/api/model.py index f5858662..c1603b83 100644 --- a/python_moondb/python_moondb/api/model.py +++ b/python_moondb/python_moondb/api/model.py @@ -22,6 +22,10 @@ class ModelManager(Managers): def update_model(self, user_id, model_id, value): if model_id not in self.driver.get_models(model_id=model_id): raise exceptions.ModelUnknown + if value and 'meta_rules' in value: + for meta_rule_id in value['meta_rules']: + if not self.driver.get_meta_rules(meta_rule_id=meta_rule_id): + raise exceptions.MetaRuleUnknown return self.driver.update_model(model_id=model_id, value=value) @enforce(("read", "write"), "models") @@ -41,6 +45,10 @@ class ModelManager(Managers): raise exceptions.ModelExisting if not model_id: model_id = uuid4().hex + if value and 'meta_rules' in value: + for meta_rule_id in value['meta_rules']: + if not self.driver.get_meta_rules(meta_rule_id=meta_rule_id): + raise exceptions.MetaRuleUnknown return self.driver.add_model(model_id=model_id, value=value) @enforce("read", "models") @@ -51,6 +59,19 @@ class ModelManager(Managers): def set_meta_rule(self, user_id, meta_rule_id, value): if meta_rule_id not in self.driver.get_meta_rules(meta_rule_id=meta_rule_id): raise exceptions.MetaRuleUnknown + if value: + if 'subject_categories' in value: + for subject_category_id in value['subject_categories']: + if not self.driver.get_subject_categories(category_id=subject_category_id): + raise exceptions.SubjectCategoryUnknown + if 'object_categories' in value: + for object_category_id in value['object_categories']: + if not self.driver.get_object_categories(category_id=object_category_id): + raise exceptions.ObjectCategoryUnknown + if 'action_categories' in value: + for action_category_id in value['action_categories']: + if not self.driver.get_action_categories(category_id=action_category_id): + raise exceptions.ActionCategoryUnknown return self.driver.set_meta_rule(meta_rule_id=meta_rule_id, value=value) @enforce("read", "meta_rules") @@ -61,6 +82,19 @@ class ModelManager(Managers): def add_meta_rule(self, user_id, meta_rule_id=None, value=None): if meta_rule_id in self.driver.get_meta_rules(meta_rule_id=meta_rule_id): raise exceptions.MetaRuleExisting + if value: + if 'subject_categories' in value: + for subject_category_id in value['subject_categories']: + if not self.driver.get_subject_categories(category_id=subject_category_id): + raise exceptions.SubjectCategoryUnknown + if 'object_categories' in value: + for object_category_id in value['object_categories']: + if not self.driver.get_object_categories(category_id=object_category_id): + raise exceptions.ObjectCategoryUnknown + if 'action_categories' in value: + for action_category_id in value['action_categories']: + if not self.driver.get_action_categories(category_id=action_category_id): + raise exceptions.ActionCategoryUnknown return self.driver.set_meta_rule(meta_rule_id=meta_rule_id, value=value) @enforce(("read", "write"), "meta_rules") @@ -93,8 +127,11 @@ class ModelManager(Managers): meta_rules = self.get_meta_rules(user_id=user_id) for meta_rule_id in meta_rules: for subject_category_id in meta_rules[meta_rule_id]['subject_categories']: + logger.info("delete_subject_category {} {}".format(subject_category_id, meta_rule_id)) + logger.info("delete_subject_category {}".format(meta_rules[meta_rule_id])) if subject_category_id == category_id: - raise exceptions.DeleteCategoryWithMetaRule + self.delete_meta_rule(user_id, meta_rule_id) + # raise exceptions.DeleteCategoryWithMetaRule if self.driver.is_subject_data_exist(category_id=category_id): raise exceptions.DeleteCategoryWithData return self.driver.delete_subject_category(category_id=category_id) @@ -119,7 +156,7 @@ class ModelManager(Managers): for meta_rule_id in meta_rules: for object_category_id in meta_rules[meta_rule_id]['object_categories']: if object_category_id == category_id: - raise exceptions.DeleteCategoryWithMetaRule + self.delete_meta_rule(user_id, meta_rule_id) if self.driver.is_object_data_exist(category_id=category_id): raise exceptions.DeleteCategoryWithData return self.driver.delete_object_category(category_id=category_id) @@ -144,7 +181,7 @@ class ModelManager(Managers): for meta_rule_id in meta_rules: for action_category_id in meta_rules[meta_rule_id]['action_categories']: if action_category_id == category_id: - raise exceptions.DeleteCategoryWithMetaRule + self.delete_meta_rule(user_id, meta_rule_id) if self.driver.is_action_data_exist(category_id=category_id): raise exceptions.DeleteCategoryWithData return self.driver.delete_action_category(category_id=category_id) diff --git a/python_moondb/python_moondb/api/pdp.py b/python_moondb/python_moondb/api/pdp.py index 7e852ca8..d0a071c9 100644 --- a/python_moondb/python_moondb/api/pdp.py +++ b/python_moondb/python_moondb/api/pdp.py @@ -22,6 +22,10 @@ class PDPManager(Managers): def update_pdp(self, user_id, pdp_id, value): if pdp_id not in self.driver.get_pdp(pdp_id=pdp_id): raise exceptions.PdpUnknown + if value and 'security_pipeline' in value: + for policy_id in value['security_pipeline']: + if not Managers.PolicyManager.get_policies(user_id=user_id, policy_id=policy_id): + raise exceptions.PolicyUnknown return self.driver.update_pdp(pdp_id=pdp_id, value=value) @enforce(("read", "write"), "pdp") @@ -36,6 +40,10 @@ class PDPManager(Managers): raise exceptions.PdpExisting if not pdp_id: pdp_id = uuid4().hex + if value and 'security_pipeline' in value: + for policy_id in value['security_pipeline']: + if not Managers.PolicyManager.get_policies(user_id=user_id, policy_id=policy_id): + raise exceptions.PolicyUnknown return self.driver.add_pdp(pdp_id=pdp_id, value=value) @enforce("read", "pdp") diff --git a/python_moondb/python_moondb/api/policy.py b/python_moondb/python_moondb/api/policy.py index 69392e6d..05c2b7d5 100644 --- a/python_moondb/python_moondb/api/policy.py +++ b/python_moondb/python_moondb/api/policy.py @@ -40,6 +40,9 @@ class PolicyManager(Managers): def update_policy(self, user_id, policy_id, value): if policy_id not in self.driver.get_policies(policy_id=policy_id): raise exceptions.PolicyUnknown + if value and 'model_id' in value and value['model_id'] != "": + if not Managers.ModelManager.get_models(user_id, model_id=value['model_id']): + raise exceptions.ModelUnknown return self.driver.update_policy(policy_id=policy_id, value=value) @enforce(("read", "write"), "policies") @@ -60,6 +63,9 @@ class PolicyManager(Managers): raise exceptions.PolicyExisting if not policy_id: policy_id = uuid4().hex + if value and 'model_id' in value and value['model_id'] != "": + if not Managers.ModelManager.get_models(user_id, model_id=value['model_id']): + raise exceptions.ModelUnknown return self.driver.add_policy(policy_id=policy_id, value=value) @enforce("read", "policies") @@ -68,10 +74,19 @@ class PolicyManager(Managers): @enforce("read", "perimeter") def get_subjects(self, user_id, policy_id, perimeter_id=None): + if not policy_id: + pass + elif not (policy_id and self.get_policies(user_id=user_id, policy_id=policy_id)): + raise exceptions.PolicyUnknown return self.driver.get_subjects(policy_id=policy_id, perimeter_id=perimeter_id) @enforce(("read", "write"), "perimeter") def add_subject(self, user_id, policy_id, perimeter_id=None, value=None): + if not value or "name" not in value or not value["name"].strip(): + raise exceptions.PerimeterNameInvalid + if value["name"] in map(lambda x: x['name'], + self.get_subjects(user_id, policy_id, perimeter_id).values()): + raise exceptions.SubjectExisting k_user = Managers.KeystoneManager.get_user_by_name(value.get('name')) if not k_user['users']: k_user = Managers.KeystoneManager.create_user(value) @@ -94,10 +109,16 @@ class PolicyManager(Managers): @enforce(("read", "write"), "perimeter") def delete_subject(self, user_id, policy_id, perimeter_id): + if policy_id and not self.get_policies(user_id=user_id, policy_id=policy_id): + raise exceptions.PolicyUnknown return self.driver.delete_subject(policy_id=policy_id, perimeter_id=perimeter_id) @enforce("read", "perimeter") def get_objects(self, user_id, policy_id, perimeter_id=None): + if not policy_id: + pass + elif not (policy_id and self.get_policies(user_id=user_id, policy_id=policy_id)): + raise exceptions.PolicyUnknown return self.driver.get_objects(policy_id=policy_id, perimeter_id=perimeter_id) @enforce(("read", "write"), "perimeter") @@ -110,21 +131,30 @@ class PolicyManager(Managers): @enforce(("read", "write"), "perimeter") def delete_object(self, user_id, policy_id, perimeter_id): + if policy_id and not self.get_policies(user_id=user_id, policy_id=policy_id): + raise exceptions.PolicyUnknown return self.driver.delete_object(policy_id=policy_id, perimeter_id=perimeter_id) @enforce("read", "perimeter") def get_actions(self, user_id, policy_id, perimeter_id=None): + if not policy_id: + pass + elif not (policy_id and self.get_policies(user_id=user_id, policy_id=policy_id)): + raise exceptions.PolicyUnknown return self.driver.get_actions(policy_id=policy_id, perimeter_id=perimeter_id) @enforce(("read", "write"), "perimeter") def add_action(self, user_id, policy_id, perimeter_id=None, value=None): - logger.info("add_action {}".format(policy_id)) + logger.debug("add_action {}".format(policy_id)) if not self.get_policies(user_id=user_id, policy_id=policy_id): raise exceptions.PolicyUnknown return self.driver.set_action(policy_id=policy_id, perimeter_id=perimeter_id, value=value) @enforce(("read", "write"), "perimeter") def delete_action(self, user_id, policy_id, perimeter_id): + logger.debug("delete_action {} {} {}".format(policy_id, perimeter_id, self.get_policies(user_id=user_id, policy_id=policy_id))) + if policy_id and not self.get_policies(user_id=user_id, policy_id=policy_id): + raise exceptions.PolicyUnknown return self.driver.delete_action(policy_id=policy_id, perimeter_id=perimeter_id) @enforce("read", "data") @@ -144,6 +174,8 @@ class PolicyManager(Managers): def set_subject_data(self, user_id, policy_id, data_id=None, category_id=None, value=None): if not category_id: raise Exception('Invalid category id') + if not Managers.ModelManager.get_subject_categories(user_id=user_id, category_id=category_id): + raise exceptions.MetaDataUnknown if not self.get_policies(user_id=user_id, policy_id=policy_id): raise exceptions.PolicyUnknown if not data_id: @@ -175,6 +207,8 @@ class PolicyManager(Managers): def add_object_data(self, user_id, policy_id, data_id=None, category_id=None, value=None): if not category_id: raise Exception('Invalid category id') + if not Managers.ModelManager.get_object_categories(user_id=user_id, category_id=category_id): + raise exceptions.MetaDataUnknown if not self.get_policies(user_id=user_id, policy_id=policy_id): raise exceptions.PolicyUnknown if not data_id: @@ -206,6 +240,8 @@ class PolicyManager(Managers): def add_action_data(self, user_id, policy_id, data_id=None, category_id=None, value=None): if not category_id: raise Exception('Invalid category id') + if not Managers.ModelManager.get_action_categories(user_id=user_id, category_id=category_id): + raise exceptions.MetaDataUnknown if not self.get_policies(user_id=user_id, policy_id=policy_id): raise exceptions.PolicyUnknown if not data_id: @@ -228,6 +264,12 @@ class PolicyManager(Managers): def add_subject_assignment(self, user_id, policy_id, subject_id, category_id, data_id): if not self.get_policies(user_id=user_id, policy_id=policy_id): raise exceptions.PolicyUnknown + if not self.get_subjects(user_id=user_id, policy_id=policy_id, perimeter_id=subject_id): + raise exceptions.SubjectUnknown + if not Managers.ModelManager.get_subject_categories(user_id=user_id, category_id=category_id): + raise exceptions.MetaDataUnknown + if not self.get_subject_data(user_id=user_id, policy_id=policy_id, data_id=data_id): + raise exceptions.DataUnknown return self.driver.add_subject_assignment(policy_id=policy_id, subject_id=subject_id, category_id=category_id, data_id=data_id) @@ -244,6 +286,12 @@ class PolicyManager(Managers): def add_object_assignment(self, user_id, policy_id, object_id, category_id, data_id): if not self.get_policies(user_id=user_id, policy_id=policy_id): raise exceptions.PolicyUnknown + if not self.get_objects(user_id=user_id, policy_id=policy_id, perimeter_id=object_id): + raise exceptions.ObjectUnknown + if not Managers.ModelManager.get_object_categories(user_id=user_id, category_id=category_id): + raise exceptions.MetaDataUnknown + if not self.get_object_data(user_id=user_id, policy_id=policy_id, data_id=data_id): + raise exceptions.DataUnknown return self.driver.add_object_assignment(policy_id=policy_id, object_id=object_id, category_id=category_id, data_id=data_id) @@ -260,6 +308,12 @@ class PolicyManager(Managers): def add_action_assignment(self, user_id, policy_id, action_id, category_id, data_id): if not self.get_policies(user_id=user_id, policy_id=policy_id): raise exceptions.PolicyUnknown + if not self.get_actions(user_id=user_id, policy_id=policy_id, perimeter_id=action_id): + raise exceptions.ActionUnknown + if not Managers.ModelManager.get_action_categories(user_id=user_id, category_id=category_id): + raise exceptions.MetaDataUnknown + if not self.get_action_data(user_id=user_id, policy_id=policy_id, data_id=data_id): + raise exceptions.DataUnknown return self.driver.add_action_assignment(policy_id=policy_id, action_id=action_id, category_id=category_id, data_id=data_id) @@ -271,11 +325,14 @@ class PolicyManager(Managers): @enforce("read", "rules") def get_rules(self, user_id, policy_id, meta_rule_id=None, rule_id=None): return self.driver.get_rules(policy_id=policy_id, meta_rule_id=meta_rule_id, rule_id=rule_id) + logger.info("delete_subject_data: {} {}".format(policy_id, data_id)) @enforce(("read", "write"), "rules") def add_rule(self, user_id, policy_id, meta_rule_id, value): if not self.get_policies(user_id=user_id, policy_id=policy_id): raise exceptions.PolicyUnknown + if not self.ModelManager.get_meta_rules(user_id=user_id, meta_rule_id=meta_rule_id): + raise exceptions.MetaRuleUnknown return self.driver.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) @enforce(("read", "write"), "rules") |