diff options
author | Thomas Duval <thomas.duval@orange.com> | 2018-06-19 16:13:31 +0200 |
---|---|---|
committer | Thomas Duval <thomas.duval@orange.com> | 2018-06-19 16:30:55 +0200 |
commit | 2dbe655587ca98b67c1a3e3798c63fd47229adc0 (patch) | |
tree | df374b5378225c9946ec0c97968bfa591fb9f9b6 /python_moondb/python_moondb | |
parent | d28f8e68ac176a15dbbd7873f757f5a9f221d118 (diff) |
Update code to 4.5 official version
Change-Id: I5075da0e2a3247ae1564f21b358748f482b75aa4
Diffstat (limited to 'python_moondb/python_moondb')
-rw-r--r-- | python_moondb/python_moondb/__init__.py | 3 | ||||
-rw-r--r-- | python_moondb/python_moondb/api/model.py | 43 | ||||
-rw-r--r-- | python_moondb/python_moondb/api/pdp.py | 8 | ||||
-rw-r--r-- | python_moondb/python_moondb/api/policy.py | 59 | ||||
-rw-r--r-- | python_moondb/python_moondb/backends/sql.py | 126 | ||||
-rw-r--r-- | python_moondb/python_moondb/migrate_repo/versions/001_moon.py | 49 |
6 files changed, 207 insertions, 81 deletions
diff --git a/python_moondb/python_moondb/__init__.py b/python_moondb/python_moondb/__init__.py index 287558f7..e2e16287 100644 --- a/python_moondb/python_moondb/__init__.py +++ b/python_moondb/python_moondb/__init__.py @@ -3,5 +3,4 @@ # license which can be found in the file 'LICENSE' in this package distribution # or at 'http://www.apache.org/licenses/LICENSE-2.0'. -__version__ = "1.2.9" - +__version__ = "1.2.16" diff --git a/python_moondb/python_moondb/api/model.py b/python_moondb/python_moondb/api/model.py index f5858662..c1603b83 100644 --- a/python_moondb/python_moondb/api/model.py +++ b/python_moondb/python_moondb/api/model.py @@ -22,6 +22,10 @@ class ModelManager(Managers): def update_model(self, user_id, model_id, value): if model_id not in self.driver.get_models(model_id=model_id): raise exceptions.ModelUnknown + if value and 'meta_rules' in value: + for meta_rule_id in value['meta_rules']: + if not self.driver.get_meta_rules(meta_rule_id=meta_rule_id): + raise exceptions.MetaRuleUnknown return self.driver.update_model(model_id=model_id, value=value) @enforce(("read", "write"), "models") @@ -41,6 +45,10 @@ class ModelManager(Managers): raise exceptions.ModelExisting if not model_id: model_id = uuid4().hex + if value and 'meta_rules' in value: + for meta_rule_id in value['meta_rules']: + if not self.driver.get_meta_rules(meta_rule_id=meta_rule_id): + raise exceptions.MetaRuleUnknown return self.driver.add_model(model_id=model_id, value=value) @enforce("read", "models") @@ -51,6 +59,19 @@ class ModelManager(Managers): def set_meta_rule(self, user_id, meta_rule_id, value): if meta_rule_id not in self.driver.get_meta_rules(meta_rule_id=meta_rule_id): raise exceptions.MetaRuleUnknown + if value: + if 'subject_categories' in value: + for subject_category_id in value['subject_categories']: + if not self.driver.get_subject_categories(category_id=subject_category_id): + raise exceptions.SubjectCategoryUnknown + if 'object_categories' in value: + for object_category_id in value['object_categories']: + if not self.driver.get_object_categories(category_id=object_category_id): + raise exceptions.ObjectCategoryUnknown + if 'action_categories' in value: + for action_category_id in value['action_categories']: + if not self.driver.get_action_categories(category_id=action_category_id): + raise exceptions.ActionCategoryUnknown return self.driver.set_meta_rule(meta_rule_id=meta_rule_id, value=value) @enforce("read", "meta_rules") @@ -61,6 +82,19 @@ class ModelManager(Managers): def add_meta_rule(self, user_id, meta_rule_id=None, value=None): if meta_rule_id in self.driver.get_meta_rules(meta_rule_id=meta_rule_id): raise exceptions.MetaRuleExisting + if value: + if 'subject_categories' in value: + for subject_category_id in value['subject_categories']: + if not self.driver.get_subject_categories(category_id=subject_category_id): + raise exceptions.SubjectCategoryUnknown + if 'object_categories' in value: + for object_category_id in value['object_categories']: + if not self.driver.get_object_categories(category_id=object_category_id): + raise exceptions.ObjectCategoryUnknown + if 'action_categories' in value: + for action_category_id in value['action_categories']: + if not self.driver.get_action_categories(category_id=action_category_id): + raise exceptions.ActionCategoryUnknown return self.driver.set_meta_rule(meta_rule_id=meta_rule_id, value=value) @enforce(("read", "write"), "meta_rules") @@ -93,8 +127,11 @@ class ModelManager(Managers): meta_rules = self.get_meta_rules(user_id=user_id) for meta_rule_id in meta_rules: for subject_category_id in meta_rules[meta_rule_id]['subject_categories']: + logger.info("delete_subject_category {} {}".format(subject_category_id, meta_rule_id)) + logger.info("delete_subject_category {}".format(meta_rules[meta_rule_id])) if subject_category_id == category_id: - raise exceptions.DeleteCategoryWithMetaRule + self.delete_meta_rule(user_id, meta_rule_id) + # raise exceptions.DeleteCategoryWithMetaRule if self.driver.is_subject_data_exist(category_id=category_id): raise exceptions.DeleteCategoryWithData return self.driver.delete_subject_category(category_id=category_id) @@ -119,7 +156,7 @@ class ModelManager(Managers): for meta_rule_id in meta_rules: for object_category_id in meta_rules[meta_rule_id]['object_categories']: if object_category_id == category_id: - raise exceptions.DeleteCategoryWithMetaRule + self.delete_meta_rule(user_id, meta_rule_id) if self.driver.is_object_data_exist(category_id=category_id): raise exceptions.DeleteCategoryWithData return self.driver.delete_object_category(category_id=category_id) @@ -144,7 +181,7 @@ class ModelManager(Managers): for meta_rule_id in meta_rules: for action_category_id in meta_rules[meta_rule_id]['action_categories']: if action_category_id == category_id: - raise exceptions.DeleteCategoryWithMetaRule + self.delete_meta_rule(user_id, meta_rule_id) if self.driver.is_action_data_exist(category_id=category_id): raise exceptions.DeleteCategoryWithData return self.driver.delete_action_category(category_id=category_id) diff --git a/python_moondb/python_moondb/api/pdp.py b/python_moondb/python_moondb/api/pdp.py index 7e852ca8..d0a071c9 100644 --- a/python_moondb/python_moondb/api/pdp.py +++ b/python_moondb/python_moondb/api/pdp.py @@ -22,6 +22,10 @@ class PDPManager(Managers): def update_pdp(self, user_id, pdp_id, value): if pdp_id not in self.driver.get_pdp(pdp_id=pdp_id): raise exceptions.PdpUnknown + if value and 'security_pipeline' in value: + for policy_id in value['security_pipeline']: + if not Managers.PolicyManager.get_policies(user_id=user_id, policy_id=policy_id): + raise exceptions.PolicyUnknown return self.driver.update_pdp(pdp_id=pdp_id, value=value) @enforce(("read", "write"), "pdp") @@ -36,6 +40,10 @@ class PDPManager(Managers): raise exceptions.PdpExisting if not pdp_id: pdp_id = uuid4().hex + if value and 'security_pipeline' in value: + for policy_id in value['security_pipeline']: + if not Managers.PolicyManager.get_policies(user_id=user_id, policy_id=policy_id): + raise exceptions.PolicyUnknown return self.driver.add_pdp(pdp_id=pdp_id, value=value) @enforce("read", "pdp") diff --git a/python_moondb/python_moondb/api/policy.py b/python_moondb/python_moondb/api/policy.py index 69392e6d..05c2b7d5 100644 --- a/python_moondb/python_moondb/api/policy.py +++ b/python_moondb/python_moondb/api/policy.py @@ -40,6 +40,9 @@ class PolicyManager(Managers): def update_policy(self, user_id, policy_id, value): if policy_id not in self.driver.get_policies(policy_id=policy_id): raise exceptions.PolicyUnknown + if value and 'model_id' in value and value['model_id'] != "": + if not Managers.ModelManager.get_models(user_id, model_id=value['model_id']): + raise exceptions.ModelUnknown return self.driver.update_policy(policy_id=policy_id, value=value) @enforce(("read", "write"), "policies") @@ -60,6 +63,9 @@ class PolicyManager(Managers): raise exceptions.PolicyExisting if not policy_id: policy_id = uuid4().hex + if value and 'model_id' in value and value['model_id'] != "": + if not Managers.ModelManager.get_models(user_id, model_id=value['model_id']): + raise exceptions.ModelUnknown return self.driver.add_policy(policy_id=policy_id, value=value) @enforce("read", "policies") @@ -68,10 +74,19 @@ class PolicyManager(Managers): @enforce("read", "perimeter") def get_subjects(self, user_id, policy_id, perimeter_id=None): + if not policy_id: + pass + elif not (policy_id and self.get_policies(user_id=user_id, policy_id=policy_id)): + raise exceptions.PolicyUnknown return self.driver.get_subjects(policy_id=policy_id, perimeter_id=perimeter_id) @enforce(("read", "write"), "perimeter") def add_subject(self, user_id, policy_id, perimeter_id=None, value=None): + if not value or "name" not in value or not value["name"].strip(): + raise exceptions.PerimeterNameInvalid + if value["name"] in map(lambda x: x['name'], + self.get_subjects(user_id, policy_id, perimeter_id).values()): + raise exceptions.SubjectExisting k_user = Managers.KeystoneManager.get_user_by_name(value.get('name')) if not k_user['users']: k_user = Managers.KeystoneManager.create_user(value) @@ -94,10 +109,16 @@ class PolicyManager(Managers): @enforce(("read", "write"), "perimeter") def delete_subject(self, user_id, policy_id, perimeter_id): + if policy_id and not self.get_policies(user_id=user_id, policy_id=policy_id): + raise exceptions.PolicyUnknown return self.driver.delete_subject(policy_id=policy_id, perimeter_id=perimeter_id) @enforce("read", "perimeter") def get_objects(self, user_id, policy_id, perimeter_id=None): + if not policy_id: + pass + elif not (policy_id and self.get_policies(user_id=user_id, policy_id=policy_id)): + raise exceptions.PolicyUnknown return self.driver.get_objects(policy_id=policy_id, perimeter_id=perimeter_id) @enforce(("read", "write"), "perimeter") @@ -110,21 +131,30 @@ class PolicyManager(Managers): @enforce(("read", "write"), "perimeter") def delete_object(self, user_id, policy_id, perimeter_id): + if policy_id and not self.get_policies(user_id=user_id, policy_id=policy_id): + raise exceptions.PolicyUnknown return self.driver.delete_object(policy_id=policy_id, perimeter_id=perimeter_id) @enforce("read", "perimeter") def get_actions(self, user_id, policy_id, perimeter_id=None): + if not policy_id: + pass + elif not (policy_id and self.get_policies(user_id=user_id, policy_id=policy_id)): + raise exceptions.PolicyUnknown return self.driver.get_actions(policy_id=policy_id, perimeter_id=perimeter_id) @enforce(("read", "write"), "perimeter") def add_action(self, user_id, policy_id, perimeter_id=None, value=None): - logger.info("add_action {}".format(policy_id)) + logger.debug("add_action {}".format(policy_id)) if not self.get_policies(user_id=user_id, policy_id=policy_id): raise exceptions.PolicyUnknown return self.driver.set_action(policy_id=policy_id, perimeter_id=perimeter_id, value=value) @enforce(("read", "write"), "perimeter") def delete_action(self, user_id, policy_id, perimeter_id): + logger.debug("delete_action {} {} {}".format(policy_id, perimeter_id, self.get_policies(user_id=user_id, policy_id=policy_id))) + if policy_id and not self.get_policies(user_id=user_id, policy_id=policy_id): + raise exceptions.PolicyUnknown return self.driver.delete_action(policy_id=policy_id, perimeter_id=perimeter_id) @enforce("read", "data") @@ -144,6 +174,8 @@ class PolicyManager(Managers): def set_subject_data(self, user_id, policy_id, data_id=None, category_id=None, value=None): if not category_id: raise Exception('Invalid category id') + if not Managers.ModelManager.get_subject_categories(user_id=user_id, category_id=category_id): + raise exceptions.MetaDataUnknown if not self.get_policies(user_id=user_id, policy_id=policy_id): raise exceptions.PolicyUnknown if not data_id: @@ -175,6 +207,8 @@ class PolicyManager(Managers): def add_object_data(self, user_id, policy_id, data_id=None, category_id=None, value=None): if not category_id: raise Exception('Invalid category id') + if not Managers.ModelManager.get_object_categories(user_id=user_id, category_id=category_id): + raise exceptions.MetaDataUnknown if not self.get_policies(user_id=user_id, policy_id=policy_id): raise exceptions.PolicyUnknown if not data_id: @@ -206,6 +240,8 @@ class PolicyManager(Managers): def add_action_data(self, user_id, policy_id, data_id=None, category_id=None, value=None): if not category_id: raise Exception('Invalid category id') + if not Managers.ModelManager.get_action_categories(user_id=user_id, category_id=category_id): + raise exceptions.MetaDataUnknown if not self.get_policies(user_id=user_id, policy_id=policy_id): raise exceptions.PolicyUnknown if not data_id: @@ -228,6 +264,12 @@ class PolicyManager(Managers): def add_subject_assignment(self, user_id, policy_id, subject_id, category_id, data_id): if not self.get_policies(user_id=user_id, policy_id=policy_id): raise exceptions.PolicyUnknown + if not self.get_subjects(user_id=user_id, policy_id=policy_id, perimeter_id=subject_id): + raise exceptions.SubjectUnknown + if not Managers.ModelManager.get_subject_categories(user_id=user_id, category_id=category_id): + raise exceptions.MetaDataUnknown + if not self.get_subject_data(user_id=user_id, policy_id=policy_id, data_id=data_id): + raise exceptions.DataUnknown return self.driver.add_subject_assignment(policy_id=policy_id, subject_id=subject_id, category_id=category_id, data_id=data_id) @@ -244,6 +286,12 @@ class PolicyManager(Managers): def add_object_assignment(self, user_id, policy_id, object_id, category_id, data_id): if not self.get_policies(user_id=user_id, policy_id=policy_id): raise exceptions.PolicyUnknown + if not self.get_objects(user_id=user_id, policy_id=policy_id, perimeter_id=object_id): + raise exceptions.ObjectUnknown + if not Managers.ModelManager.get_object_categories(user_id=user_id, category_id=category_id): + raise exceptions.MetaDataUnknown + if not self.get_object_data(user_id=user_id, policy_id=policy_id, data_id=data_id): + raise exceptions.DataUnknown return self.driver.add_object_assignment(policy_id=policy_id, object_id=object_id, category_id=category_id, data_id=data_id) @@ -260,6 +308,12 @@ class PolicyManager(Managers): def add_action_assignment(self, user_id, policy_id, action_id, category_id, data_id): if not self.get_policies(user_id=user_id, policy_id=policy_id): raise exceptions.PolicyUnknown + if not self.get_actions(user_id=user_id, policy_id=policy_id, perimeter_id=action_id): + raise exceptions.ActionUnknown + if not Managers.ModelManager.get_action_categories(user_id=user_id, category_id=category_id): + raise exceptions.MetaDataUnknown + if not self.get_action_data(user_id=user_id, policy_id=policy_id, data_id=data_id): + raise exceptions.DataUnknown return self.driver.add_action_assignment(policy_id=policy_id, action_id=action_id, category_id=category_id, data_id=data_id) @@ -271,11 +325,14 @@ class PolicyManager(Managers): @enforce("read", "rules") def get_rules(self, user_id, policy_id, meta_rule_id=None, rule_id=None): return self.driver.get_rules(policy_id=policy_id, meta_rule_id=meta_rule_id, rule_id=rule_id) + logger.info("delete_subject_data: {} {}".format(policy_id, data_id)) @enforce(("read", "write"), "rules") def add_rule(self, user_id, policy_id, meta_rule_id, value): if not self.get_policies(user_id=user_id, policy_id=policy_id): raise exceptions.PolicyUnknown + if not self.ModelManager.get_meta_rules(user_id=user_id, meta_rule_id=meta_rule_id): + raise exceptions.MetaRuleUnknown return self.driver.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) @enforce(("read", "write"), "rules") diff --git a/python_moondb/python_moondb/backends/sql.py b/python_moondb/python_moondb/backends/sql.py index 366ed7de..7310e7f3 100644 --- a/python_moondb/python_moondb/backends/sql.py +++ b/python_moondb/python_moondb/backends/sql.py @@ -14,7 +14,7 @@ from sqlalchemy import create_engine from contextlib import contextmanager from sqlalchemy import types as sql_types from python_moonutilities import configuration -from python_moonutilities.exceptions import * +from python_moonutilities import exceptions from python_moondb.core import PDPDriver, PolicyDriver, ModelDriver import sqlalchemy @@ -134,6 +134,7 @@ class PerimeterBase(DictBase): name = sql.Column(sql.String(256), nullable=False) value = sql.Column(JsonBlob(), nullable=True) __mapper_args__ = {'concrete': True} + def __repr__(self): return "{} with name {} : {}".format(self.id, self.name, json.dumps(self.value)) @@ -155,6 +156,7 @@ class PerimeterBase(DictBase): 'value': dict_value } + class Subject(Base, PerimeterBase): __tablename__ = 'subjects' @@ -352,7 +354,7 @@ class PDPConnector(BaseConnector, PDPDriver): setattr(ref, "value", d) return {ref.id: ref.to_dict()} except sqlalchemy.exc.IntegrityError: - raise PdpExisting + raise exceptions.PdpExisting def delete_pdp(self, pdp_id): with self.get_session_for_write() as session: @@ -374,7 +376,7 @@ class PDPConnector(BaseConnector, PDPDriver): session.add(new) return {new.id: new.to_dict()} except sqlalchemy.exc.IntegrityError: - raise PdpExisting + raise exceptions.PdpExisting def get_pdp(self, pdp_id=None): with self.get_session_for_read() as session: @@ -416,7 +418,7 @@ class PolicyConnector(BaseConnector, PolicyDriver): new = Policy.from_dict({ "id": policy_id if policy_id else uuid4().hex, "name": value["name"], - "model_id": value["model_id"], + "model_id": value.get("model_id", ""), "value": value_wo_other_info }) session.add(new) @@ -452,13 +454,20 @@ class PolicyConnector(BaseConnector, PolicyDriver): return {_ref.id: _ref.to_return() for _ref in ref_list} def __set_perimeter(self, ClassType, ClassTypeException, policy_id, perimeter_id=None, value=None): - _perimeter = None + if not value or "name" not in value or not value["name"].strip(): + raise exceptions.PerimeterNameInvalid with self.get_session_for_write() as session: + _perimeter = None if perimeter_id: query = session.query(ClassType) query = query.filter_by(id=perimeter_id) _perimeter = query.first() - logger.info("+++++++++++++ {}".format(_perimeter)) + if not perimeter_id and not _perimeter: + query = session.query(ClassType) + query = query.filter_by(name=value['name']) + _perimeter = query.first() + if _perimeter: + raise ClassTypeException if not _perimeter: if "policy_list" not in value or type(value["policy_list"]) is not list: value["policy_list"] = [] @@ -466,9 +475,9 @@ class PolicyConnector(BaseConnector, PolicyDriver): value["policy_list"] = [policy_id, ] value_wo_name = copy.deepcopy(value) - value_wo_name.pop("name",None) + value_wo_name.pop("name", None) new = ClassType.from_dict({ - "id": uuid4().hex, + "id": perimeter_id if perimeter_id else uuid4().hex, "name": value["name"], "value": value_wo_name }) @@ -480,7 +489,7 @@ class PolicyConnector(BaseConnector, PolicyDriver): _value["value"]["policy_list"] = [] if policy_id and policy_id not in _value["value"]["policy_list"]: _value["value"]["policy_list"].append(policy_id) - logger.info("-------------_value- {}".format(_value)) + _value["value"].update(value) name = _value["value"]["name"] _value["value"].pop("name") @@ -489,13 +498,11 @@ class PolicyConnector(BaseConnector, PolicyDriver): "name": name, "value": _value["value"] }) - logger.info("-------------- new {}".format(new_perimeter)) - logger.info("-------------- old {}".format(_perimeter)) _perimeter.value = new_perimeter.value _perimeter.name = new_perimeter.name return {_perimeter.id: _perimeter.to_return()} - def __delete_perimeter(self,ClassType, ClassUnknownException, policy_id, perimeter_id): + def __delete_perimeter(self, ClassType, ClassUnknownException, policy_id, perimeter_id): with self.get_session_for_write() as session: query = session.query(ClassType) query = query.filter_by(id=perimeter_id) @@ -503,7 +510,6 @@ class PolicyConnector(BaseConnector, PolicyDriver): if not _perimeter: raise ClassUnknownException old_perimeter = copy.deepcopy(_perimeter.to_dict()) - # value = _subject.to_dict() try: old_perimeter["value"]["policy_list"].remove(policy_id) new_perimeter = ClassType.from_dict(old_perimeter) @@ -517,39 +523,41 @@ class PolicyConnector(BaseConnector, PolicyDriver): def set_subject(self, policy_id, perimeter_id=None, value=None): try: - return self.__set_perimeter(Subject, SubjectExisting, policy_id, perimeter_id=perimeter_id, value=value) + return self.__set_perimeter(Subject, exceptions.SubjectExisting, policy_id, perimeter_id=perimeter_id, value=value) except sqlalchemy.exc.IntegrityError: - raise SubjectExisting + raise exceptions.SubjectExisting def delete_subject(self, policy_id, perimeter_id): - self.__delete_perimeter(Subject, SubjectUnknown, policy_id, perimeter_id) + self.__delete_perimeter(Subject, exceptions.SubjectUnknown, policy_id, perimeter_id) def get_objects(self, policy_id, perimeter_id=None): return self.__get_perimeters(Object, policy_id, perimeter_id) def set_object(self, policy_id, perimeter_id=None, value=None): try: - return self.__set_perimeter(Object, ObjectExisting, policy_id, perimeter_id=perimeter_id, value=value) - except sqlalchemy.exc.IntegrityError: - raise ObjectExisting + return self.__set_perimeter(Object, exceptions.ObjectExisting, policy_id, perimeter_id=perimeter_id, value=value) + except sqlalchemy.exc.IntegrityError as e: + logger.exception("IntegrityError {}".format(e)) + raise exceptions.ObjectExisting def delete_object(self, policy_id, perimeter_id): - self.__delete_perimeter(Object, ObjectUnknown, policy_id, perimeter_id) + self.__delete_perimeter(Object, exceptions.ObjectUnknown, policy_id, perimeter_id) def get_actions(self, policy_id, perimeter_id=None): return self.__get_perimeters(Action, policy_id, perimeter_id) def set_action(self, policy_id, perimeter_id=None, value=None): try: - return self.__set_perimeter(Action, ActionExisting, policy_id, perimeter_id=perimeter_id, value=value) + return self.__set_perimeter(Action, exceptions.ActionExisting, policy_id, perimeter_id=perimeter_id, value=value) except sqlalchemy.exc.IntegrityError: - raise ActionExisting + raise exceptions.ActionExisting def delete_action(self, policy_id, perimeter_id): - self.__delete_perimeter(Action, ActionUnknown, policy_id, perimeter_id) + self.__delete_perimeter(Action, exceptions.ActionUnknown, policy_id, perimeter_id) - def __is_perimeter_data_exist(self, ClassType ,data_id=None, category_id=None): - logger.info("driver {} {}".format( data_id, category_id)) + def __is_data_exist(self, ClassType, data_id=None, category_id=None): + if not data_id: + return False with self.get_session_for_read() as session: query = session.query(ClassType) query = query.filter_by(category_id=category_id) @@ -558,23 +566,23 @@ class PolicyConnector(BaseConnector, PolicyDriver): return True return False - def __get_perimeter_data(self, ClassType, policy_id, data_id=None, category_id=None): - logger.info("driver {} {} {}".format(policy_id, data_id, category_id)) + def __get_data(self, ClassType, policy_id, data_id=None, category_id=None): with self.get_session_for_read() as session: query = session.query(ClassType) - if data_id: + if policy_id and data_id and category_id: query = query.filter_by(policy_id=policy_id, id=data_id, category_id=category_id) - else: + elif policy_id and category_id: query = query.filter_by(policy_id=policy_id, category_id=category_id) + else: + query = query.filter_by(category_id=category_id) ref_list = query.all() - logger.info("ref_list={}".format(ref_list)) return { "policy_id": policy_id, "category_id": category_id, "data": {_ref.id: _ref.to_dict() for _ref in ref_list} } - def __set_perimeter_data(self, ClassType, ClassTypeData, policy_id, data_id=None, category_id=None, value=None): + def __set_data(self, ClassType, ClassTypeData, policy_id, data_id=None, category_id=None, value=None): with self.get_session_for_write() as session: query = session.query(ClassTypeData) query = query.filter_by(policy_id=policy_id, id=data_id, category_id=category_id) @@ -604,7 +612,7 @@ class PolicyConnector(BaseConnector, PolicyDriver): "data": {ref.id: ref.to_dict()} } - def __delete_perimeter_data(self, ClassType, policy_id, data_id): + def __delete_data(self, ClassType, policy_id, data_id): with self.get_session_for_write() as session: query = session.query(ClassType) query = query.filter_by(policy_id=policy_id, id=data_id) @@ -613,49 +621,49 @@ class PolicyConnector(BaseConnector, PolicyDriver): session.delete(ref) def is_subject_data_exist(self, data_id=None, category_id=None): - return self.__is_perimeter_data_exist(SubjectData, data_id=data_id, category_id=category_id) + return self.__is_data_exist(SubjectData, data_id=data_id, category_id=category_id) def get_subject_data(self, policy_id, data_id=None, category_id=None): - return self.__get_perimeter_data(SubjectData, policy_id, data_id=data_id, category_id=category_id) + return self.__get_data(SubjectData, policy_id, data_id=data_id, category_id=category_id) def set_subject_data(self, policy_id, data_id=None, category_id=None, value=None): try: - return self.__set_perimeter_data(Subject, SubjectData, policy_id, data_id=data_id, category_id=category_id, value=value) + return self.__set_data(Subject, SubjectData, policy_id, data_id=data_id, category_id=category_id, value=value) except sqlalchemy.exc.IntegrityError: - raise SubjectScopeExisting + raise exceptions.SubjectScopeExisting def delete_subject_data(self, policy_id, data_id): - return self.__delete_perimeter_data(SubjectData, policy_id, data_id) + return self.__delete_data(SubjectData, policy_id, data_id) def is_object_data_exist(self, data_id=None, category_id=None): - return self.__is_perimeter_data_exist(ObjectData, data_id=data_id, category_id=category_id) + return self.__is_data_exist(ObjectData, data_id=data_id, category_id=category_id) def get_object_data(self, policy_id, data_id=None, category_id=None): - return self.__get_perimeter_data(ObjectData, policy_id, data_id=data_id, category_id=category_id) + return self.__get_data(ObjectData, policy_id, data_id=data_id, category_id=category_id) def set_object_data(self, policy_id, data_id=None, category_id=None, value=None): try: - return self.__set_perimeter_data(Object, ObjectData, policy_id, data_id=data_id, category_id=category_id, value=value) + return self.__set_data(Object, ObjectData, policy_id, data_id=data_id, category_id=category_id, value=value) except sqlalchemy.exc.IntegrityError: - raise ObjectScopeExisting + raise exceptions.ObjectScopeExisting def delete_object_data(self, policy_id, data_id): - return self.__delete_perimeter_data(ObjectData, policy_id, data_id) + return self.__delete_data(ObjectData, policy_id, data_id) def is_action_data_exist(self, data_id=None,category_id=None): - return self.__is_perimeter_data_exist(ActionData, data_id=data_id, category_id=category_id) + return self.__is_data_exist(ActionData, data_id=data_id, category_id=category_id) def get_action_data(self, policy_id, data_id=None, category_id=None): - return self.__get_perimeter_data(ActionData, policy_id, data_id=data_id, category_id=category_id) + return self.__get_data(ActionData, policy_id, data_id=data_id, category_id=category_id) def set_action_data(self, policy_id, data_id=None, category_id=None, value=None): try: - return self.__set_perimeter_data(Action, ActionData, policy_id, data_id=data_id, category_id=category_id, value=value) + return self.__set_data(Action, ActionData, policy_id, data_id=data_id, category_id=category_id, value=value) except sqlalchemy.exc.IntegrityError: - raise ActionScopeExisting + raise exceptions.ActionScopeExisting def delete_action_data(self, policy_id, data_id): - return self.__delete_perimeter_data(ActionData, policy_id, data_id) + return self.__delete_data(ActionData, policy_id, data_id) def get_subject_assignments(self, policy_id, subject_id=None, category_id=None): with self.get_session_for_write() as session: @@ -682,7 +690,7 @@ class PolicyConnector(BaseConnector, PolicyDriver): assignments.append(data_id) setattr(ref, "assignments", assignments) else: - raise SubjectAssignmentExisting + raise exceptions.SubjectAssignmentExisting else: ref = SubjectAssignment.from_dict( { @@ -737,7 +745,7 @@ class PolicyConnector(BaseConnector, PolicyDriver): assignments.append(data_id) setattr(ref, "assignments", assignments) else: - raise ObjectAssignmentExisting + raise exceptions.ObjectAssignmentExisting else: ref = ObjectAssignment.from_dict( { @@ -792,7 +800,7 @@ class PolicyConnector(BaseConnector, PolicyDriver): assignments.append(data_id) setattr(ref, "assignments", assignments) else: - raise ActionAssignmentExisting + raise exceptions.ActionAssignmentExisting else: ref = ActionAssignment.from_dict( { @@ -847,6 +855,10 @@ class PolicyConnector(BaseConnector, PolicyDriver): def add_rule(self, policy_id, meta_rule_id, value): try: + rules = self.get_rules(policy_id, meta_rule_id=meta_rule_id) + for _rule in map(lambda x: x["rule"], rules["rules"]): + if list(value.get('rule')) == list(_rule): + raise exceptions.RuleExisting with self.get_session_for_write() as session: ref = Rule.from_dict( { @@ -859,7 +871,7 @@ class PolicyConnector(BaseConnector, PolicyDriver): session.add(ref) return {ref.id: ref.to_dict()} except sqlalchemy.exc.IntegrityError: - raise RuleExisting + raise exceptions.RuleExisting def delete_rule(self, policy_id, rule_id): with self.get_session_for_write() as session: @@ -905,7 +917,7 @@ class ModelConnector(BaseConnector, ModelDriver): session.add(new) return {new.id: new.to_dict()} except sqlalchemy.exc.IntegrityError as e: - raise ModelExisting + raise exceptions.ModelExisting def get_models(self, model_id=None): with self.get_session_for_read() as session: @@ -939,7 +951,7 @@ class ModelConnector(BaseConnector, ModelDriver): ) session.add(ref) except sqlalchemy.exc.IntegrityError as e: - raise MetaRuleExisting + raise exceptions.MetaRuleExisting else: query = session.query(MetaRule) query = query.filter_by(id=meta_rule_id) @@ -976,6 +988,8 @@ class ModelConnector(BaseConnector, ModelDriver): return {_ref.id: _ref.to_dict() for _ref in ref_list} def __add_perimeter_category(self, ClassType, name, description, uuid=None): + if not name.strip(): + raise exceptions.CategoryNameInvalid with self.get_session_for_write() as session: ref = ClassType.from_dict( { @@ -1002,7 +1016,7 @@ class ModelConnector(BaseConnector, ModelDriver): try: return self.__add_perimeter_category(SubjectCategory, name, description, uuid=uuid) except sql.exc.IntegrityError as e: - raise SubjectCategoryExisting() + raise exceptions.SubjectCategoryExisting() def delete_subject_category(self, category_id): self.__delete_perimeter_category(SubjectCategory, category_id) @@ -1014,7 +1028,7 @@ class ModelConnector(BaseConnector, ModelDriver): try: return self.__add_perimeter_category(ObjectCategory, name, description, uuid=uuid) except sql.exc.IntegrityError as e: - raise ObjectCategoryExisting() + raise exceptions.ObjectCategoryExisting() def delete_object_category(self, category_id): self.__delete_perimeter_category(ObjectCategory, category_id) @@ -1027,7 +1041,7 @@ class ModelConnector(BaseConnector, ModelDriver): try: return self.__add_perimeter_category(ActionCategory, name, description, uuid=uuid) except sql.exc.IntegrityError as e: - raise ActionCategoryExisting() + raise exceptions.ActionCategoryExisting() def delete_action_category(self, category_id): self.__delete_perimeter_category(ActionCategory, category_id) diff --git a/python_moondb/python_moondb/migrate_repo/versions/001_moon.py b/python_moondb/python_moondb/migrate_repo/versions/001_moon.py index f69d708d..1bfb2ffa 100644 --- a/python_moondb/python_moondb/migrate_repo/versions/001_moon.py +++ b/python_moondb/python_moondb/migrate_repo/versions/001_moon.py @@ -3,7 +3,19 @@ # license which can be found in the file 'LICENSE' in this package distribution # or at 'http://www.apache.org/licenses/LICENSE-2.0'. +import json import sqlalchemy as sql +from sqlalchemy import types as sql_types + +class JsonBlob(sql_types.TypeDecorator): + + impl = sql.Text + + def process_bind_param(self, value, dialect): + return json.dumps(value) + + def process_result_value(self, value, dialect): + return json.loads(value) def upgrade(migrate_engine): @@ -16,7 +28,7 @@ def upgrade(migrate_engine): sql.Column('id', sql.String(64), primary_key=True), sql.Column('name', sql.String(256), nullable=False), sql.Column('keystone_project_id', sql.String(64), nullable=True, default=""), - sql.Column('value', sql.Text(), nullable=True), + sql.Column('value', JsonBlob(), nullable=True), sql.UniqueConstraint('name', 'keystone_project_id', name='unique_constraint_models'), mysql_engine='InnoDB', mysql_charset='utf8') @@ -28,7 +40,7 @@ def upgrade(migrate_engine): sql.Column('id', sql.String(64), primary_key=True), sql.Column('name', sql.String(256), nullable=False), sql.Column('model_id', sql.String(64), nullable=True, default=""), - sql.Column('value', sql.Text(), nullable=True), + sql.Column('value', JsonBlob(), nullable=True), sql.UniqueConstraint('name', 'model_id', name='unique_constraint_models'), mysql_engine='InnoDB', mysql_charset='utf8') @@ -39,7 +51,7 @@ def upgrade(migrate_engine): meta, sql.Column('id', sql.String(64), primary_key=True), sql.Column('name', sql.String(256), nullable=False), - sql.Column('value', sql.Text(), nullable=True), + sql.Column('value', JsonBlob(), nullable=True), sql.UniqueConstraint('name', name='unique_constraint_models'), mysql_engine='InnoDB', mysql_charset='utf8') @@ -86,7 +98,7 @@ def upgrade(migrate_engine): meta, sql.Column('id', sql.String(64), primary_key=True), sql.Column('name', sql.String(256), nullable=False), - sql.Column('value', sql.Text(), nullable=True), + sql.Column('value', JsonBlob(), nullable=True), sql.UniqueConstraint('name', name='unique_constraint_subjects'), mysql_engine='InnoDB', mysql_charset='utf8') @@ -97,7 +109,7 @@ def upgrade(migrate_engine): meta, sql.Column('id', sql.String(64), primary_key=True), sql.Column('name', sql.String(256), nullable=False), - sql.Column('value', sql.Text(), nullable=True), + sql.Column('value', JsonBlob(), nullable=True), sql.UniqueConstraint('name', name='unique_constraint_objects'), mysql_engine='InnoDB', mysql_charset='utf8') @@ -108,7 +120,7 @@ def upgrade(migrate_engine): meta, sql.Column('id', sql.String(64), primary_key=True), sql.Column('name', sql.String(256), nullable=False), - sql.Column('value', sql.Text(), nullable=True), + sql.Column('value', JsonBlob(), nullable=True), sql.UniqueConstraint('name', name='unique_constraint_actions'), mysql_engine='InnoDB', mysql_charset='utf8') @@ -119,7 +131,7 @@ def upgrade(migrate_engine): meta, sql.Column('id', sql.String(64), primary_key=True), sql.Column('name', sql.String(256), nullable=False), - sql.Column('value', sql.Text(), nullable=True), + sql.Column('value', JsonBlob(), nullable=True), sql.Column('category_id', sql.ForeignKey("subject_categories.id"), nullable=False), sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False), sql.UniqueConstraint('name', 'category_id', 'policy_id', name='unique_constraint_subject_data'), @@ -132,7 +144,7 @@ def upgrade(migrate_engine): meta, sql.Column('id', sql.String(64), primary_key=True), sql.Column('name', sql.String(256), nullable=False), - sql.Column('value', sql.Text(), nullable=True), + sql.Column('value', JsonBlob(), nullable=True), sql.Column('category_id', sql.ForeignKey("object_categories.id"), nullable=False), sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False), sql.UniqueConstraint('name', 'category_id', 'policy_id', name='unique_constraint_object_data'), @@ -145,7 +157,7 @@ def upgrade(migrate_engine): meta, sql.Column('id', sql.String(64), primary_key=True), sql.Column('name', sql.String(256), nullable=False), - sql.Column('value', sql.Text(), nullable=True), + sql.Column('value', JsonBlob(), nullable=True), sql.Column('category_id', sql.ForeignKey("action_categories.id"), nullable=False), sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False), sql.UniqueConstraint('name', 'category_id', 'policy_id', name='unique_constraint_action_data'), @@ -157,7 +169,7 @@ def upgrade(migrate_engine): 'subject_assignments', meta, sql.Column('id', sql.String(64), primary_key=True), - sql.Column('assignments', sql.Text(), nullable=True), + sql.Column('assignments', sql.String(256), nullable=True), sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False), sql.Column('subject_id', sql.ForeignKey("subjects.id"), nullable=False), sql.Column('category_id', sql.ForeignKey("subject_categories.id"), nullable=False), @@ -170,7 +182,7 @@ def upgrade(migrate_engine): 'object_assignments', meta, sql.Column('id', sql.String(64), primary_key=True), - sql.Column('assignments', sql.Text(), nullable=True), + sql.Column('assignments', sql.String(256), nullable=True), sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False), sql.Column('object_id', sql.ForeignKey("objects.id"), nullable=False), sql.Column('category_id', sql.ForeignKey("object_categories.id"), nullable=False), @@ -183,7 +195,7 @@ def upgrade(migrate_engine): 'action_assignments', meta, sql.Column('id', sql.String(64), primary_key=True), - sql.Column('assignments', sql.Text(), nullable=True), + sql.Column('assignments', sql.String(256), nullable=True), sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False), sql.Column('action_id', sql.ForeignKey("actions.id"), nullable=False), sql.Column('category_id', sql.ForeignKey("action_categories.id"), nullable=False), @@ -197,12 +209,12 @@ def upgrade(migrate_engine): meta, sql.Column('id', sql.String(64), primary_key=True), sql.Column('name', sql.String(256), nullable=False), - sql.Column('subject_categories', sql.Text(), nullable=False), - sql.Column('object_categories', sql.Text(), nullable=False), - sql.Column('action_categories', sql.Text(), nullable=False), - sql.Column('value', sql.Text(), nullable=True), + sql.Column('subject_categories', JsonBlob(), nullable=False), + sql.Column('object_categories', JsonBlob(), nullable=False), + sql.Column('action_categories', JsonBlob(), nullable=False), + sql.Column('value', JsonBlob(), nullable=True), sql.UniqueConstraint('name', name='unique_constraint_meta_rule_name'), - sql.UniqueConstraint('subject_categories', 'object_categories', 'action_categories', name='unique_constraint_meta_rule_def'), + # sql.UniqueConstraint('subject_categories', 'object_categories', 'action_categories', name='unique_constraint_meta_rule_def'), mysql_engine='InnoDB', mysql_charset='utf8') meta_rules_table.create(migrate_engine, checkfirst=True) @@ -211,10 +223,9 @@ def upgrade(migrate_engine): 'rules', meta, sql.Column('id', sql.String(64), primary_key=True), - sql.Column('rule', sql.Text(), nullable=True), + sql.Column('rule', JsonBlob(), nullable=True), sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False), sql.Column('meta_rule_id', sql.ForeignKey("meta_rules.id"), nullable=False), - sql.UniqueConstraint('rule', 'policy_id', 'meta_rule_id', name='unique_constraint_rule'), mysql_engine='InnoDB', mysql_charset='utf8') rules_table.create(migrate_engine, checkfirst=True) |