diff options
Diffstat (limited to 'moonv4/moon_manager/moon_manager/api/policies.py')
-rw-r--r-- | moonv4/moon_manager/moon_manager/api/policies.py | 551 |
1 files changed, 96 insertions, 455 deletions
diff --git a/moonv4/moon_manager/moon_manager/api/policies.py b/moonv4/moon_manager/moon_manager/api/policies.py index 65b6994f..737b988e 100644 --- a/moonv4/moon_manager/moon_manager/api/policies.py +++ b/moonv4/moon_manager/moon_manager/api/policies.py @@ -2,488 +2,129 @@ # This software is distributed under the terms and conditions of the 'Apache-2.0' # license which can be found in the file 'LICENSE' in this package distribution # or at 'http://www.apache.org/licenses/LICENSE-2.0'. +""" +Policies are instances of security models and implement security policies +""" + +from flask import request +from flask_restful import Resource from oslo_log import log as logging -from oslo_config import cfg +from moon_utilities.security_functions import check_auth from moon_db.core import PolicyManager -LOG = logging.getLogger(__name__) -CONF = cfg.CONF +__version__ = "0.1.0" +LOG = logging.getLogger("moon.manager.api." + __name__) -class Policies(object): - def __init__(self): - self.manager = PolicyManager +class Policies(Resource): + """ + Endpoint for policy requests + """ - def get_policies(self, ctx, args): - try: - data = self.manager.get_policies(user_id=ctx["user_id"], policy_id=ctx.get("id")) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e), - "ctx": ctx, "args": args} - return {"policies": data} + __urls__ = ( + "/policies", + "/policies/", + "/policies/<string:uuid>", + "/policies/<string:uuid>/", + ) - def add_policy(self, ctx, args): - try: - data = self.manager.add_policy(user_id=ctx["user_id"], policy_id=ctx.get("id"), value=args) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e), - "ctx": ctx, "args": args} - return {"policies": data} + @check_auth + def get(self, uuid=None, user_id=None): + """Retrieve all policies - def delete_policy(self, ctx, args): + :param uuid: uuid of the policy + :param user_id: user ID who do the request + :return: { + "policy_id1": { + "name": "...", + "model_id": "...", + "genre": "...", + "description": "...", + } + } + :internal_api: get_policies + """ try: - data = self.manager.delete_policy(user_id=ctx["user_id"], policy_id=ctx["id"]) + data = PolicyManager.get_policies(user_id=user_id, policy_id=uuid) except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e), - "ctx": ctx, "args": args} - return {"result": True} - - def update_policy(self, ctx, args): - try: - data = self.manager.update_policy(user_id=ctx["user_id"], policy_id=ctx["id"], value=args) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e), - "ctx": ctx, "args": args} + "error": str(e)} return {"policies": data} + @check_auth + def post(self, uuid=None, user_id=None): + """Create policy. + + :param uuid: uuid of the policy (not used here) + :param user_id: user ID who do the request + :request body: { + "name": "...", + "model_id": "...", + "genre": "...", + "description": "...", + } + :return: { + "policy_id1": { + "name": "...", + "model_id": "...", + "genre": "...", + "description": "...", + } + } + :internal_api: add_policy + """ + try: + data = PolicyManager.add_policy(user_id=user_id, policy_id=uuid, value=request.json) + except Exception as e: + LOG.error(e, exc_info=True) + return {"result": False, + "error": str(e)} + return {"policies": data} -class Perimeter(object): - - def __init__(self): - self.manager = PolicyManager - - def get_subjects(self, ctx, args): - try: - data = self.manager.get_subjects( - user_id=ctx["user_id"], - policy_id=ctx["id"], - perimeter_id=args['perimeter_id'] - ) - if not args['perimeter_id']: - if "perimeter_name" in args: - for _data_id, _data_value in data.items(): - if _data_value['name'] == args['perimeter_name']: - data = {_data_id: _data_value} - break - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e), - "ctx": ctx, "args": args} - return {"subjects": data} - - def set_subject(self, ctx, args): - try: - if not ctx["perimeter_id"]: - data = self.manager.get_subjects(user_id=ctx["user_id"], policy_id=None) - if 'name' in args: - for data_id, data_value in data.items(): - if data_value['name'] == args['name']: - ctx["perimeter_id"] = data_id - break - data = self.manager.add_subject(user_id=ctx["user_id"], policy_id=ctx["id"], - perimeter_id=ctx["perimeter_id"], value=args) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e), - "ctx": ctx, "args": args} - return {"subjects": data} - - def delete_subject(self, ctx, args): - try: - data = self.manager.delete_subject(user_id=ctx["user_id"], policy_id=ctx["id"], perimeter_id=args["perimeter_id"]) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e), - "ctx": ctx, "args": args} - return {"result": True} - - def get_objects(self, ctx, args): - try: - data = self.manager.get_objects( - user_id=ctx["user_id"], - policy_id=ctx["id"], - perimeter_id=args['perimeter_id'] - ) - if not args['perimeter_id']: - if "perimeter_name" in args: - for _data_id, _data_value in data.items(): - if _data_value['name'] == args['perimeter_name']: - data = {_data_id: _data_value} - break - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e), - "ctx": ctx, "args": args} - return {"objects": data} - - def set_object(self, ctx, args): - try: - data = self.manager.get_objects(user_id=ctx["user_id"], policy_id=None) - if 'name' in args: - for data_id, data_value in data.items(): - if data_value['name'] == args['name']: - ctx["perimeter_id"] = data_id - break - data = self.manager.add_object(user_id=ctx["user_id"], policy_id=ctx["id"], - perimeter_id=ctx["perimeter_id"], value=args) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e), - "ctx": ctx, "args": args} - return {"objects": data} - - def delete_object(self, ctx, args): - try: - data = self.manager.delete_object(user_id=ctx["user_id"], policy_id=ctx["id"], perimeter_id=args["perimeter_id"]) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e), - "ctx": ctx, "args": args} - return {"result": True} - - def get_actions(self, ctx, args): - try: - data = self.manager.get_actions(user_id=ctx["user_id"], policy_id=ctx["id"], perimeter_id=args['perimeter_id']) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e), - "ctx": ctx, "args": args} - return {"actions": data} - - def set_action(self, ctx, args): - try: - data = self.manager.get_actions(user_id=ctx["user_id"], policy_id=None) - if 'name' in args: - for data_id, data_value in data.items(): - if data_value['name'] == args['name']: - ctx["perimeter_id"] = data_id - break - data = self.manager.add_action(user_id=ctx["user_id"], policy_id=ctx["id"], - perimeter_id=ctx["perimeter_id"], value=args) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e), - "ctx": ctx, "args": args} - return {"actions": data} - - def delete_action(self, ctx, args): - try: - data = self.manager.delete_action(user_id=ctx["user_id"], policy_id=ctx["id"], perimeter_id=args["perimeter_id"]) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e), - "ctx": ctx, "args": args} - return {"result": True} - - -class Data(object): - - def __init__(self): - self.manager = PolicyManager - - def get_subject_data(self, ctx, args): - try: - data = self.manager.get_subject_data(user_id=ctx["user_id"], policy_id=ctx["id"], - category_id=ctx["category_id"], data_id=args["data_id"]) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e), - "ctx": ctx, "args": args} - return {"subject_data": data} - - def add_subject_data(self, ctx, args): - try: - data = self.manager.set_subject_data(user_id=ctx["user_id"], policy_id=ctx["id"], - category_id=ctx["category_id"], value=args) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e), - "ctx": ctx, "args": args} - return {"subject_data": data} - - def delete_subject_data(self, ctx, args): - try: - data = self.manager.delete_subject_data(user_id=ctx["user_id"], policy_id=ctx["id"], - data_id=["data_id"]) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e), - "ctx": ctx, "args": args} - return {"result": True} - - def get_object_data(self, ctx, args): - try: - data = self.manager.get_object_data(user_id=ctx["user_id"], policy_id=ctx["id"], - category_id=ctx["category_id"], data_id=args["data_id"]) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e), - "ctx": ctx, "args": args} - return {"object_data": data} - - def add_object_data(self, ctx, args): - try: - data = self.manager.add_object_data(user_id=ctx["user_id"], policy_id=ctx["id"], - category_id=ctx["category_id"], value=args) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e), - "ctx": ctx, "args": args} - return {"object_data": data} - - def delete_object_data(self, ctx, args): - try: - data = self.manager.delete_object_data(user_id=ctx["user_id"], policy_id=ctx["id"], - data_id=["data_id"]) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e), - "ctx": ctx, "args": args} - return {"result": True} - - def get_action_data(self, ctx, args): - try: - data = self.manager.get_action_data(user_id=ctx["user_id"], policy_id=ctx["id"], - category_id=ctx["category_id"], data_id=args["data_id"]) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e), - "ctx": ctx, "args": args} - return {"action_data": data} - - def add_action_data(self, ctx, args): - try: - data = self.manager.add_action_data(user_id=ctx["user_id"], policy_id=ctx["id"], - category_id=ctx["category_id"], value=args) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e), - "ctx": ctx, "args": args} - return {"action_data": data} - - def delete_action_data(self, ctx, args): - try: - data = self.manager.delete_action_data(user_id=ctx["user_id"], policy_id=ctx["id"], - data_id=["data_id"]) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e), - "ctx": ctx, "args": args} - return {"result": True} - - -class Assignments(object): - - def __init__(self): - self.manager = PolicyManager - - def __get_subject_id(self, ctx, subject_name): - data = self.manager.get_subjects( - user_id=ctx["user_id"], - policy_id=ctx["id"], - perimeter_id=None - ) - for _data_id, _data_value in data.items(): - if _data_value['name'] == subject_name: - return _data_id - - def __get_object_id(self, ctx, object_name): - data = self.manager.get_objects( - user_id=ctx["user_id"], - policy_id=ctx["id"], - perimeter_id=None - ) - for _data_id, _data_value in data.items(): - if _data_value['name'] == object_name: - return _data_id - - def __get_action_id(self, ctx, action_name): - data = self.manager.get_actions( - user_id=ctx["user_id"], - policy_id=ctx["id"], - perimeter_id=None - ) - for _data_id, _data_value in data.items(): - if _data_value['name'] == action_name: - return _data_id - - def get_subject_assignments(self, ctx, args): - try: - if "perimeter_name" in ctx: - ctx["perimeter_id"] = self.__get_subject_id(ctx, ctx['perimeter_name']) - data = self.manager.get_subject_assignments(user_id=ctx["user_id"], policy_id=ctx["id"], - subject_id=ctx["perimeter_id"], category_id=ctx["category_id"]) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e), - "ctx": ctx, "args": args} - return {"subject_assignments": data} - - def update_subject_assignment(self, ctx, args): - try: - data = self.manager.add_subject_assignment(user_id=ctx["user_id"], policy_id=ctx["id"], - subject_id=args["id"], category_id=args["category_id"], - data_id=args["data_id"]) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e), - "ctx": ctx, "args": args} - return {"subject_assignments": data} - - def delete_subject_assignment(self, ctx, args): - try: - data = self.manager.delete_subject_assignment(user_id=ctx["user_id"], policy_id=ctx["id"], - subject_id=ctx["perimeter_id"], category_id=ctx["category_id"], - data_id=args["data_id"]) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e), - "ctx": ctx, "args": args} - return {"result": True} - - def get_object_assignments(self, ctx, args): - try: - if "perimeter_name" in ctx: - ctx["perimeter_id"] = self.__get_object_id(ctx, ctx['perimeter_name']) - data = self.manager.get_object_assignments(user_id=ctx["user_id"], policy_id=ctx["id"], - object_id=ctx["perimeter_id"], category_id=ctx["category_id"]) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e), - "ctx": ctx, "args": args} - return {"object_assignments": data} - - def update_object_assignment(self, ctx, args): - try: - data = self.manager.add_object_assignment(user_id=ctx["user_id"], policy_id=ctx["id"], - object_id=args["id"], category_id=args["category_id"], - data_id=args["data_id"]) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e), - "ctx": ctx, "args": args} - return {"object_assignments": data} - - def delete_object_assignment(self, ctx, args): - try: - data = self.manager.delete_object_assignment(user_id=ctx["user_id"], policy_id=ctx["id"], - object_id=ctx["perimeter_id"], category_id=ctx["category_id"], - data_id=args["data_id"]) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e), - "ctx": ctx, "args": args} - return {"result": True} - - def get_action_assignments(self, ctx, args): - try: - if "perimeter_name" in ctx: - ctx["perimeter_id"] = self.__get_action_id(ctx, ctx['perimeter_name']) - data = self.manager.get_action_assignments(user_id=ctx["user_id"], policy_id=ctx["id"], - action_id=ctx["perimeter_id"], category_id=ctx["category_id"]) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e), - "ctx": ctx, "args": args} - return {"action_assignments": data} - - def update_action_assignment(self, ctx, args): - try: - data = self.manager.add_action_assignment(user_id=ctx["user_id"], policy_id=ctx["id"], - action_id=args["id"], category_id=args["category_id"], - data_id=args["data_id"]) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e), - "ctx": ctx, "args": args} - return {"action_assignments": data} + @check_auth + def delete(self, uuid=None, user_id=None): + """Delete a policy - def delete_action_assignment(self, ctx, args): + :param uuid: uuid of the policy to delete + :param user_id: user ID who do the request + :return: { + "result": "True or False", + "message": "optional message" + } + :internal_api: delete_policy + """ try: - data = self.manager.delete_action_assignment(user_id=ctx["user_id"], policy_id=ctx["id"], - action_id=ctx["perimeter_id"], category_id=ctx["category_id"], - data_id=args["data_id"]) + data = PolicyManager.delete_policy(user_id=user_id, policy_id=uuid) except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e), - "ctx": ctx, "args": args} + "error": str(e)} return {"result": True} + @check_auth + def patch(self, uuid=None, user_id=None): + """Update a policy -class Rules(object): - - def __init__(self): - self.manager = PolicyManager - - def get_rules(self, ctx, args): + :param uuid: uuid of the policy to update + :param user_id: user ID who do the request + :return: { + "policy_id1": { + "name": "...", + "model_id": "...", + "genre": "...", + "description": "...", + } + } + :internal_api: update_policy + """ try: - data = self.manager.get_rules(user_id=ctx["user_id"], - policy_id=ctx["id"], - # meta_rule_id=ctx["meta_rule_id"], - rule_id=ctx["rule_id"]) + data = PolicyManager.update_policy(user_id=user_id, policy_id=uuid, value=request.json) except Exception as e: LOG.error(e, exc_info=True) return {"result": False, - "error": str(e), - "ctx": ctx, "args": args} - return {"rules": data} - - def add_rule(self, ctx, args): - try: - data = self.manager.add_rule(user_id=ctx["user_id"], - policy_id=ctx["id"], - meta_rule_id=args["meta_rule_id"], - value=args) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e), - "ctx": ctx, "args": args} - return {"rules": data} + "error": str(e)} + return {"policies": data} - def delete_rule(self, ctx, args): - try: - data = self.manager.delete_rule(user_id=ctx["user_id"], policy_id=ctx["id"], rule_id=ctx['rule_id']) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e), - "ctx": ctx, "args": args} - return {"result": True} |