aboutsummaryrefslogtreecommitdiffstats
path: root/external_policy_checker/external_policy_checker/server.py
diff options
context:
space:
mode:
Diffstat (limited to 'external_policy_checker/external_policy_checker/server.py')
-rw-r--r--external_policy_checker/external_policy_checker/server.py135
1 files changed, 0 insertions, 135 deletions
diff --git a/external_policy_checker/external_policy_checker/server.py b/external_policy_checker/external_policy_checker/server.py
deleted file mode 100644
index cbb4a933..00000000
--- a/external_policy_checker/external_policy_checker/server.py
+++ /dev/null
@@ -1,135 +0,0 @@
-# Copyright 2018 Orange
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-
-import sys
-import flask
-from flask import Flask
-from flask import request
-import json
-import logging
-import random
-
-logger = logging.getLogger(__name__)
-logging.basicConfig(level=logging.INFO)
-app = Flask(__name__)
-
-
-def test_target(data, result):
- if "resource_id" in data:
- result["resource_id"] = data['object_id']
- if "object_id" in data:
- result["resource_id"] = data['object_id']
- if 'project_id' in data:
- result["project_id"] = data['project_id']
- if 'user_id' in data:
- result["user_id"] = data['user_id']
-
-
-def test_credentials(data, result):
- if 'project_id' in data:
- result["project_id"] = data['project_id']
- if 'user_id' in data:
- result["user_id"] = data['user_id']
- if 'project_domain_id' in data:
- result["domain_id"] = data['project_domain_id']
-
-
-def test_rule(data, result):
- result['action_name'] = data
-
-
-def test_data():
- data = request.form
- result = {
- "user_id": "",
- "project_id": "",
- "action_name": "",
- "resource_id": "",
- "domain_id": "",
- }
- if not dict(request.form):
- data = json.loads(request.data.decode("utf-8"))
- try:
- target = json.loads(data.get('target', {}))
- except Exception:
- raise Exception("Error reading target")
- try:
- credentials = json.loads(data.get('credentials', {}))
- except Exception:
- raise Exception("Error reading credentials")
- try:
- rule = data.get('rule', "")
- except Exception:
- raise Exception("Error reading rule")
- test_target(target, result)
- test_credentials(credentials, result)
- test_rule(rule, result)
- return_value = True
- logger.info("Analysing request with {}".format(rule))
- for key in result:
- if not result[key] and key != "domain_id":
- return_value = False
- logger.error("Attribute {} is absent".format(key))
- if not result[key] and key == "domain_id":
- logger.warning("Attribute {} is missing.".format(key))
- return return_value
-
-
-@app.route("/policy_checker", methods=["POST"])
-def checker():
- information_is_complete = False
- try:
- information_is_complete = test_data()
- except Exception as e:
- logger.exception(e)
- if information_is_complete:
- response = flask.make_response("True")
- response.headers['content-type'] = 'application/octet-stream'
- return response
- else:
- response = flask.make_response("False")
- response.headers['content-type'] = 'application/octet-stream'
- return response, 403
-
-
-def get_target():
- data = request.form
- if not dict(request.form):
- data = json.loads(request.data.decode("utf-8"))
- try:
- return json.loads(data.get('target', {}))
- except Exception:
- raise Exception("Error reading target")
-
-
-@app.route("/authz/grant", methods=["POST"])
-def wrapper_grant():
- logger.info("Requesting wrapper authz with {}".format(get_target()))
- response = flask.make_response("True")
- response.headers['content-type'] = 'application/octet-stream'
- return response
-
-
-@app.route("/authz/deny", methods=["POST"])
-def wrapper_deny():
- logger.info("Requesting wrapper authz with {}".format(get_target()))
- response = flask.make_response("False")
- response.headers['content-type'] = 'application/octet-stream'
- return response, 403
-
-
-def main():
- port = 8080
- if len(sys.argv) > 1:
- try:
- port = int(sys.argv[1])
- except ValueError:
- logger.error("Argument for Port in command line is not an integer")
- sys.exit(1)
- app.run(host="0.0.0.0", port=port)
-
-
-if __name__ == "__main__":
- main()