aboutsummaryrefslogtreecommitdiffstats
path: root/moonv4/moon_manager/moon_manager/api/policies.py
diff options
context:
space:
mode:
Diffstat (limited to 'moonv4/moon_manager/moon_manager/api/policies.py')
-rw-r--r--moonv4/moon_manager/moon_manager/api/policies.py551
1 files changed, 96 insertions, 455 deletions
diff --git a/moonv4/moon_manager/moon_manager/api/policies.py b/moonv4/moon_manager/moon_manager/api/policies.py
index 65b6994f..737b988e 100644
--- a/moonv4/moon_manager/moon_manager/api/policies.py
+++ b/moonv4/moon_manager/moon_manager/api/policies.py
@@ -2,488 +2,129 @@
# This software is distributed under the terms and conditions of the 'Apache-2.0'
# license which can be found in the file 'LICENSE' in this package distribution
# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+"""
+Policies are instances of security models and implement security policies
+"""
+
+from flask import request
+from flask_restful import Resource
from oslo_log import log as logging
-from oslo_config import cfg
+from moon_utilities.security_functions import check_auth
from moon_db.core import PolicyManager
-LOG = logging.getLogger(__name__)
-CONF = cfg.CONF
+__version__ = "0.1.0"
+LOG = logging.getLogger("moon.manager.api." + __name__)
-class Policies(object):
- def __init__(self):
- self.manager = PolicyManager
+class Policies(Resource):
+ """
+ Endpoint for policy requests
+ """
- def get_policies(self, ctx, args):
- try:
- data = self.manager.get_policies(user_id=ctx["user_id"], policy_id=ctx.get("id"))
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e),
- "ctx": ctx, "args": args}
- return {"policies": data}
+ __urls__ = (
+ "/policies",
+ "/policies/",
+ "/policies/<string:uuid>",
+ "/policies/<string:uuid>/",
+ )
- def add_policy(self, ctx, args):
- try:
- data = self.manager.add_policy(user_id=ctx["user_id"], policy_id=ctx.get("id"), value=args)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e),
- "ctx": ctx, "args": args}
- return {"policies": data}
+ @check_auth
+ def get(self, uuid=None, user_id=None):
+ """Retrieve all policies
- def delete_policy(self, ctx, args):
+ :param uuid: uuid of the policy
+ :param user_id: user ID who do the request
+ :return: {
+ "policy_id1": {
+ "name": "...",
+ "model_id": "...",
+ "genre": "...",
+ "description": "...",
+ }
+ }
+ :internal_api: get_policies
+ """
try:
- data = self.manager.delete_policy(user_id=ctx["user_id"], policy_id=ctx["id"])
+ data = PolicyManager.get_policies(user_id=user_id, policy_id=uuid)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e),
- "ctx": ctx, "args": args}
- return {"result": True}
-
- def update_policy(self, ctx, args):
- try:
- data = self.manager.update_policy(user_id=ctx["user_id"], policy_id=ctx["id"], value=args)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e),
- "ctx": ctx, "args": args}
+ "error": str(e)}
return {"policies": data}
+ @check_auth
+ def post(self, uuid=None, user_id=None):
+ """Create policy.
+
+ :param uuid: uuid of the policy (not used here)
+ :param user_id: user ID who do the request
+ :request body: {
+ "name": "...",
+ "model_id": "...",
+ "genre": "...",
+ "description": "...",
+ }
+ :return: {
+ "policy_id1": {
+ "name": "...",
+ "model_id": "...",
+ "genre": "...",
+ "description": "...",
+ }
+ }
+ :internal_api: add_policy
+ """
+ try:
+ data = PolicyManager.add_policy(user_id=user_id, policy_id=uuid, value=request.json)
+ except Exception as e:
+ LOG.error(e, exc_info=True)
+ return {"result": False,
+ "error": str(e)}
+ return {"policies": data}
-class Perimeter(object):
-
- def __init__(self):
- self.manager = PolicyManager
-
- def get_subjects(self, ctx, args):
- try:
- data = self.manager.get_subjects(
- user_id=ctx["user_id"],
- policy_id=ctx["id"],
- perimeter_id=args['perimeter_id']
- )
- if not args['perimeter_id']:
- if "perimeter_name" in args:
- for _data_id, _data_value in data.items():
- if _data_value['name'] == args['perimeter_name']:
- data = {_data_id: _data_value}
- break
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e),
- "ctx": ctx, "args": args}
- return {"subjects": data}
-
- def set_subject(self, ctx, args):
- try:
- if not ctx["perimeter_id"]:
- data = self.manager.get_subjects(user_id=ctx["user_id"], policy_id=None)
- if 'name' in args:
- for data_id, data_value in data.items():
- if data_value['name'] == args['name']:
- ctx["perimeter_id"] = data_id
- break
- data = self.manager.add_subject(user_id=ctx["user_id"], policy_id=ctx["id"],
- perimeter_id=ctx["perimeter_id"], value=args)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e),
- "ctx": ctx, "args": args}
- return {"subjects": data}
-
- def delete_subject(self, ctx, args):
- try:
- data = self.manager.delete_subject(user_id=ctx["user_id"], policy_id=ctx["id"], perimeter_id=args["perimeter_id"])
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e),
- "ctx": ctx, "args": args}
- return {"result": True}
-
- def get_objects(self, ctx, args):
- try:
- data = self.manager.get_objects(
- user_id=ctx["user_id"],
- policy_id=ctx["id"],
- perimeter_id=args['perimeter_id']
- )
- if not args['perimeter_id']:
- if "perimeter_name" in args:
- for _data_id, _data_value in data.items():
- if _data_value['name'] == args['perimeter_name']:
- data = {_data_id: _data_value}
- break
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e),
- "ctx": ctx, "args": args}
- return {"objects": data}
-
- def set_object(self, ctx, args):
- try:
- data = self.manager.get_objects(user_id=ctx["user_id"], policy_id=None)
- if 'name' in args:
- for data_id, data_value in data.items():
- if data_value['name'] == args['name']:
- ctx["perimeter_id"] = data_id
- break
- data = self.manager.add_object(user_id=ctx["user_id"], policy_id=ctx["id"],
- perimeter_id=ctx["perimeter_id"], value=args)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e),
- "ctx": ctx, "args": args}
- return {"objects": data}
-
- def delete_object(self, ctx, args):
- try:
- data = self.manager.delete_object(user_id=ctx["user_id"], policy_id=ctx["id"], perimeter_id=args["perimeter_id"])
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e),
- "ctx": ctx, "args": args}
- return {"result": True}
-
- def get_actions(self, ctx, args):
- try:
- data = self.manager.get_actions(user_id=ctx["user_id"], policy_id=ctx["id"], perimeter_id=args['perimeter_id'])
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e),
- "ctx": ctx, "args": args}
- return {"actions": data}
-
- def set_action(self, ctx, args):
- try:
- data = self.manager.get_actions(user_id=ctx["user_id"], policy_id=None)
- if 'name' in args:
- for data_id, data_value in data.items():
- if data_value['name'] == args['name']:
- ctx["perimeter_id"] = data_id
- break
- data = self.manager.add_action(user_id=ctx["user_id"], policy_id=ctx["id"],
- perimeter_id=ctx["perimeter_id"], value=args)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e),
- "ctx": ctx, "args": args}
- return {"actions": data}
-
- def delete_action(self, ctx, args):
- try:
- data = self.manager.delete_action(user_id=ctx["user_id"], policy_id=ctx["id"], perimeter_id=args["perimeter_id"])
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e),
- "ctx": ctx, "args": args}
- return {"result": True}
-
-
-class Data(object):
-
- def __init__(self):
- self.manager = PolicyManager
-
- def get_subject_data(self, ctx, args):
- try:
- data = self.manager.get_subject_data(user_id=ctx["user_id"], policy_id=ctx["id"],
- category_id=ctx["category_id"], data_id=args["data_id"])
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e),
- "ctx": ctx, "args": args}
- return {"subject_data": data}
-
- def add_subject_data(self, ctx, args):
- try:
- data = self.manager.set_subject_data(user_id=ctx["user_id"], policy_id=ctx["id"],
- category_id=ctx["category_id"], value=args)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e),
- "ctx": ctx, "args": args}
- return {"subject_data": data}
-
- def delete_subject_data(self, ctx, args):
- try:
- data = self.manager.delete_subject_data(user_id=ctx["user_id"], policy_id=ctx["id"],
- data_id=["data_id"])
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e),
- "ctx": ctx, "args": args}
- return {"result": True}
-
- def get_object_data(self, ctx, args):
- try:
- data = self.manager.get_object_data(user_id=ctx["user_id"], policy_id=ctx["id"],
- category_id=ctx["category_id"], data_id=args["data_id"])
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e),
- "ctx": ctx, "args": args}
- return {"object_data": data}
-
- def add_object_data(self, ctx, args):
- try:
- data = self.manager.add_object_data(user_id=ctx["user_id"], policy_id=ctx["id"],
- category_id=ctx["category_id"], value=args)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e),
- "ctx": ctx, "args": args}
- return {"object_data": data}
-
- def delete_object_data(self, ctx, args):
- try:
- data = self.manager.delete_object_data(user_id=ctx["user_id"], policy_id=ctx["id"],
- data_id=["data_id"])
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e),
- "ctx": ctx, "args": args}
- return {"result": True}
-
- def get_action_data(self, ctx, args):
- try:
- data = self.manager.get_action_data(user_id=ctx["user_id"], policy_id=ctx["id"],
- category_id=ctx["category_id"], data_id=args["data_id"])
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e),
- "ctx": ctx, "args": args}
- return {"action_data": data}
-
- def add_action_data(self, ctx, args):
- try:
- data = self.manager.add_action_data(user_id=ctx["user_id"], policy_id=ctx["id"],
- category_id=ctx["category_id"], value=args)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e),
- "ctx": ctx, "args": args}
- return {"action_data": data}
-
- def delete_action_data(self, ctx, args):
- try:
- data = self.manager.delete_action_data(user_id=ctx["user_id"], policy_id=ctx["id"],
- data_id=["data_id"])
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e),
- "ctx": ctx, "args": args}
- return {"result": True}
-
-
-class Assignments(object):
-
- def __init__(self):
- self.manager = PolicyManager
-
- def __get_subject_id(self, ctx, subject_name):
- data = self.manager.get_subjects(
- user_id=ctx["user_id"],
- policy_id=ctx["id"],
- perimeter_id=None
- )
- for _data_id, _data_value in data.items():
- if _data_value['name'] == subject_name:
- return _data_id
-
- def __get_object_id(self, ctx, object_name):
- data = self.manager.get_objects(
- user_id=ctx["user_id"],
- policy_id=ctx["id"],
- perimeter_id=None
- )
- for _data_id, _data_value in data.items():
- if _data_value['name'] == object_name:
- return _data_id
-
- def __get_action_id(self, ctx, action_name):
- data = self.manager.get_actions(
- user_id=ctx["user_id"],
- policy_id=ctx["id"],
- perimeter_id=None
- )
- for _data_id, _data_value in data.items():
- if _data_value['name'] == action_name:
- return _data_id
-
- def get_subject_assignments(self, ctx, args):
- try:
- if "perimeter_name" in ctx:
- ctx["perimeter_id"] = self.__get_subject_id(ctx, ctx['perimeter_name'])
- data = self.manager.get_subject_assignments(user_id=ctx["user_id"], policy_id=ctx["id"],
- subject_id=ctx["perimeter_id"], category_id=ctx["category_id"])
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e),
- "ctx": ctx, "args": args}
- return {"subject_assignments": data}
-
- def update_subject_assignment(self, ctx, args):
- try:
- data = self.manager.add_subject_assignment(user_id=ctx["user_id"], policy_id=ctx["id"],
- subject_id=args["id"], category_id=args["category_id"],
- data_id=args["data_id"])
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e),
- "ctx": ctx, "args": args}
- return {"subject_assignments": data}
-
- def delete_subject_assignment(self, ctx, args):
- try:
- data = self.manager.delete_subject_assignment(user_id=ctx["user_id"], policy_id=ctx["id"],
- subject_id=ctx["perimeter_id"], category_id=ctx["category_id"],
- data_id=args["data_id"])
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e),
- "ctx": ctx, "args": args}
- return {"result": True}
-
- def get_object_assignments(self, ctx, args):
- try:
- if "perimeter_name" in ctx:
- ctx["perimeter_id"] = self.__get_object_id(ctx, ctx['perimeter_name'])
- data = self.manager.get_object_assignments(user_id=ctx["user_id"], policy_id=ctx["id"],
- object_id=ctx["perimeter_id"], category_id=ctx["category_id"])
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e),
- "ctx": ctx, "args": args}
- return {"object_assignments": data}
-
- def update_object_assignment(self, ctx, args):
- try:
- data = self.manager.add_object_assignment(user_id=ctx["user_id"], policy_id=ctx["id"],
- object_id=args["id"], category_id=args["category_id"],
- data_id=args["data_id"])
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e),
- "ctx": ctx, "args": args}
- return {"object_assignments": data}
-
- def delete_object_assignment(self, ctx, args):
- try:
- data = self.manager.delete_object_assignment(user_id=ctx["user_id"], policy_id=ctx["id"],
- object_id=ctx["perimeter_id"], category_id=ctx["category_id"],
- data_id=args["data_id"])
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e),
- "ctx": ctx, "args": args}
- return {"result": True}
-
- def get_action_assignments(self, ctx, args):
- try:
- if "perimeter_name" in ctx:
- ctx["perimeter_id"] = self.__get_action_id(ctx, ctx['perimeter_name'])
- data = self.manager.get_action_assignments(user_id=ctx["user_id"], policy_id=ctx["id"],
- action_id=ctx["perimeter_id"], category_id=ctx["category_id"])
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e),
- "ctx": ctx, "args": args}
- return {"action_assignments": data}
-
- def update_action_assignment(self, ctx, args):
- try:
- data = self.manager.add_action_assignment(user_id=ctx["user_id"], policy_id=ctx["id"],
- action_id=args["id"], category_id=args["category_id"],
- data_id=args["data_id"])
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e),
- "ctx": ctx, "args": args}
- return {"action_assignments": data}
+ @check_auth
+ def delete(self, uuid=None, user_id=None):
+ """Delete a policy
- def delete_action_assignment(self, ctx, args):
+ :param uuid: uuid of the policy to delete
+ :param user_id: user ID who do the request
+ :return: {
+ "result": "True or False",
+ "message": "optional message"
+ }
+ :internal_api: delete_policy
+ """
try:
- data = self.manager.delete_action_assignment(user_id=ctx["user_id"], policy_id=ctx["id"],
- action_id=ctx["perimeter_id"], category_id=ctx["category_id"],
- data_id=args["data_id"])
+ data = PolicyManager.delete_policy(user_id=user_id, policy_id=uuid)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e),
- "ctx": ctx, "args": args}
+ "error": str(e)}
return {"result": True}
+ @check_auth
+ def patch(self, uuid=None, user_id=None):
+ """Update a policy
-class Rules(object):
-
- def __init__(self):
- self.manager = PolicyManager
-
- def get_rules(self, ctx, args):
+ :param uuid: uuid of the policy to update
+ :param user_id: user ID who do the request
+ :return: {
+ "policy_id1": {
+ "name": "...",
+ "model_id": "...",
+ "genre": "...",
+ "description": "...",
+ }
+ }
+ :internal_api: update_policy
+ """
try:
- data = self.manager.get_rules(user_id=ctx["user_id"],
- policy_id=ctx["id"],
- # meta_rule_id=ctx["meta_rule_id"],
- rule_id=ctx["rule_id"])
+ data = PolicyManager.update_policy(user_id=user_id, policy_id=uuid, value=request.json)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e),
- "ctx": ctx, "args": args}
- return {"rules": data}
-
- def add_rule(self, ctx, args):
- try:
- data = self.manager.add_rule(user_id=ctx["user_id"],
- policy_id=ctx["id"],
- meta_rule_id=args["meta_rule_id"],
- value=args)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e),
- "ctx": ctx, "args": args}
- return {"rules": data}
+ "error": str(e)}
+ return {"policies": data}
- def delete_rule(self, ctx, args):
- try:
- data = self.manager.delete_rule(user_id=ctx["user_id"], policy_id=ctx["id"], rule_id=ctx['rule_id'])
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e),
- "ctx": ctx, "args": args}
- return {"result": True}