diff options
-rw-r--r-- | moonv4/moon_manager/moon_manager/api/assignments.py | 18 | ||||
-rw-r--r-- | moonv4/moon_manager/moon_manager/api/data.py | 83 | ||||
-rw-r--r-- | moonv4/moon_manager/moon_manager/api/meta_data.py | 45 | ||||
-rw-r--r-- | moonv4/moon_manager/moon_manager/api/meta_rules.py | 41 | ||||
-rw-r--r-- | moonv4/moon_manager/moon_manager/api/models.py | 14 | ||||
-rw-r--r-- | moonv4/moon_manager/moon_manager/api/pdp.py | 14 | ||||
-rw-r--r-- | moonv4/moon_manager/moon_manager/api/perimeter.py | 87 | ||||
-rw-r--r-- | moonv4/moon_manager/moon_manager/api/policies.py | 14 | ||||
-rw-r--r-- | moonv4/moon_manager/moon_manager/api/rules.py | 40 | ||||
-rw-r--r-- | moonv4/moon_manager/moon_manager/http_server.py | 4 |
10 files changed, 217 insertions, 143 deletions
diff --git a/moonv4/moon_manager/moon_manager/api/assignments.py b/moonv4/moon_manager/moon_manager/api/assignments.py index bc585304..3bb6ed29 100644 --- a/moonv4/moon_manager/moon_manager/api/assignments.py +++ b/moonv4/moon_manager/moon_manager/api/assignments.py @@ -60,7 +60,7 @@ class SubjectAssignments(Resource): except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"subject_assignments": data} @check_auth @@ -97,7 +97,7 @@ class SubjectAssignments(Resource): except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"subject_assignments": data} @check_auth @@ -122,7 +122,7 @@ class SubjectAssignments(Resource): except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"result": True} @@ -164,7 +164,7 @@ class ObjectAssignments(Resource): except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"object_assignments": data} @check_auth @@ -201,7 +201,7 @@ class ObjectAssignments(Resource): except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"object_assignments": data} @check_auth @@ -226,7 +226,7 @@ class ObjectAssignments(Resource): except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"result": True} @@ -268,7 +268,7 @@ class ActionAssignments(Resource): except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"action_assignments": data} @check_auth @@ -305,7 +305,7 @@ class ActionAssignments(Resource): except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"action_assignments": data} @check_auth @@ -330,5 +330,5 @@ class ActionAssignments(Resource): except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"result": True} diff --git a/moonv4/moon_manager/moon_manager/api/data.py b/moonv4/moon_manager/moon_manager/api/data.py index fbf26fd9..85faf415 100644 --- a/moonv4/moon_manager/moon_manager/api/data.py +++ b/moonv4/moon_manager/moon_manager/api/data.py @@ -27,12 +27,14 @@ class SubjectData(Resource): "/policies/<string:uuid>/subject_data", "/policies/<string:uuid>/subject_data/", "/policies/<string:uuid>/subject_data/<string:category_id>", - "/policies/<string:uuid>/subject_data/<string:category_id>/<string:data_id>", + "/policies/<string:uuid>/subject_data/<string:category_id>/" + "<string:data_id>", ) @check_auth def get(self, uuid=None, category_id=None, data_id=None, user_id=None): - """Retrieve all subject categories or a specific one if sid is given for a given policy + """Retrieve all subject categories or a specific one if sid is given + for a given policy :param uuid: uuid of the policy :param category_id: uuid of the subject category @@ -51,12 +53,14 @@ class SubjectData(Resource): :internal_api: get_subject_data """ try: - data = PolicyManager.get_subject_data(user_id=user_id, policy_id=uuid, - category_id=category_id, data_id=data_id) + data = PolicyManager.get_subject_data(user_id=user_id, + policy_id=uuid, + category_id=category_id, + data_id=data_id) except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"subject_data": data} @check_auth @@ -84,12 +88,14 @@ class SubjectData(Resource): :internal_api: add_subject_data """ try: - data = PolicyManager.set_subject_data(user_id=user_id, policy_id=uuid, - category_id=category_id, value=request.json) + data = PolicyManager.set_subject_data(user_id=user_id, + policy_id=uuid, + category_id=category_id, + value=request.json) except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"subject_data": data} @check_auth @@ -107,12 +113,13 @@ class SubjectData(Resource): :internal_api: delete_subject_data """ try: - data = PolicyManager.delete_subject_data(user_id=user_id, policy_id=uuid, + data = PolicyManager.delete_subject_data(user_id=user_id, + policy_id=uuid, data_id=data_id) except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"result": True} @@ -125,12 +132,14 @@ class ObjectData(Resource): "/policies/<string:uuid>/object_data", "/policies/<string:uuid>/object_data/", "/policies/<string:uuid>/object_data/<string:category_id>", - "/policies/<string:uuid>/object_data/<string:category_id>/<string:data_id>", + "/policies/<string:uuid>/object_data/<string:category_id>/" + "<string:data_id>", ) @check_auth def get(self, uuid=None, category_id=None, data_id=None, user_id=None): - """Retrieve all object categories or a specific one if sid is given for a given policy + """Retrieve all object categories or a specific one if sid is given + for a given policy :param uuid: uuid of the policy :param category_id: uuid of the object category @@ -149,12 +158,14 @@ class ObjectData(Resource): :internal_api: get_object_data """ try: - data = PolicyManager.get_object_data(user_id=user_id, policy_id=uuid, - category_id=category_id, data_id=data_id) + data = PolicyManager.get_object_data(user_id=user_id, + policy_id=uuid, + category_id=category_id, + data_id=data_id) except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"object_data": data} @check_auth @@ -182,12 +193,14 @@ class ObjectData(Resource): :internal_api: add_object_data """ try: - data = PolicyManager.add_object_data(user_id=user_id, policy_id=uuid, - category_id=category_id, value=request.json) + data = PolicyManager.add_object_data(user_id=user_id, + policy_id=uuid, + category_id=category_id, + value=request.json) except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"object_data": data} @check_auth @@ -205,12 +218,13 @@ class ObjectData(Resource): :internal_api: delete_object_data """ try: - data = PolicyManager.delete_object_data(user_id=user_id, policy_id=uuid, - data_id=data_id) + data = PolicyManager.delete_object_data(user_id=user_id, + policy_id=uuid, + data_id=data_id) except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"result": True} @@ -223,12 +237,14 @@ class ActionData(Resource): "/policies/<string:uuid>/action_data", "/policies/<string:uuid>/action_data/", "/policies/<string:uuid>/action_data/<string:category_id>", - "/policies/<string:uuid>/action_data/<string:category_id>/<string:data_id>", + "/policies/<string:uuid>/action_data/<string:category_id>/" + "<string:data_id>", ) @check_auth def get(self, uuid=None, category_id=None, data_id=None, user_id=None): - """Retrieve all action categories or a specific one if sid is given for a given policy + """Retrieve all action categories or a specific one if sid is given + for a given policy :param uuid: uuid of the policy :param category_id: uuid of the action category @@ -247,12 +263,14 @@ class ActionData(Resource): :internal_api: get_action_data """ try: - data = PolicyManager.get_action_data(user_id=user_id, policy_id=uuid, - category_id=category_id, data_id=data_id) + data = PolicyManager.get_action_data(user_id=user_id, + policy_id=uuid, + category_id=category_id, + data_id=data_id) except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"action_data": data} @check_auth @@ -280,12 +298,14 @@ class ActionData(Resource): :internal_api: add_action_data """ try: - data = PolicyManager.add_action_data(user_id=user_id, policy_id=uuid, - category_id=category_id, value=request.json) + data = PolicyManager.add_action_data(user_id=user_id, + policy_id=uuid, + category_id=category_id, + value=request.json) except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"action_data": data} @check_auth @@ -303,12 +323,13 @@ class ActionData(Resource): :internal_api: delete_action_data """ try: - data = PolicyManager.delete_action_data(user_id=user_id, policy_id=uuid, + data = PolicyManager.delete_action_data(user_id=user_id, + policy_id=uuid, data_id=data_id) except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"result": True} diff --git a/moonv4/moon_manager/moon_manager/api/meta_data.py b/moonv4/moon_manager/moon_manager/api/meta_data.py index 0f9078ed..95cd58cc 100644 --- a/moonv4/moon_manager/moon_manager/api/meta_data.py +++ b/moonv4/moon_manager/moon_manager/api/meta_data.py @@ -44,11 +44,12 @@ class SubjectCategories(Resource): :internal_api: get_subject_categories """ try: - data = ModelManager.get_subject_categories(user_id=user_id, category_id=category_id) + data = ModelManager.get_subject_categories( + user_id=user_id, category_id=category_id) except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"subject_categories": data} @check_auth @@ -70,11 +71,12 @@ class SubjectCategories(Resource): :internal_api: add_subject_category """ try: - data = ModelManager.add_subject_category(user_id=user_id, value=request.json) + data = ModelManager.add_subject_category( + user_id=user_id, value=request.json) except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"subject_categories": data} @check_auth @@ -90,11 +92,12 @@ class SubjectCategories(Resource): :internal_api: delete_subject_category """ try: - data = ModelManager.delete_subject_category(user_id=user_id, category_id=category_id) + data = ModelManager.delete_subject_category( + user_id=user_id, category_id=category_id) except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"result": True} @@ -124,11 +127,12 @@ class ObjectCategories(Resource): :internal_api: get_object_categories """ try: - data = ModelManager.get_object_categories(user_id=user_id, category_id=category_id) + data = ModelManager.get_object_categories( + user_id=user_id, category_id=category_id) except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"object_categories": data} @check_auth @@ -150,11 +154,12 @@ class ObjectCategories(Resource): :internal_api: add_object_category """ try: - data = ModelManager.add_object_category(user_id=user_id, value=request.json) + data = ModelManager.add_object_category( + user_id=user_id, value=request.json) except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"object_categories": data} @check_auth @@ -170,11 +175,12 @@ class ObjectCategories(Resource): :internal_api: delete_object_category """ try: - data = ModelManager.delete_object_category(user_id=user_id, category_id=category_id) + data = ModelManager.delete_object_category( + user_id=user_id, category_id=category_id) except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"result": True} @@ -204,11 +210,12 @@ class ActionCategories(Resource): :internal_api: get_action_categories """ try: - data = ModelManager.get_action_categories(user_id=user_id, category_id=category_id) + data = ModelManager.get_action_categories( + user_id=user_id, category_id=category_id) except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"action_categories": data} @check_auth @@ -230,11 +237,12 @@ class ActionCategories(Resource): :internal_api: add_action_category """ try: - data = ModelManager.add_action_category(user_id=user_id, value=request.json) + data = ModelManager.add_action_category( + user_id=user_id, value=request.json) except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"action_categories": data} @check_auth @@ -250,9 +258,10 @@ class ActionCategories(Resource): :internal_api: delete_action_category """ try: - data = ModelManager.delete_action_category(user_id=user_id, category_id=category_id) + data = ModelManager.delete_action_category( + user_id=user_id, category_id=category_id) except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"result": True} diff --git a/moonv4/moon_manager/moon_manager/api/meta_rules.py b/moonv4/moon_manager/moon_manager/api/meta_rules.py index dc3ea0db..45e2b5ee 100644 --- a/moonv4/moon_manager/moon_manager/api/meta_rules.py +++ b/moonv4/moon_manager/moon_manager/api/meta_rules.py @@ -39,7 +39,8 @@ class MetaRules(Resource): "meta_rule_id1": { "name": "name of the meta rule", "algorithm": "name of the meta rule algorithm", - "subject_categories": ["subject_category_id1", "subject_category_id2"], + "subject_categories": ["subject_category_id1", + "subject_category_id2"], "object_categories": ["object_category_id1"], "action_categories": ["action_category_id1"] }, @@ -48,11 +49,12 @@ class MetaRules(Resource): :internal_api: get_meta_rules """ try: - data = ModelManager.get_meta_rules(user_id=user_id, meta_rule_id=meta_rule_id) + data = ModelManager.get_meta_rules( + user_id=user_id, meta_rule_id=meta_rule_id) except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"meta_rules": data} @check_auth @@ -63,7 +65,8 @@ class MetaRules(Resource): :param user_id: user ID who do the request :request body: post = { "name": "name of the meta rule", - "subject_categories": ["subject_category_id1", "subject_category_id2"], + "subject_categories": ["subject_category_id1", + "subject_category_id2"], "object_categories": ["object_category_id1"], "action_categories": ["action_category_id1"] } @@ -71,7 +74,8 @@ class MetaRules(Resource): "meta_rules": { "meta_rule_id1": { "name": "name of the meta rule", - "subject_categories": ["subject_category_id1", "subject_category_id2"], + "subject_categories": ["subject_category_id1", + "subject_category_id2"], "object_categories": ["object_category_id1"], "action_categories": ["action_category_id1"] }, @@ -80,11 +84,12 @@ class MetaRules(Resource): :internal_api: add_meta_rules """ try: - data = ModelManager.add_meta_rule(user_id=user_id, meta_rule_id=None, value=request.json) + data = ModelManager.add_meta_rule( + user_id=user_id, meta_rule_id=None, value=request.json) except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"meta_rules": data} @check_auth @@ -95,7 +100,8 @@ class MetaRules(Resource): :param user_id: user ID who do the request :request body: patch = { "name": "name of the meta rule", - "subject_categories": ["subject_category_id1", "subject_category_id2"], + "subject_categories": ["subject_category_id1", + "subject_category_id2"], "object_categories": ["object_category_id1"], "action_categories": ["action_category_id1"] } @@ -103,7 +109,8 @@ class MetaRules(Resource): "meta_rules": { "meta_rule_id1": { "name": "name of the meta rule", - "subject_categories": ["subject_category_id1", "subject_category_id2"], + "subject_categories": ["subject_category_id1", + "subject_category_id2"], "object_categories": ["object_category_id1"], "action_categories": ["action_category_id1"] }, @@ -112,11 +119,12 @@ class MetaRules(Resource): :internal_api: set_meta_rules """ try: - data = ModelManager.set_meta_rule(user_id=user_id, meta_rule_id=meta_rule_id, value=request.json) + data = ModelManager.set_meta_rule( + user_id=user_id, meta_rule_id=meta_rule_id, value=request.json) except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"meta_rules": data} @check_auth @@ -127,7 +135,8 @@ class MetaRules(Resource): :param user_id: user ID who do the request :request body: delete = { "name": "name of the meta rule", - "subject_categories": ["subject_category_id1", "subject_category_id2"], + "subject_categories": ["subject_category_id1", + "subject_category_id2"], "object_categories": ["object_category_id1"], "action_categories": ["action_category_id1"] } @@ -135,7 +144,8 @@ class MetaRules(Resource): "meta_rules": { "meta_rule_id1": { "name": "name of the meta rule", - "subject_categories": ["subject_category_id1", "subject_category_id2"], + "subject_categories": ["subject_category_id1", + "subject_category_id2"], "object_categories": ["object_category_id1"], "action_categories": ["action_category_id1"] }, @@ -144,10 +154,11 @@ class MetaRules(Resource): :internal_api: delete_meta_rules """ try: - data = ModelManager.delete_meta_rule(user_id=user_id, meta_rule_id=meta_rule_id) + data = ModelManager.delete_meta_rule( + user_id=user_id, meta_rule_id=meta_rule_id) except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"result": True} diff --git a/moonv4/moon_manager/moon_manager/api/models.py b/moonv4/moon_manager/moon_manager/api/models.py index cec899f5..0a050c7f 100644 --- a/moonv4/moon_manager/moon_manager/api/models.py +++ b/moonv4/moon_manager/moon_manager/api/models.py @@ -49,7 +49,7 @@ class Models(Resource): except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"models": data} @check_auth @@ -73,11 +73,12 @@ class Models(Resource): :internal_api: add_model """ try: - data = ModelManager.add_model(user_id=user_id, model_id=uuid, value=request.json) + data = ModelManager.add_model( + user_id=user_id, model_id=uuid, value=request.json) except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"models": data} @check_auth @@ -97,7 +98,7 @@ class Models(Resource): except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"result": True} @check_auth @@ -116,10 +117,11 @@ class Models(Resource): :internal_api: update_model """ try: - data = ModelManager.update_model(user_id=user_id, model_id=uuid, value=request.json) + data = ModelManager.update_model( + user_id=user_id, model_id=uuid, value=request.json) except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"models": data} diff --git a/moonv4/moon_manager/moon_manager/api/pdp.py b/moonv4/moon_manager/moon_manager/api/pdp.py index 15f4988f..ff996e4a 100644 --- a/moonv4/moon_manager/moon_manager/api/pdp.py +++ b/moonv4/moon_manager/moon_manager/api/pdp.py @@ -58,7 +58,7 @@ class PDP(Resource): except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"pdps": data} @check_auth @@ -84,11 +84,12 @@ class PDP(Resource): :internal_api: add_pdp """ try: - data = PDPManager.add_pdp(user_id=user_id, pdp_id=None, value=request.json) + data = PDPManager.add_pdp( + user_id=user_id, pdp_id=None, value=request.json) except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"pdps": data} @check_auth @@ -108,7 +109,7 @@ class PDP(Resource): except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"result": True} @check_auth @@ -128,11 +129,12 @@ class PDP(Resource): :internal_api: update_pdp """ try: - data = PDPManager.update_pdp(user_id=user_id, pdp_id=uuid, value=request.json) + data = PDPManager.update_pdp( + user_id=user_id, pdp_id=uuid, value=request.json) add_container(uuid=uuid, pipeline=data[uuid]['security_pipeline']) except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"pdps": data} diff --git a/moonv4/moon_manager/moon_manager/api/perimeter.py b/moonv4/moon_manager/moon_manager/api/perimeter.py index cc2c0561..2eb80652 100644 --- a/moonv4/moon_manager/moon_manager/api/perimeter.py +++ b/moonv4/moon_manager/moon_manager/api/perimeter.py @@ -3,8 +3,10 @@ # license which can be found in the file 'LICENSE' in this package distribution # or at 'http://www.apache.org/licenses/LICENSE-2.0'. """ -* Subjects are the source of an action on an object (examples : users, virtual machines) -* Objects are the destination of an action (examples virtual machines, virtual Routers) +* Subjects are the source of an action on an object + (examples : users, virtual machines) +* Objects are the destination of an action + (examples virtual machines, virtual Routers) * Actions are what subject wants to do on an object """ @@ -35,7 +37,8 @@ class Subjects(Resource): @check_auth def get(self, uuid=None, perimeter_id=None, user_id=None): - """Retrieve all subjects or a specific one if perimeter_id is given for a given policy + """Retrieve all subjects or a specific one if perimeter_id is + given for a given policy :param uuid: uuid of the policy :param perimeter_id: uuid of the subject @@ -58,7 +61,7 @@ class Subjects(Resource): except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"subjects": data} @check_auth @@ -87,18 +90,20 @@ class Subjects(Resource): """ try: if not perimeter_id: - data = PolicyManager.get_subjects(user_id=user_id, policy_id=None) + data = PolicyManager.get_subjects(user_id=user_id, + policy_id=None) if 'name' in request.json: for data_id, data_value in data.items(): if data_value['name'] == request.json['name']: perimeter_id = data_id break - data = PolicyManager.add_subject(user_id=user_id, policy_id=uuid, - perimeter_id=perimeter_id, value=request.json) + data = PolicyManager.add_subject( + user_id=user_id, policy_id=uuid, + perimeter_id=perimeter_id, value=request.json) except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"subjects": data} @check_auth @@ -127,18 +132,20 @@ class Subjects(Resource): """ try: if not perimeter_id: - data = PolicyManager.get_subjects(user_id=user_id, policy_id=None) + data = PolicyManager.get_subjects(user_id=user_id, + policy_id=None) if 'name' in request.json: for data_id, data_value in data.items(): if data_value['name'] == request.json['name']: perimeter_id = data_id break - data = PolicyManager.add_subject(user_id=user_id, policy_id=uuid, - perimeter_id=perimeter_id, value=request.json) + data = PolicyManager.add_subject( + user_id=user_id, policy_id=uuid, + perimeter_id=perimeter_id, value=request.json) except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"subjects": data} @check_auth @@ -160,11 +167,12 @@ class Subjects(Resource): :internal_api: delete_subject """ try: - data = PolicyManager.delete_subject(user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id) + data = PolicyManager.delete_subject( + user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id) except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"result": True} @@ -184,7 +192,8 @@ class Objects(Resource): @check_auth def get(self, uuid=None, perimeter_id=None, user_id=None): - """Retrieve all objects or a specific one if perimeter_id is given for a given policy + """Retrieve all objects or a specific one if perimeter_id is + given for a given policy :param uuid: uuid of the policy :param perimeter_id: uuid of the object @@ -206,7 +215,7 @@ class Objects(Resource): except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"objects": data} @check_auth @@ -235,12 +244,13 @@ class Objects(Resource): if data_value['name'] == request.json['name']: perimeter_id = data_id break - data = PolicyManager.add_object(user_id=user_id, policy_id=uuid, - perimeter_id=perimeter_id, value=request.json) + data = PolicyManager.add_object( + user_id=user_id, policy_id=uuid, + perimeter_id=perimeter_id, value=request.json) except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"objects": data} @check_auth @@ -269,12 +279,13 @@ class Objects(Resource): if data_value['name'] == request.json['name']: perimeter_id = data_id break - data = PolicyManager.add_object(user_id=user_id, policy_id=uuid, - perimeter_id=perimeter_id, value=request.json) + data = PolicyManager.add_object( + user_id=user_id, policy_id=uuid, + perimeter_id=perimeter_id, value=request.json) except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"objects": data} @check_auth @@ -293,11 +304,12 @@ class Objects(Resource): :internal_api: delete_object """ try: - data = PolicyManager.delete_object(user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id) + data = PolicyManager.delete_object( + user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id) except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"result": True} @@ -317,7 +329,8 @@ class Actions(Resource): @check_auth def get(self, uuid=None, perimeter_id=None, user_id=None): - """Retrieve all actions or a specific one if perimeter_id is given for a given policy + """Retrieve all actions or a specific one if perimeter_id + is given for a given policy :param uuid: uuid of the policy :param perimeter_id: uuid of the action @@ -331,11 +344,12 @@ class Actions(Resource): :internal_api: get_actions """ try: - data = PolicyManager.get_actions(user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id) + data = PolicyManager.get_actions( + user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id) except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"actions": data} @check_auth @@ -364,12 +378,13 @@ class Actions(Resource): if data_value['name'] == request.json['name']: perimeter_id = data_id break - data = PolicyManager.add_action(user_id=user_id, policy_id=uuid, - perimeter_id=perimeter_id, value=request.json) + data = PolicyManager.add_action( + user_id=user_id, policy_id=uuid, + perimeter_id=perimeter_id, value=request.json) except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"actions": data} @check_auth @@ -398,12 +413,13 @@ class Actions(Resource): if data_value['name'] == request.json['name']: perimeter_id = data_id break - data = PolicyManager.add_action(user_id=user_id, policy_id=uuid, - perimeter_id=perimeter_id, value=request.json) + data = PolicyManager.add_action( + user_id=user_id, policy_id=uuid, + perimeter_id=perimeter_id, value=request.json) except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"actions": data} @check_auth @@ -422,9 +438,10 @@ class Actions(Resource): :internal_api: delete_action """ try: - data = PolicyManager.delete_action(user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id) + data = PolicyManager.delete_action( + user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id) except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"result": True} diff --git a/moonv4/moon_manager/moon_manager/api/policies.py b/moonv4/moon_manager/moon_manager/api/policies.py index 737b988e..8ef11a0d 100644 --- a/moonv4/moon_manager/moon_manager/api/policies.py +++ b/moonv4/moon_manager/moon_manager/api/policies.py @@ -51,7 +51,7 @@ class Policies(Resource): except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"policies": data} @check_auth @@ -77,11 +77,12 @@ class Policies(Resource): :internal_api: add_policy """ try: - data = PolicyManager.add_policy(user_id=user_id, policy_id=uuid, value=request.json) + data = PolicyManager.add_policy( + user_id=user_id, policy_id=uuid, value=request.json) except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"policies": data} @check_auth @@ -101,7 +102,7 @@ class Policies(Resource): except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"result": True} @check_auth @@ -121,10 +122,11 @@ class Policies(Resource): :internal_api: update_policy """ try: - data = PolicyManager.update_policy(user_id=user_id, policy_id=uuid, value=request.json) + data = PolicyManager.update_policy( + user_id=user_id, policy_id=uuid, value=request.json) except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"policies": data} diff --git a/moonv4/moon_manager/moon_manager/api/rules.py b/moonv4/moon_manager/moon_manager/api/rules.py index 8b1cf635..f7771f1a 100644 --- a/moonv4/moon_manager/moon_manager/api/rules.py +++ b/moonv4/moon_manager/moon_manager/api/rules.py @@ -9,7 +9,6 @@ Rules (TODO) from flask import request from flask_restful import Resource from oslo_log import log as logging -from moon_utilities.security_functions import call from moon_utilities.security_functions import check_auth from moon_db.core import PolicyManager @@ -40,8 +39,10 @@ class Rules(Resource): "rules": [ "policy_id": "policy_id1", "meta_rule_id": "meta_rule_id1", - "rule_id1": ["subject_data_id1", "object_data_id1", "action_data_id1"], - "rule_id2": ["subject_data_id2", "object_data_id2", "action_data_id2"], + "rule_id1": + ["subject_data_id1", "object_data_id1", "action_data_id1"], + "rule_id2": + ["subject_data_id2", "object_data_id2", "action_data_id2"], ] } :internal_api: get_rules @@ -53,7 +54,7 @@ class Rules(Resource): except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"rules": data} @check_auth @@ -75,23 +76,31 @@ class Rules(Resource): "rules": [ "meta_rule_id": "meta_rule_id1", "rule_id1": { - "rule": ["subject_data_id1", "object_data_id1", "action_data_id1"], + "rule": ["subject_data_id1", + "object_data_id1", + "action_data_id1"], "instructions": ( - {"decision": "grant"}, # "grant" to immediately exit, - # "continue" to wait for the result of next policy - # "deny" to deny the request + {"decision": "grant"}, + # "grant" to immediately exit, + # "continue" to wait for the result of next policy + # "deny" to deny the request ) } "rule_id2": { - "rule": ["subject_data_id2", "object_data_id2", "action_data_id2"], + "rule": ["subject_data_id2", + "object_data_id2", + "action_data_id2"], "instructions": ( { "update": { - "operation": "add", # operations may be "add" or "delete" - "target": "rbac:role:admin" # add the role admin to the current user + "operation": "add", + # operations may be "add" or "delete" + "target": "rbac:role:admin" + # add the role admin to the current user } }, - {"chain": {"name": "rbac"}} # chain with the policy named rbac + {"chain": {"name": "rbac"}} + # chain with the policy named rbac ) } ] @@ -107,7 +116,7 @@ class Rules(Resource): except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"rules": data} @check_auth @@ -121,10 +130,11 @@ class Rules(Resource): :internal_api: delete_rule """ try: - data = PolicyManager.delete_rule(user_id=user_id, policy_id=uuid, rule_id=rule_id) + data = PolicyManager.delete_rule( + user_id=user_id, policy_id=uuid, rule_id=rule_id) except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e)} + "error": str(e)}, 500 return {"result": True} diff --git a/moonv4/moon_manager/moon_manager/http_server.py b/moonv4/moon_manager/moon_manager/http_server.py index a59921f0..dfaa23ae 100644 --- a/moonv4/moon_manager/moon_manager/http_server.py +++ b/moonv4/moon_manager/moon_manager/http_server.py @@ -18,7 +18,7 @@ from moon_manager.api.perimeter import Subjects, Objects, Actions from moon_manager.api.data import SubjectData, ObjectData, ActionData from moon_manager.api.assignments import SubjectAssignments, ObjectAssignments, ActionAssignments from moon_manager.api.rules import Rules -from moon_manager.api.containers import Container +# from moon_manager.api.containers import Container from moon_utilities import configuration, exceptions logger = logging.getLogger("moon.manager.http") @@ -73,7 +73,7 @@ __API__ = ( Subjects, Objects, Actions, SubjectAssignments, ObjectAssignments, ActionAssignments, SubjectData, ObjectData, ActionData, - Rules, Container, + Rules, #Container, Models, Policies, PDP ) |