aboutsummaryrefslogtreecommitdiffstats
path: root/moonv4/moon_manager/moon_manager/api/rules.py
diff options
context:
space:
mode:
Diffstat (limited to 'moonv4/moon_manager/moon_manager/api/rules.py')
-rw-r--r--moonv4/moon_manager/moon_manager/api/rules.py130
1 files changed, 130 insertions, 0 deletions
diff --git a/moonv4/moon_manager/moon_manager/api/rules.py b/moonv4/moon_manager/moon_manager/api/rules.py
new file mode 100644
index 00000000..8b1cf635
--- /dev/null
+++ b/moonv4/moon_manager/moon_manager/api/rules.py
@@ -0,0 +1,130 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+"""
+Rules (TODO)
+"""
+
+from flask import request
+from flask_restful import Resource
+from oslo_log import log as logging
+from moon_utilities.security_functions import call
+from moon_utilities.security_functions import check_auth
+from moon_db.core import PolicyManager
+
+__version__ = "0.1.0"
+
+LOG = logging.getLogger("moon.manager.api." + __name__)
+
+
+class Rules(Resource):
+ """
+ Endpoint for rules requests
+ """
+
+ __urls__ = ("/policies/<string:uuid>/rules",
+ "/policies/<string:uuid>/rules/",
+ "/policies/<string:uuid>/rules/<string:rule_id>",
+ "/policies/<string:uuid>/rules/<string:rule_id>/",
+ )
+
+ @check_auth
+ def get(self, uuid=None, rule_id=None, user_id=None):
+ """Retrieve all rules or a specific one
+
+ :param uuid: policy ID
+ :param rule_id: rule ID
+ :param user_id: user ID who do the request
+ :return: {
+ "rules": [
+ "policy_id": "policy_id1",
+ "meta_rule_id": "meta_rule_id1",
+ "rule_id1": ["subject_data_id1", "object_data_id1", "action_data_id1"],
+ "rule_id2": ["subject_data_id2", "object_data_id2", "action_data_id2"],
+ ]
+ }
+ :internal_api: get_rules
+ """
+ try:
+ data = PolicyManager.get_rules(user_id=user_id,
+ policy_id=uuid,
+ rule_id=rule_id)
+ except Exception as e:
+ LOG.error(e, exc_info=True)
+ return {"result": False,
+ "error": str(e)}
+ return {"rules": data}
+
+ @check_auth
+ def post(self, uuid=None, rule_id=None, user_id=None):
+ """Add a rule to a meta rule
+
+ :param uuid: policy ID
+ :param rule_id: rule ID
+ :param user_id: user ID who do the request
+ :request body: post = {
+ "meta_rule_id": "meta_rule_id1",
+ "rule": ["subject_data_id2", "object_data_id2", "action_data_id2"],
+ "instructions": (
+ {"decision": "grant"},
+ )
+ "enabled": True
+ }
+ :return: {
+ "rules": [
+ "meta_rule_id": "meta_rule_id1",
+ "rule_id1": {
+ "rule": ["subject_data_id1", "object_data_id1", "action_data_id1"],
+ "instructions": (
+ {"decision": "grant"}, # "grant" to immediately exit,
+ # "continue" to wait for the result of next policy
+ # "deny" to deny the request
+ )
+ }
+ "rule_id2": {
+ "rule": ["subject_data_id2", "object_data_id2", "action_data_id2"],
+ "instructions": (
+ {
+ "update": {
+ "operation": "add", # operations may be "add" or "delete"
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the policy named rbac
+ )
+ }
+ ]
+ }
+ :internal_api: add_rule
+ """
+ args = request.json
+ try:
+ data = PolicyManager.add_rule(user_id=user_id,
+ policy_id=uuid,
+ meta_rule_id=args['meta_rule_id'],
+ value=args)
+ except Exception as e:
+ LOG.error(e, exc_info=True)
+ return {"result": False,
+ "error": str(e)}
+ return {"rules": data}
+
+ @check_auth
+ def delete(self, uuid=None, rule_id=None, user_id=None):
+ """Delete one rule linked to a specific sub meta rule
+
+ :param uuid: policy ID
+ :param rule_id: rule ID
+ :param user_id: user ID who do the request
+ :return: { "result": true }
+ :internal_api: delete_rule
+ """
+ try:
+ data = PolicyManager.delete_rule(user_id=user_id, policy_id=uuid, rule_id=rule_id)
+ except Exception as e:
+ LOG.error(e, exc_info=True)
+ return {"result": False,
+ "error": str(e)}
+ return {"result": True}
+