aboutsummaryrefslogtreecommitdiffstats
path: root/moon_manager/moon_manager/api
diff options
context:
space:
mode:
Diffstat (limited to 'moon_manager/moon_manager/api')
-rw-r--r--moon_manager/moon_manager/api/assignments.py149
-rw-r--r--moon_manager/moon_manager/api/data.py124
-rw-r--r--moon_manager/moon_manager/api/json_import.py88
-rw-r--r--moon_manager/moon_manager/api/meta_data.py101
-rw-r--r--moon_manager/moon_manager/api/meta_rules.py51
-rw-r--r--moon_manager/moon_manager/api/models.py45
-rw-r--r--moon_manager/moon_manager/api/pdp.py83
-rw-r--r--moon_manager/moon_manager/api/perimeter.py254
-rw-r--r--moon_manager/moon_manager/api/policies.py50
-rw-r--r--moon_manager/moon_manager/api/rules.py37
-rw-r--r--moon_manager/moon_manager/api/slaves.py12
11 files changed, 397 insertions, 597 deletions
diff --git a/moon_manager/moon_manager/api/assignments.py b/moon_manager/moon_manager/api/assignments.py
index a1d10ccb..426789e6 100644
--- a/moon_manager/moon_manager/api/assignments.py
+++ b/moon_manager/moon_manager/api/assignments.py
@@ -53,17 +53,14 @@ class SubjectAssignments(Resource):
}
:internal_api: get_subject_assignments
"""
- try:
- data = PolicyManager.get_subject_assignments(
- user_id=user_id, policy_id=uuid,
- subject_id=perimeter_id, category_id=category_id)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+
+ data = PolicyManager.get_subject_assignments(
+ user_id=user_id, policy_id=uuid,
+ subject_id=perimeter_id, category_id=category_id)
+
return {"subject_assignments": data}
- @validate_input("post", kwargs_state=[True, False, False, False, False], body_state=[True, True, True])
+ @validate_input("post", kwargs_state=[True, False, False, False, False], body_state={"id":True, "category_id":True, "data_id":True})
@check_auth
def post(self, uuid, perimeter_id=None, category_id=None,
data_id=None, user_id=None):
@@ -89,18 +86,13 @@ class SubjectAssignments(Resource):
}
:internal_api: update_subject_assignment
"""
- try:
- data_id = request.json.get("data_id")
- category_id = request.json.get("category_id")
- perimeter_id = request.json.get("id")
- data = PolicyManager.add_subject_assignment(
- user_id=user_id, policy_id=uuid,
- subject_id=perimeter_id, category_id=category_id,
- data_id=data_id)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+ data_id = request.json.get("data_id")
+ category_id = request.json.get("category_id")
+ perimeter_id = request.json.get("id")
+ data = PolicyManager.add_subject_assignment(
+ user_id=user_id, policy_id=uuid,
+ subject_id=perimeter_id, category_id=category_id,
+ data_id=data_id)
return {"subject_assignments": data}
@validate_input("delete", kwargs_state=[True, True, True, True, False])
@@ -120,15 +112,12 @@ class SubjectAssignments(Resource):
}
:internal_api: delete_subject_assignment
"""
- try:
- data = PolicyManager.delete_subject_assignment(
- user_id=user_id, policy_id=uuid,
- subject_id=perimeter_id, category_id=category_id,
- data_id=data_id)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+
+ data = PolicyManager.delete_subject_assignment(
+ user_id=user_id, policy_id=uuid,
+ subject_id=perimeter_id, category_id=category_id,
+ data_id=data_id)
+
return {"result": True}
@@ -166,17 +155,14 @@ class ObjectAssignments(Resource):
}
:internal_api: get_object_assignments
"""
- try:
- data = PolicyManager.get_object_assignments(
- user_id=user_id, policy_id=uuid,
- object_id=perimeter_id, category_id=category_id)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+
+ data = PolicyManager.get_object_assignments(
+ user_id=user_id, policy_id=uuid,
+ object_id=perimeter_id, category_id=category_id)
+
return {"object_assignments": data}
- @validate_input("post", kwargs_state=[True, False, False, False, False], body_state=[True, True, True])
+ @validate_input("post", kwargs_state=[True, False, False, False, False], body_state={"id":True, "category_id":True, "data_id":True})
@check_auth
def post(self, uuid, perimeter_id=None, category_id=None,
data_id=None, user_id=None):
@@ -202,18 +188,15 @@ class ObjectAssignments(Resource):
}
:internal_api: update_object_assignment
"""
- try:
- data_id = request.json.get("data_id")
- category_id = request.json.get("category_id")
- perimeter_id = request.json.get("id")
- data = PolicyManager.add_object_assignment(
- user_id=user_id, policy_id=uuid,
- object_id=perimeter_id, category_id=category_id,
- data_id=data_id)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+
+ data_id = request.json.get("data_id")
+ category_id = request.json.get("category_id")
+ perimeter_id = request.json.get("id")
+ data = PolicyManager.add_object_assignment(
+ user_id=user_id, policy_id=uuid,
+ object_id=perimeter_id, category_id=category_id,
+ data_id=data_id)
+
return {"object_assignments": data}
@validate_input("delete", kwargs_state=[True, True, True, True, False])
@@ -233,15 +216,11 @@ class ObjectAssignments(Resource):
}
:internal_api: delete_object_assignment
"""
- try:
- data = PolicyManager.delete_object_assignment(
- user_id=user_id, policy_id=uuid,
- object_id=perimeter_id, category_id=category_id,
- data_id=data_id)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+ data = PolicyManager.delete_object_assignment(
+ user_id=user_id, policy_id=uuid,
+ object_id=perimeter_id, category_id=category_id,
+ data_id=data_id)
+
return {"result": True}
@@ -279,17 +258,13 @@ class ActionAssignments(Resource):
}
:internal_api: get_action_assignments
"""
- try:
- data = PolicyManager.get_action_assignments(
- user_id=user_id, policy_id=uuid,
- action_id=perimeter_id, category_id=category_id)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+ data = PolicyManager.get_action_assignments(
+ user_id=user_id, policy_id=uuid,
+ action_id=perimeter_id, category_id=category_id)
+
return {"action_assignments": data}
- @validate_input("post", kwargs_state=[True, False, False, False, False], body_state=[True, True, True])
+ @validate_input("post", kwargs_state=[True, False, False, False, False], body_state={"id":True, "category_id":True, "data_id":True})
@check_auth
def post(self, uuid, perimeter_id=None, category_id=None,
data_id=None, user_id=None):
@@ -315,18 +290,15 @@ class ActionAssignments(Resource):
}
:internal_api: update_action_assignment
"""
- try:
- data_id = request.json.get("data_id")
- category_id = request.json.get("category_id")
- perimeter_id = request.json.get("id")
- data = PolicyManager.add_action_assignment(
- user_id=user_id, policy_id=uuid,
- action_id=perimeter_id, category_id=category_id,
- data_id=data_id)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+
+ data_id = request.json.get("data_id")
+ category_id = request.json.get("category_id")
+ perimeter_id = request.json.get("id")
+ data = PolicyManager.add_action_assignment(
+ user_id=user_id, policy_id=uuid,
+ action_id=perimeter_id, category_id=category_id,
+ data_id=data_id)
+
return {"action_assignments": data}
@validate_input("delete", kwargs_state=[True, True, True, True, False])
@@ -346,13 +318,10 @@ class ActionAssignments(Resource):
}
:internal_api: delete_action_assignment
"""
- try:
- data = PolicyManager.delete_action_assignment(
- user_id=user_id, policy_id=uuid,
- action_id=perimeter_id, category_id=category_id,
- data_id=data_id)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+
+ data = PolicyManager.delete_action_assignment(
+ user_id=user_id, policy_id=uuid,
+ action_id=perimeter_id, category_id=category_id,
+ data_id=data_id)
+
return {"result": True}
diff --git a/moon_manager/moon_manager/api/data.py b/moon_manager/moon_manager/api/data.py
index 4b22f9dc..d887ac2b 100644
--- a/moon_manager/moon_manager/api/data.py
+++ b/moon_manager/moon_manager/api/data.py
@@ -54,18 +54,16 @@ class SubjectData(Resource):
}]
:internal_api: get_subject_data
"""
- try:
- data = PolicyManager.get_subject_data(user_id=user_id,
- policy_id=uuid,
- category_id=category_id,
- data_id=data_id)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+ logger.info("api.get {} {} {}".format(uuid, category_id, data_id))
+ data = PolicyManager.get_subject_data(user_id=user_id,
+ policy_id=uuid,
+ category_id=category_id,
+ data_id=data_id)
+ logger.info("api.get data = {}".format(data))
+
return {"subject_data": data}
- @validate_input("post", kwargs_state=[True, True, False, False], body_state=[True, False])
+ @validate_input("post", kwargs_state=[True, True, False, False], body_state={"name":True})
@check_auth
def post(self, uuid, category_id=None, data_id=None, user_id=None):
"""Create or update a subject.
@@ -90,15 +88,11 @@ class SubjectData(Resource):
}
:internal_api: add_subject_data
"""
- try:
- data = PolicyManager.set_subject_data(user_id=user_id,
- policy_id=uuid,
+ data = PolicyManager.set_subject_data(user_id=user_id,
+ policy_id=uuid,
category_id=category_id,
value=request.json)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+
return {"subject_data": data}
@validate_input("delete", kwargs_state=[True, False, False, False])
@@ -116,14 +110,11 @@ class SubjectData(Resource):
}]
:internal_api: delete_subject_data
"""
- try:
- data = PolicyManager.delete_subject_data(user_id=user_id,
- policy_id=uuid,
- data_id=data_id)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+ logger.info("api.delete {} {}".format(uuid, data_id))
+ data = PolicyManager.delete_subject_data(user_id=user_id,
+ policy_id=uuid,
+ data_id=data_id)
+
return {"result": True}
@@ -162,18 +153,14 @@ class ObjectData(Resource):
}]
:internal_api: get_object_data
"""
- try:
- data = PolicyManager.get_object_data(user_id=user_id,
- policy_id=uuid,
- category_id=category_id,
- data_id=data_id)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+ data = PolicyManager.get_object_data(user_id=user_id,
+ policy_id=uuid,
+ category_id=category_id,
+ data_id=data_id)
+
return {"object_data": data}
- @validate_input("post", kwargs_state=[True, True, False, False], body_state=[True, False])
+ @validate_input("post", kwargs_state=[True, True, False, False], body_state={"name":True})
@check_auth
def post(self, uuid, category_id=None, data_id=None, user_id=None):
"""Create or update a object.
@@ -198,15 +185,11 @@ class ObjectData(Resource):
}
:internal_api: add_object_data
"""
- try:
- data = PolicyManager.add_object_data(user_id=user_id,
- policy_id=uuid,
- category_id=category_id,
- value=request.json)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+ data = PolicyManager.add_object_data(user_id=user_id,
+ policy_id=uuid,
+ category_id=category_id,
+ value=request.json)
+
return {"object_data": data}
@validate_input("delete", kwargs_state=[True, False, False, False])
@@ -224,14 +207,10 @@ class ObjectData(Resource):
}
:internal_api: delete_object_data
"""
- try:
- data = PolicyManager.delete_object_data(user_id=user_id,
- policy_id=uuid,
- data_id=data_id)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+ data = PolicyManager.delete_object_data(user_id=user_id,
+ policy_id=uuid,
+ data_id=data_id)
+
return {"result": True}
@@ -270,18 +249,14 @@ class ActionData(Resource):
}]
:internal_api: get_action_data
"""
- try:
- data = PolicyManager.get_action_data(user_id=user_id,
- policy_id=uuid,
- category_id=category_id,
- data_id=data_id)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+ data = PolicyManager.get_action_data(user_id=user_id,
+ policy_id=uuid,
+ category_id=category_id,
+ data_id=data_id)
+
return {"action_data": data}
- @validate_input("post", kwargs_state=[True, True, False, False], body_state=[True, False])
+ @validate_input("post", kwargs_state=[True, True, False, False], body_state={"name":True})
@check_auth
def post(self, uuid, category_id=None, data_id=None, user_id=None):
"""Create or update a action.
@@ -306,15 +281,10 @@ class ActionData(Resource):
}
:internal_api: add_action_data
"""
- try:
- data = PolicyManager.add_action_data(user_id=user_id,
- policy_id=uuid,
- category_id=category_id,
- value=request.json)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+ data = PolicyManager.add_action_data(user_id=user_id,
+ policy_id=uuid,
+ category_id=category_id,
+ value=request.json)
return {"action_data": data}
@validate_input("delete", kwargs_state=[True, False, False, False])
@@ -332,14 +302,10 @@ class ActionData(Resource):
}
:internal_api: delete_action_data
"""
- try:
- data = PolicyManager.delete_action_data(user_id=user_id,
- policy_id=uuid,
- data_id=data_id)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+ data = PolicyManager.delete_action_data(user_id=user_id,
+ policy_id=uuid,
+ data_id=data_id)
+
return {"result": True}
diff --git a/moon_manager/moon_manager/api/json_import.py b/moon_manager/moon_manager/api/json_import.py
index ae9a21d0..e57a27c1 100644
--- a/moon_manager/moon_manager/api/json_import.py
+++ b/moon_manager/moon_manager/api/json_import.py
@@ -81,17 +81,15 @@ class JsonImport(Resource):
def _reorder_rules_ids(self, rule, ordered_perimeter_categories_ids, json_data_ids, policy_id, get_function):
ordered_json_ids = [None]*len(ordered_perimeter_categories_ids)
- logger.info("ordered_json_ids {}".format(ordered_json_ids))
- logger.info("json_data_ids {}".format(json_data_ids))
for json_id in json_data_ids:
- logger.info("json_id {}".format(json_id))
data = get_function(self._user_id, policy_id, data_id=json_id)
data = data[0]
- logger.info("data {}".format(data))
if data["category_id"] not in ordered_perimeter_categories_ids:
- raise InvalidJson("The category id {} of the rule {} does not match the meta rule".format(data["category_id"], rule))
+ raise InvalidJson("The category id {} of the rule {} does not match the meta rule".format(
+ data["category_id"], rule))
if ordered_json_ids[ordered_perimeter_categories_ids.index(data["category_id"])] is not None:
- raise InvalidJson("The category id {} of the rule {} shall not be used twice in the same rule".format(data["category_id"], rule))
+ raise InvalidJson("The category id {} of the rule {} shall not be used twice in the same rule".format(
+ data["category_id"], rule))
ordered_json_ids[ordered_perimeter_categories_ids.index(data["category_id"])] = json_id
logger.info(ordered_json_ids)
return ordered_json_ids
@@ -106,7 +104,8 @@ class JsonImport(Resource):
JsonUtils.copy_field_if_exists(json_rule, json_to_use, "enabled", bool, default_value=True)
json_ids = dict()
- JsonUtils.convert_name_to_id(json_rule, json_ids, "policy", "policy_id", "policy", PolicyManager, self._user_id)
+ JsonUtils.convert_name_to_id(json_rule, json_ids, "policy", "policy_id", "policy",
+ PolicyManager, self._user_id)
JsonUtils.convert_name_to_id(json_rule, json_to_use, "meta_rule", "meta_rule_id", "meta_rule", ModelManager, self._user_id)
json_subject_ids = dict()
json_object_ids = dict()
@@ -124,7 +123,7 @@ class JsonImport(Resource):
json_to_use_rule = json_to_use_rule + self._reorder_rules_ids(json_rule, meta_rule["action_categories"], json_action_ids["action"], json_ids["policy_id"], PolicyManager.get_action_data)
json_to_use["rule"] = json_to_use_rule
try:
- logger.info("Adding / updating a rule from json {}".format(json_to_use))
+ logger.debug("Adding / updating a rule from json {}".format(json_to_use))
PolicyManager.add_rule(self._user_id, json_ids["policy_id"], json_to_use["meta_rule_id"], json_to_use)
except exceptions.RuleExisting:
pass
@@ -135,15 +134,14 @@ class JsonImport(Resource):
logger.info("Input meta rules : {}".format(json_meta_rules))
for json_meta_rule in json_meta_rules:
json_to_use = dict()
- logger.info("Input meta rule : {}".format(json_meta_rule))
JsonUtils.copy_field_if_exists(json_meta_rule, json_to_use, "name", str)
JsonUtils.copy_field_if_exists(json_meta_rule, json_to_use, "description", str)
JsonUtils.convert_names_to_ids(json_meta_rule, json_to_use, "subject_categories", "subject_categories", "subject_category", ModelManager, self._user_id)
JsonUtils.convert_names_to_ids(json_meta_rule, json_to_use, "object_categories", "object_categories", "object_category", ModelManager, self._user_id)
JsonUtils.convert_names_to_ids(json_meta_rule, json_to_use, "action_categories", "action_categories", "action_category", ModelManager, self._user_id)
- logger.info("Adding / updating a metarule from json {}".format(json_meta_rule))
+ logger.debug("Adding / updating a metarule from json {}".format(json_meta_rule))
meta_rule = ModelManager.add_meta_rule(self._user_id, meta_rule_id=None, value=json_to_use)
- logger.info("Added / updated meta rule : {}".format(meta_rule))
+ logger.debug("Added / updated meta rule : {}".format(meta_rule))
def _import_subject_object_action_assignments(self, json_item_assignments, type_element):
import_method = getattr(PolicyManager, 'add_' + type_element + '_assignment')
@@ -178,14 +176,18 @@ class JsonImport(Resource):
# find the policy related to the current data
data = get_method(self._user_id, policy_id, data_id, json_assignment["category_id"])
if data is not None and len(data) == 1:
- logger.info("Adding / updating a {} assignment from json {}".format(type_element, json_assignment))
- import_method(self._user_id, policy_id, json_assignment["id"], json_assignment["category_id"], data_id)
+ logger.debug("Adding / updating a {} assignment from json {}".format(type_element,
+ json_assignment))
+ import_method(self._user_id, policy_id, json_assignment["id"], json_assignment["category_id"],
+ data_id)
else:
raise UnknownData("Unknown data with id {}".format(data_id))
# case the data has not been found in any policies
if has_found_data is False:
- raise InvalidJson("The json contains unknown {} data or category : {}".format(type_element,json_item_assignment))
+ raise InvalidJson("The json contains unknown {} data or category : {}".format(
+ type_element,
+ json_item_assignment))
def _import_subject_object_action_datas(self, json_items_data, mandatory_policy_ids, type_element):
if type_element == "subject":
@@ -201,7 +203,6 @@ class JsonImport(Resource):
item_override = JsonUtils.get_override(json_items_data)
if item_override is True:
raise ForbiddenOverride("{} datas do not support override flag !".format(type_element))
- logger.info("json_item_data {}".format(json_item_data))
json_to_use = dict()
JsonUtils.copy_field_if_exists(json_item_data, json_to_use, "name", str)
JsonUtils.copy_field_if_exists(json_item_data, json_to_use, "description", str)
@@ -209,11 +210,9 @@ class JsonImport(Resource):
# field_mandatory : not mandatory if there is some mandatory policies
JsonUtils.convert_names_to_ids(json_item_data, json_policy, "policies", "policy_id", "policy",
PolicyManager, self._user_id, field_mandatory=len(mandatory_policy_ids) == 0)
- logger.info("json_policy {}".format(json_policy))
json_category = dict()
JsonUtils.convert_name_to_id(json_item_data, json_category, "category", "category_id", type_element+"_category",
ModelManager, self._user_id)
- logger.info("json_category {}".format(json_category))
policy_ids = []
if "policy_id" in json_policy:
policy_ids = json_policy["policy_id"]
@@ -232,15 +231,12 @@ class JsonImport(Resource):
for policy_id in mandatory_policy_ids:
try:
- # existing_datas = get_method(self._user_id, policy_id,category_id=category_id)
- # logger.info(existing_datas)
- logger.info("Adding / updating a {} data with policy id {} and category id {} from json {}".format(type_element, policy_id, category_id, json_to_use))
data = import_method(self._user_id, policy_id, category_id=category_id, value=json_to_use)
- logger.info("Added / updated {} data : {}".format(type_element, data))
except exceptions.PolicyUnknown:
raise UnknownPolicy("Unknown policy with id {}".format(policy_id))
except Exception as e:
- raise BaseException(str(e))
+ logger.exception(str(e))
+ raise e
def _import_subject_object_action_categories(self, json_item_categories, type_element):
import_method = getattr(ModelManager, 'add_' + type_element + '_category')
@@ -267,14 +263,13 @@ class JsonImport(Resource):
raise ForbiddenOverride("{} categories do not support override flag !".format(type_element))
try:
- logger.info("Adding a {} category from json {}".format(type_element, json_to_use))
category = import_method(self._user_id, existing_id, json_to_use)
- logger.info("Added category {}".format(category))
except (exceptions.SubjectCategoryExisting, exceptions.ObjectCategoryExisting, exceptions.ActionCategoryExisting):
# it already exists: do nothing
- logger.info("Ignored {} category with name {} is already in the database".format(type_element, json_to_use["name"]))
+ logger.warning("Ignored {} category with name {} is already in the database".format(type_element, json_to_use["name"]))
except Exception as e:
- logger.info("Error while importing the category : {}".format(str(e)))
+ logger.warning("Error while importing the category : {}".format(str(e)))
+ logger.exception(str(e))
raise e
def _import_subject_object_action(self, json_items, mandatory_policy_ids, type_element):
@@ -302,7 +297,7 @@ class JsonImport(Resource):
raise ForbiddenOverride("{} does not support override flag !".format(type_element))
if len(policy_ids) == 0:
- raise MissingPolicy("a {} needs at least one policy to be created or updated : {}".format(type_element, json.dumps(json_item)))
+ raise MissingPolicy("a {} needs at least one policy to be created or updated : {}".format(type_element, json.dumps(json_item)))
for policy_id in policy_ids:
try:
@@ -312,16 +307,13 @@ class JsonImport(Resource):
if items_in_db[key_in_db]["name"] == json_without_policy_name["name"]:
key = key_in_db
break
- if key is None:
- logger.info("Adding a {} from json {} to the policy with id {}".format(type_element, json_without_policy_name, policy_id))
- else:
- logger.info("Updating a {} from json {} to the policy with id {}".format(type_element, json_without_policy_name, policy_id))
element = import_method(self._user_id, policy_id, perimeter_id=key, value=json_without_policy_name)
- logger.info("Added / updated {} : {}".format(type_element, element))
+ logger.debug("Added / updated {} : {}".format(type_element, element))
except exceptions.PolicyUnknown:
raise UnknownPolicy("Unknown policy when adding a {}!".format(type_element))
except Exception as e:
+ logger.exception(str(e))
raise BaseException(str(e))
def _import_policies(self, json_policies):
@@ -335,7 +327,7 @@ class JsonImport(Resource):
# policy_in_db = PolicyManager.get_policies_by_name(json_without_model_name["name"])
policies = PolicyManager.get_policies(self._user_id)
policy_in_db = None
- logger.info(policies)
+ policy_id = None
for policy_key in policies:
if policies[policy_key]["name"] == json_policy["name"]:
policy_in_db = policies[policy_key]
@@ -350,9 +342,10 @@ class JsonImport(Resource):
policy_mandatory = JsonUtils.get_mandatory(json_policy)
if policy_override is False and policy_does_exist:
- policy_mandatory_ids.append(policy_id)
- logger.warning("Existing policy not updated because of the override option is not set !")
- continue
+ if policy_id:
+ policy_mandatory_ids.append(policy_id)
+ logger.warning("Existing policy not updated because of the override option is not set !")
+ continue
json_without_model_name = dict()
JsonUtils.copy_field_if_exists(json_policy, json_without_model_name, "name", str)
@@ -361,16 +354,14 @@ class JsonImport(Resource):
JsonUtils.convert_name_to_id(json_policy, json_without_model_name, "model", "model_id", "model", ModelManager, self._user_id, field_mandatory=False)
if not policy_does_exist:
- logger.info("Creating policy {} ".format(json_without_model_name))
+ logger.debug("Creating policy {} ".format(json_without_model_name))
added_policy = PolicyManager.add_policy(self._user_id, None, json_without_model_name)
- logger.info("Added policy {}".format(added_policy))
if policy_mandatory is True:
keys = list(added_policy.keys())
policy_mandatory_ids.append(keys[0])
elif policy_override is True:
- logger.info("Updating policy {} ".format(json_without_model_name))
+ logger.debug("Updating policy {} ".format(json_without_model_name))
updated_policy = PolicyManager.update_policy(self._user_id, policy_id, json_without_model_name)
- logger.info("Updated policy {}".format(updated_policy))
if policy_mandatory is True:
policy_mandatory_ids.append(policy_id)
return policy_mandatory_ids
@@ -380,7 +371,7 @@ class JsonImport(Resource):
raise InvalidJson("models shall be a list!")
for json_model in json_models:
- logger.info("json_model {}".format(json_model))
+ logger.debug("json_model {}".format(json_model))
models = ModelManager.get_models(self._user_id)
model_in_db = None
model_id = None
@@ -389,19 +380,16 @@ class JsonImport(Resource):
model_in_db = models[model_key]
model_id = model_key
- logger.info("model in db".format(model_in_db))
# this should not occur as the model has been put in db previously in _import_models_without_new_meta_rules
if model_in_db is None:
- raise UnknownModel("Unknwon model ")
+ raise UnknownModel("Unknown model ")
json_key = dict()
JsonUtils.convert_names_to_ids(json_model, json_key, "meta_rules", "meta_rule_id", "meta_rule", ModelManager, self._user_id)
- logger.info("json_key {}".format(json_key))
for meta_rule_id in json_key["meta_rule_id"]:
if meta_rule_id not in model_in_db["meta_rules"]:
model_in_db["meta_rules"].append(meta_rule_id)
- logger.info("Updating model with id {} : {} ".format(model_id, model_in_db))
ModelManager.update_model(self._user_id, model_id, model_in_db)
def _import_models_without_new_meta_rules(self, json_models):
@@ -426,16 +414,14 @@ class JsonImport(Resource):
if model_in_db is None:
model_does_exist = False
else:
- logger.info("model_in_db {}".format(model_in_db))
- # JsonUtils.convert_names_to_ids(model_in_db, json_without_new_metarules, "meta_rules", "meta_rule_id", "meta_rule", ModelManager, self._user_id)
json_without_new_metarules["meta_rule_id"] = model_in_db["meta_rules"]
model_does_exist = True
model_override = JsonUtils.get_override(json_model)
if not model_does_exist:
- logger.info("Creating model {} ".format(json_without_new_metarules))
+ logger.debug("Creating model {} ".format(json_without_new_metarules))
ModelManager.add_model(self._user_id, None, json_without_new_metarules)
elif model_override is True:
- logger.info("Updating model with id {} : {} ".format(model_id, json_without_new_metarules))
+ logger.debug("Updating model with id {} : {} ".format(model_id, json_without_new_metarules))
ModelManager.update_model(self._user_id, model_id, json_without_new_metarules)
def _import_pdps(self, json_pdps):
@@ -462,11 +448,11 @@ class JsonImport(Resource):
self._user_id = user_id
if 'file' in request.files:
file = request.files['file']
- logger.info("Importing {} file...".format(file))
+ logger.debug("Importing {} file...".format(file))
json_content = json.load(file)
else:
json_content = request.json
- logger.info("Importing content: {} ...".format(json_content))
+ logger.debug("Importing content: {} ...".format(json_content))
# first import the models without the meta rules as they are not yet defined
if "models" in json_content:
diff --git a/moon_manager/moon_manager/api/meta_data.py b/moon_manager/moon_manager/api/meta_data.py
index f3b22d29..62ca050f 100644
--- a/moon_manager/moon_manager/api/meta_data.py
+++ b/moon_manager/moon_manager/api/meta_data.py
@@ -45,16 +45,12 @@ class SubjectCategories(Resource):
}
:internal_api: get_subject_categories
"""
- try:
- data = ModelManager.get_subject_categories(
- user_id=user_id, category_id=category_id)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+ data = ModelManager.get_subject_categories(
+ user_id=user_id, category_id=category_id)
+
return {"subject_categories": data}
- @validate_input("post",body_state=[True,False])
+ @validate_input("post",body_state={"name":True})
@check_auth
def post(self, category_id=None, user_id=None):
"""Create or update a subject category.
@@ -73,13 +69,9 @@ class SubjectCategories(Resource):
}
:internal_api: add_subject_category
"""
- try:
- data = ModelManager.add_subject_category(
- user_id=user_id, value=request.json)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+ data = ModelManager.add_subject_category(
+ user_id=user_id, value=request.json)
+
return {"subject_categories": data}
@validate_input("delete",kwargs_state=[True,False])
@@ -95,13 +87,10 @@ class SubjectCategories(Resource):
}
:internal_api: delete_subject_category
"""
- try:
- data = ModelManager.delete_subject_category(
- user_id=user_id, category_id=category_id)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+
+ data = ModelManager.delete_subject_category(
+ user_id=user_id, category_id=category_id)
+
return {"result": True}
@@ -131,16 +120,12 @@ class ObjectCategories(Resource):
}
:internal_api: get_object_categories
"""
- try:
- data = ModelManager.get_object_categories(
- user_id=user_id, category_id=category_id)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+ data = ModelManager.get_object_categories(
+ user_id=user_id, category_id=category_id)
+
return {"object_categories": data}
- @validate_input("post", body_state=[True, False])
+ @validate_input("post", body_state={"name":True})
@check_auth
def post(self, category_id=None, user_id=None):
"""Create or update a object category.
@@ -159,13 +144,10 @@ class ObjectCategories(Resource):
}
:internal_api: add_object_category
"""
- try:
- data = ModelManager.add_object_category(
- user_id=user_id, value=request.json)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+
+ data = ModelManager.add_object_category(
+ user_id=user_id, value=request.json)
+
return {"object_categories": data}
@validate_input("delete", kwargs_state=[True, False])
@@ -181,13 +163,10 @@ class ObjectCategories(Resource):
}
:internal_api: delete_object_category
"""
- try:
- data = ModelManager.delete_object_category(
- user_id=user_id, category_id=category_id)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+
+ data = ModelManager.delete_object_category(
+ user_id=user_id, category_id=category_id)
+
return {"result": True}
@@ -217,16 +196,13 @@ class ActionCategories(Resource):
}
:internal_api: get_action_categories
"""
- try:
- data = ModelManager.get_action_categories(
- user_id=user_id, category_id=category_id)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+
+ data = ModelManager.get_action_categories(
+ user_id=user_id, category_id=category_id)
+
return {"action_categories": data}
- @validate_input("post", body_state=[True, False])
+ @validate_input("post", body_state={"name":True})
@check_auth
def post(self, category_id=None, user_id=None):
"""Create or update an action category.
@@ -245,13 +221,10 @@ class ActionCategories(Resource):
}
:internal_api: add_action_category
"""
- try:
- data = ModelManager.add_action_category(
- user_id=user_id, value=request.json)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+
+ data = ModelManager.add_action_category(
+ user_id=user_id, value=request.json)
+
return {"action_categories": data}
@validate_input("delete", kwargs_state=[True, False])
@@ -267,11 +240,7 @@ class ActionCategories(Resource):
}
:internal_api: delete_action_category
"""
- try:
- data = ModelManager.delete_action_category(
- user_id=user_id, category_id=category_id)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+ data = ModelManager.delete_action_category(
+ user_id=user_id, category_id=category_id)
+
return {"result": True}
diff --git a/moon_manager/moon_manager/api/meta_rules.py b/moon_manager/moon_manager/api/meta_rules.py
index afc11eba..3dc9996b 100644
--- a/moon_manager/moon_manager/api/meta_rules.py
+++ b/moon_manager/moon_manager/api/meta_rules.py
@@ -51,16 +51,13 @@ class MetaRules(Resource):
}
:internal_api: get_meta_rules
"""
- try:
- data = ModelManager.get_meta_rules(
- user_id=user_id, meta_rule_id=meta_rule_id)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+
+ data = ModelManager.get_meta_rules(
+ user_id=user_id, meta_rule_id=meta_rule_id)
+
return {"meta_rules": data}
- @validate_input("post", body_state=[True, True, True, True])
+ @validate_input("post", body_state={"name":True, "subject_categories":True, "object_categories":True, "action_categories":True})
@check_auth
def post(self, meta_rule_id=None, user_id=None):
"""Add a meta rule
@@ -87,18 +84,15 @@ class MetaRules(Resource):
}
:internal_api: add_meta_rules
"""
- try:
- data = ModelManager.add_meta_rule(
- user_id=user_id, meta_rule_id=None, value=request.json)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+
+ data = ModelManager.add_meta_rule(
+ user_id=user_id, meta_rule_id=None, value=request.json)
+
return {"meta_rules": data}
- @validate_input("patch", kwargs_state=[True, False], body_state=[True, True, True, True])
+ @validate_input("patch", kwargs_state=[True, False], body_state={"name":True, "subject_categories":True, "object_categories":True, "action_categories":True})
@check_auth
- def patch(self, meta_rule_id, user_id=None):
+ def patch(self, meta_rule_id=None, user_id=None):
"""Update a meta rule
:param meta_rule_id: Meta rule ID
@@ -123,18 +117,14 @@ class MetaRules(Resource):
}
:internal_api: set_meta_rules
"""
- try:
- data = ModelManager.set_meta_rule(
- user_id=user_id, meta_rule_id=meta_rule_id, value=request.json)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+ data = ModelManager.set_meta_rule(
+ user_id=user_id, meta_rule_id=meta_rule_id, value=request.json)
+
return {"meta_rules": data}
@validate_input("delete", kwargs_state=[True, False])
@check_auth
- def delete(self, meta_rule_id, user_id=None):
+ def delete(self, meta_rule_id=None, user_id=None):
"""Delete a meta rule
:param meta_rule_id: Meta rule ID
@@ -152,12 +142,9 @@ class MetaRules(Resource):
}
:internal_api: delete_meta_rules
"""
- try:
- data = ModelManager.delete_meta_rule(
- user_id=user_id, meta_rule_id=meta_rule_id)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+
+ data = ModelManager.delete_meta_rule(
+ user_id=user_id, meta_rule_id=meta_rule_id)
+
return {"result": True}
diff --git a/moon_manager/moon_manager/api/models.py b/moon_manager/moon_manager/api/models.py
index 440a4d2b..c3068367 100644
--- a/moon_manager/moon_manager/api/models.py
+++ b/moon_manager/moon_manager/api/models.py
@@ -46,15 +46,11 @@ class Models(Resource):
}
:internal_api: get_models
"""
- try:
- data = ModelManager.get_models(user_id=user_id, model_id=uuid)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+ data = ModelManager.get_models(user_id=user_id, model_id=uuid)
+
return {"models": data}
- @validate_input("post", body_state=[True, False, True])
+ @validate_input("post", body_state={"name":True, "meta_rules":True})
@check_auth
def post(self, uuid=None, user_id=None):
"""Create model.
@@ -75,18 +71,14 @@ class Models(Resource):
}
:internal_api: add_model
"""
- try:
- data = ModelManager.add_model(
- user_id=user_id, model_id=uuid, value=request.json)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+ data = ModelManager.add_model(
+ user_id=user_id, model_id=uuid, value=request.json)
+
return {"models": data}
@validate_input("delete", kwargs_state=[True, False])
@check_auth
- def delete(self, uuid, user_id=None):
+ def delete(self, uuid=None, user_id=None):
"""Delete a model
:param uuid: uuid of the model to delete
@@ -97,17 +89,14 @@ class Models(Resource):
}
:internal_api: delete_model
"""
- try:
- data = ModelManager.delete_model(user_id=user_id, model_id=uuid)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+
+ data = ModelManager.delete_model(user_id=user_id, model_id=uuid)
+
return {"result": True}
- @validate_input("patch", kwargs_state=[True, False], body_state=[True, False, True])
+ @validate_input("patch", kwargs_state=[True, False], body_state={"name":True, "meta_rules":True})
@check_auth
- def patch(self, uuid, user_id=None):
+ def patch(self, uuid=None, user_id=None):
"""Update a model
:param uuid: uuid of the model to update
@@ -121,12 +110,8 @@ class Models(Resource):
}
:internal_api: update_model
"""
- try:
- data = ModelManager.update_model(
- user_id=user_id, model_id=uuid, value=request.json)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+ data = ModelManager.update_model(
+ user_id=user_id, model_id=uuid, value=request.json)
+
return {"models": data}
diff --git a/moon_manager/moon_manager/api/pdp.py b/moon_manager/moon_manager/api/pdp.py
index fd20c85f..a5d7c007 100644
--- a/moon_manager/moon_manager/api/pdp.py
+++ b/moon_manager/moon_manager/api/pdp.py
@@ -114,15 +114,12 @@ class PDP(Resource):
}
:internal_api: get_pdp
"""
- try:
- data = PDPManager.get_pdp(user_id=user_id, pdp_id=uuid)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+
+ data = PDPManager.get_pdp(user_id=user_id, pdp_id=uuid)
+
return {"pdps": data}
- @validate_input("post", body_state=[True, True, True, False])
+ @validate_input("post", body_state={"name": True, "security_pipeline": True, "keystone_project_id": True})
@check_auth
def post(self, uuid=None, user_id=None):
"""Create pdp.
@@ -145,23 +142,20 @@ class PDP(Resource):
}
:internal_api: add_pdp
"""
- try:
- data = dict(request.json)
- if not data.get("keystone_project_id"):
- data["keystone_project_id"] = None
- else:
- if check_keystone_pid(data.get("keystone_project_id")):
- raise exceptions.PdpKeystoneMappingConflict
- data = PDPManager.add_pdp(
- user_id=user_id, pdp_id=None, value=request.json)
- uuid = list(data.keys())[0]
- logger.debug("data={}".format(data))
- logger.debug("uuid={}".format(uuid))
- add_pod(uuid=uuid, data=data[uuid])
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+
+ data = dict(request.json)
+ if not data.get("keystone_project_id"):
+ data["keystone_project_id"] = None
+ else:
+ if check_keystone_pid(data.get("keystone_project_id")):
+ raise exceptions.PdpKeystoneMappingConflict
+ data = PDPManager.add_pdp(
+ user_id=user_id, pdp_id=None, value=request.json)
+ uuid = list(data.keys())[0]
+ logger.debug("data={}".format(data))
+ logger.debug("uuid={}".format(uuid))
+ add_pod(uuid=uuid, data=data[uuid])
+
return {"pdps": data}
@validate_input("delete", kwargs_state=[True, False])
@@ -177,16 +171,12 @@ class PDP(Resource):
}
:internal_api: delete_pdp
"""
- try:
- data = PDPManager.delete_pdp(user_id=user_id, pdp_id=uuid)
- delete_pod(uuid)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+ data = PDPManager.delete_pdp(user_id=user_id, pdp_id=uuid)
+ delete_pod(uuid)
+
return {"result": True}
- @validate_input("patch", kwargs_state=[True, False], body_state=[True, True, True, False])
+ @validate_input("patch", kwargs_state=[True, False], body_state={"name": True, "security_pipeline": True, "keystone_project_id": True})
@check_auth
def patch(self, uuid, user_id=None):
"""Update a pdp
@@ -203,21 +193,18 @@ class PDP(Resource):
}
:internal_api: update_pdp
"""
- try:
- _data = dict(request.json)
- if not _data.get("keystone_project_id"):
- _data["keystone_project_id"] = None
- else:
- if check_keystone_pid(_data.get("keystone_project_id")):
- raise exceptions.PdpKeystoneMappingConflict
- data = PDPManager.update_pdp(
- user_id=user_id, pdp_id=uuid, value=_data)
- logger.debug("data={}".format(data))
- logger.debug("uuid={}".format(uuid))
- add_pod(uuid=uuid, data=data[uuid])
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+
+ _data = dict(request.json)
+ if not _data.get("keystone_project_id"):
+ _data["keystone_project_id"] = None
+ else:
+ if check_keystone_pid(_data.get("keystone_project_id")):
+ raise exceptions.PdpKeystoneMappingConflict
+ data = PDPManager.update_pdp(
+ user_id=user_id, pdp_id=uuid, value=_data)
+ logger.debug("data={}".format(data))
+ logger.debug("uuid={}".format(uuid))
+ add_pod(uuid=uuid, data=data[uuid])
+
return {"pdps": data}
diff --git a/moon_manager/moon_manager/api/perimeter.py b/moon_manager/moon_manager/api/perimeter.py
index 014aa4b9..6c39c43d 100644
--- a/moon_manager/moon_manager/api/perimeter.py
+++ b/moon_manager/moon_manager/api/perimeter.py
@@ -55,21 +55,18 @@ class Subjects(Resource):
}
:internal_api: get_subjects
"""
- try:
- data = PolicyManager.get_subjects(
- user_id=user_id,
- policy_id=uuid,
- perimeter_id=perimeter_id
- )
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+
+ data = PolicyManager.get_subjects(
+ user_id=user_id,
+ policy_id=uuid,
+ perimeter_id=perimeter_id
+ )
+
return {"subjects": data}
- @validate_input("post", body_state=[True, False, False, False])
+ @validate_input("post", body_state={"name":True})
@check_auth
- def post(self, uuid=None, perimeter_id=None, user_id=None):
+ def post(self, uuid, perimeter_id=None, user_id=None):
"""Create or update a subject.
:param uuid: uuid of the policy
@@ -92,25 +89,22 @@ class Subjects(Resource):
}
:internal_api: set_subject
"""
- try:
- if not perimeter_id:
- data = PolicyManager.get_subjects(user_id=user_id,
- policy_id=None)
- if 'name' in request.json:
- for data_id, data_value in data.items():
- if data_value['name'] == request.json['name']:
- perimeter_id = data_id
- break
- data = PolicyManager.add_subject(
- user_id=user_id, policy_id=uuid,
- perimeter_id=perimeter_id, value=request.json)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+
+ if not perimeter_id:
+ data = PolicyManager.get_subjects(user_id=user_id,
+ policy_id=uuid)
+ if 'name' in request.json:
+ for data_id, data_value in data.items():
+ if data_value['name'] == request.json['name']:
+ perimeter_id = data_id
+ break
+ data = PolicyManager.add_subject(
+ user_id=user_id, policy_id=uuid,
+ perimeter_id=perimeter_id, value=request.json)
+
return {"subjects": data}
- @validate_input("patch", kwargs_state=[False, True, False], body_state=[True, False, False, False])
+ @validate_input("patch", kwargs_state=[False, True, False], body_state={"name":True})
@check_auth
def patch(self, uuid, perimeter_id=None, user_id=None):
"""Create or update a subject.
@@ -135,22 +129,19 @@ class Subjects(Resource):
}
:internal_api: set_subject
"""
- try:
- if not perimeter_id:
- data = PolicyManager.get_subjects(user_id=user_id,
- policy_id=None)
- if 'name' in request.json:
- for data_id, data_value in data.items():
- if data_value['name'] == request.json['name']:
- perimeter_id = data_id
- break
- data = PolicyManager.add_subject(
- user_id=user_id, policy_id=uuid,
- perimeter_id=perimeter_id, value=request.json)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+
+ if not perimeter_id:
+ data = PolicyManager.get_subjects(user_id=user_id,
+ policy_id=None)
+ if 'name' in request.json:
+ for data_id, data_value in data.items():
+ if data_value['name'] == request.json['name']:
+ perimeter_id = data_id
+ break
+ data = PolicyManager.add_subject(
+ user_id=user_id, policy_id=uuid,
+ perimeter_id=perimeter_id, value=request.json)
+
return {"subjects": data}
@validate_input("delete", kwargs_state=[False, True, False])
@@ -172,13 +163,10 @@ class Subjects(Resource):
}
:internal_api: delete_subject
"""
- try:
- data = PolicyManager.delete_subject(
- user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+
+ data = PolicyManager.delete_subject(
+ user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id)
+
return {"result": True}
@@ -213,21 +201,18 @@ class Objects(Resource):
}
:internal_api: get_objects
"""
- try:
- data = PolicyManager.get_objects(
- user_id=user_id,
- policy_id=uuid,
- perimeter_id=perimeter_id
- )
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+
+ data = PolicyManager.get_objects(
+ user_id=user_id,
+ policy_id=uuid,
+ perimeter_id=perimeter_id
+ )
+
return {"objects": data}
- @validate_input("post", body_state=[True, False, False, False])
+ @validate_input("post", body_state={"name":True})
@check_auth
- def post(self, uuid=None, perimeter_id=None, user_id=None):
+ def post(self, uuid, perimeter_id=None, user_id=None):
"""Create or update a object.
:param uuid: uuid of the policy
@@ -245,23 +230,20 @@ class Objects(Resource):
}
:internal_api: set_object
"""
- try:
- data = PolicyManager.get_objects(user_id=user_id, policy_id=None)
- if 'name' in request.json:
- for data_id, data_value in data.items():
- if data_value['name'] == request.json['name']:
- perimeter_id = data_id
- break
- data = PolicyManager.add_object(
- user_id=user_id, policy_id=uuid,
- perimeter_id=perimeter_id, value=request.json)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+
+ data = PolicyManager.get_objects(user_id=user_id, policy_id=uuid)
+ if 'name' in request.json:
+ for data_id, data_value in data.items():
+ if data_value['name'] == request.json['name']:
+ perimeter_id = data_id
+ break
+ data = PolicyManager.add_object(
+ user_id=user_id, policy_id=uuid,
+ perimeter_id=perimeter_id, value=request.json)
+
return {"objects": data}
- @validate_input("patch", kwargs_state=[False, True, False], body_state=[True, False, False, False])
+ @validate_input("patch", kwargs_state=[False, True, False], body_state={"name":True})
@check_auth
def patch(self, uuid, perimeter_id=None, user_id=None):
"""Create or update a object.
@@ -281,20 +263,17 @@ class Objects(Resource):
}
:internal_api: set_object
"""
- try:
- data = PolicyManager.get_objects(user_id=user_id, policy_id=None)
- if 'name' in request.json:
- for data_id, data_value in data.items():
- if data_value['name'] == request.json['name']:
- perimeter_id = data_id
- break
- data = PolicyManager.add_object(
- user_id=user_id, policy_id=uuid,
- perimeter_id=perimeter_id, value=request.json)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+
+ data = PolicyManager.get_objects(user_id=user_id, policy_id=uuid)
+ if 'name' in request.json:
+ for data_id, data_value in data.items():
+ if data_value['name'] == request.json['name']:
+ perimeter_id = data_id
+ break
+ data = PolicyManager.add_object(
+ user_id=user_id, policy_id=uuid,
+ perimeter_id=perimeter_id, value=request.json)
+
return {"objects": data}
@validate_input("delete", kwargs_state=[False, True, False])
@@ -313,13 +292,10 @@ class Objects(Resource):
}
:internal_api: delete_object
"""
- try:
- data = PolicyManager.delete_object(
- user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+
+ data = PolicyManager.delete_object(
+ user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id)
+
return {"result": True}
@@ -354,18 +330,15 @@ class Actions(Resource):
}
:internal_api: get_actions
"""
- try:
- data = PolicyManager.get_actions(
- user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+
+ data = PolicyManager.get_actions(
+ user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id)
+
return {"actions": data}
- @validate_input("post", body_state=[True, False, False, False])
+ @validate_input("post", body_state={"name":True})
@check_auth
- def post(self, uuid=None, perimeter_id=None, user_id=None):
+ def post(self, uuid, perimeter_id=None, user_id=None):
"""Create or update a action.
:param uuid: uuid of the policy
@@ -383,23 +356,20 @@ class Actions(Resource):
}
:internal_api: set_action
"""
- try:
- data = PolicyManager.get_actions(user_id=user_id, policy_id=None)
- if 'name' in request.json:
- for data_id, data_value in data.items():
- if data_value['name'] == request.json['name']:
- perimeter_id = data_id
- break
- data = PolicyManager.add_action(
- user_id=user_id, policy_id=uuid,
- perimeter_id=perimeter_id, value=request.json)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+
+ data = PolicyManager.get_actions(user_id=user_id, policy_id=uuid)
+ if 'name' in request.json:
+ for data_id, data_value in data.items():
+ if data_value['name'] == request.json['name']:
+ perimeter_id = data_id
+ break
+ data = PolicyManager.add_action(
+ user_id=user_id, policy_id=uuid,
+ perimeter_id=perimeter_id, value=request.json)
+
return {"actions": data}
- @validate_input("patch", kwargs_state=[False, True, False], body_state=[True, False, False, False])
+ @validate_input("patch", kwargs_state=[False, True, False], body_state={"name":True})
@check_auth
def patch(self, uuid, perimeter_id=None, user_id=None):
"""Create or update a action.
@@ -419,20 +389,17 @@ class Actions(Resource):
}
:internal_api: set_action
"""
- try:
- data = PolicyManager.get_actions(user_id=user_id, policy_id=None)
- if 'name' in request.json:
- for data_id, data_value in data.items():
- if data_value['name'] == request.json['name']:
- perimeter_id = data_id
- break
- data = PolicyManager.add_action(
- user_id=user_id, policy_id=uuid,
- perimeter_id=perimeter_id, value=request.json)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+
+ data = PolicyManager.get_actions(user_id=user_id, policy_id=uuid)
+ if 'name' in request.json:
+ for data_id, data_value in data.items():
+ if data_value['name'] == request.json['name']:
+ perimeter_id = data_id
+ break
+ data = PolicyManager.add_action(
+ user_id=user_id, policy_id=uuid,
+ perimeter_id=perimeter_id, value=request.json)
+
return {"actions": data}
@validate_input("delete", kwargs_state=[False, True, False])
@@ -451,11 +418,8 @@ class Actions(Resource):
}
:internal_api: delete_action
"""
- try:
- data = PolicyManager.delete_action(
- user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+
+ data = PolicyManager.delete_action(
+ user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id)
+
return {"result": True}
diff --git a/moon_manager/moon_manager/api/policies.py b/moon_manager/moon_manager/api/policies.py
index 1a9e0bae..9fe237b2 100644
--- a/moon_manager/moon_manager/api/policies.py
+++ b/moon_manager/moon_manager/api/policies.py
@@ -12,6 +12,8 @@ from flask_restful import Resource
import logging
from python_moonutilities.security_functions import check_auth
from python_moondb.core import PolicyManager
+from python_moonutilities.security_functions import validate_input
+
__version__ = "4.3.2"
@@ -30,6 +32,7 @@ class Policies(Resource):
"/policies/<string:uuid>/",
)
+ @validate_input("get", kwargs_state=[False, False])
@check_auth
def get(self, uuid=None, user_id=None):
"""Retrieve all policies
@@ -46,14 +49,12 @@ class Policies(Resource):
}
:internal_api: get_policies
"""
- try:
- data = PolicyManager.get_policies(user_id=user_id, policy_id=uuid)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+
+ data = PolicyManager.get_policies(user_id=user_id, policy_id=uuid)
+
return {"policies": data}
+ @validate_input("post", body_state={"name": True, "model_id":True})
@check_auth
def post(self, uuid=None, user_id=None):
"""Create policy.
@@ -76,17 +77,15 @@ class Policies(Resource):
}
:internal_api: add_policy
"""
- try:
- data = PolicyManager.add_policy(
- user_id=user_id, policy_id=uuid, value=request.json)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+
+ data = PolicyManager.add_policy(
+ user_id=user_id, policy_id=uuid, value=request.json)
+
return {"policies": data}
+ @validate_input("delete", kwargs_state=[ True, False])
@check_auth
- def delete(self, uuid, user_id=None):
+ def delete(self, uuid=None, user_id=None):
"""Delete a policy
:param uuid: uuid of the policy to delete
@@ -97,16 +96,14 @@ class Policies(Resource):
}
:internal_api: delete_policy
"""
- try:
- data = PolicyManager.delete_policy(user_id=user_id, policy_id=uuid)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+
+ data = PolicyManager.delete_policy(user_id=user_id, policy_id=uuid)
+
return {"result": True}
+ @validate_input("patch", kwargs_state=[True, False], body_state={"name": True, "model_id":True})
@check_auth
- def patch(self, uuid, user_id=None):
+ def patch(self, uuid=None, user_id=None):
"""Update a policy
:param uuid: uuid of the policy to update
@@ -121,12 +118,9 @@ class Policies(Resource):
}
:internal_api: update_policy
"""
- try:
- data = PolicyManager.update_policy(
- user_id=user_id, policy_id=uuid, value=request.json)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+
+ data = PolicyManager.update_policy(
+ user_id=user_id, policy_id=uuid, value=request.json)
+
return {"policies": data}
diff --git a/moon_manager/moon_manager/api/rules.py b/moon_manager/moon_manager/api/rules.py
index ecb066d9..a0248097 100644
--- a/moon_manager/moon_manager/api/rules.py
+++ b/moon_manager/moon_manager/api/rules.py
@@ -49,17 +49,14 @@ class Rules(Resource):
}
:internal_api: get_rules
"""
- try:
- data = PolicyManager.get_rules(user_id=user_id,
+
+ data = PolicyManager.get_rules(user_id=user_id,
policy_id=uuid,
rule_id=rule_id)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+
return {"rules": data}
- @validate_input("post", kwargs_state=[True, False, False], body_state=[True, False, False, False])
+ @validate_input("post", kwargs_state=[True, False, False], body_state={"meta_rule_id": True, "rule": True, "instructions": True})
@check_auth
def post(self, uuid=None, rule_id=None, user_id=None):
"""Add a rule to a meta rule
@@ -111,15 +108,12 @@ class Rules(Resource):
:internal_api: add_rule
"""
args = request.json
- try:
- data = PolicyManager.add_rule(user_id=user_id,
- policy_id=uuid,
- meta_rule_id=args['meta_rule_id'],
- value=args)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+
+ data = PolicyManager.add_rule(user_id=user_id,
+ policy_id=uuid,
+ meta_rule_id=args['meta_rule_id'],
+ value=args)
+
return {"rules": data}
@validate_input("delete", kwargs_state=[True, True, False])
@@ -133,12 +127,9 @@ class Rules(Resource):
:return: { "result": true }
:internal_api: delete_rule
"""
- try:
- data = PolicyManager.delete_rule(
- user_id=user_id, policy_id=uuid, rule_id=rule_id)
- except Exception as e:
- logger.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
+
+ data = PolicyManager.delete_rule(
+ user_id=user_id, policy_id=uuid, rule_id=rule_id)
+
return {"result": True}
diff --git a/moon_manager/moon_manager/api/slaves.py b/moon_manager/moon_manager/api/slaves.py
index f5b3fa14..769b681f 100644
--- a/moon_manager/moon_manager/api/slaves.py
+++ b/moon_manager/moon_manager/api/slaves.py
@@ -11,12 +11,11 @@ from flask import request
from flask_restful import Resource
import logging
import requests
-import time
from python_moonutilities.security_functions import check_auth
-from python_moondb.core import PDPManager
-from python_moondb.core import PolicyManager
-from python_moondb.core import ModelManager
-from python_moonutilities import configuration, exceptions
+
+from python_moonutilities import configuration
+from python_moonutilities.security_functions import validate_input
+
__version__ = "4.3.0"
@@ -42,6 +41,7 @@ class Slaves(Resource):
self.orchestrator_port = conf["components/orchestrator"].get("port",
80)
+ @validate_input("get", kwargs_state=[False, False])
@check_auth
def get(self, uuid=None, user_id=None):
"""Retrieve all slaves
@@ -66,6 +66,8 @@ class Slaves(Resource):
))
return {"slaves": req.json().get("slaves", dict())}
+ @validate_input("patch", kwargs_state=[False, False],
+ body_state={"op": True, "variable": True, "value": True})
@check_auth
def patch(self, uuid=None, user_id=None):
"""Update a slave