aboutsummaryrefslogtreecommitdiffstats
path: root/moonv4/moon_manager
diff options
context:
space:
mode:
Diffstat (limited to 'moonv4/moon_manager')
-rw-r--r--moonv4/moon_manager/moon_manager/api/master.py36
-rw-r--r--moonv4/moon_manager/moon_manager/api/policies.py20
2 files changed, 34 insertions, 22 deletions
diff --git a/moonv4/moon_manager/moon_manager/api/master.py b/moonv4/moon_manager/moon_manager/api/master.py
index e63406c5..6c1796ad 100644
--- a/moonv4/moon_manager/moon_manager/api/master.py
+++ b/moonv4/moon_manager/moon_manager/api/master.py
@@ -141,7 +141,6 @@ class Master(object):
def __add_meta_rule(self):
meta_rules = ModelManager.get_meta_rules("admin")
- LOG.info("meta_rules={}".format(meta_rules))
for uuid, value in self.meta_rules.items():
if uuid not in meta_rules:
ModelManager.add_meta_rule("admin", uuid, value=value)
@@ -305,21 +304,22 @@ class Master(object):
def update_from_master(self, ctx, args):
LOG.info("update_from_master {}".format(ctx))
- self.__policy_ids = ctx["security_pipeline"]
+ if "security_pipeline" in ctx:
+ self.__policy_ids = ctx["security_pipeline"]
- for policy_id, policy_value in self.policies.items():
- self.__model_ids.append(policy_value["model_id"])
+ for policy_id, policy_value in self.policies.items():
+ self.__model_ids.append(policy_value["model_id"])
- for model_id, model_value in self.models.items():
- self.__meta_rule_ids.extend(model_value['meta_rules'])
+ for model_id, model_value in self.models.items():
+ self.__meta_rule_ids.extend(model_value['meta_rules'])
- self.__add_meta_data()
+ self.__add_meta_data()
- self.__add_meta_rule()
+ self.__add_meta_rule()
- for policy_id in ctx["security_pipeline"]:
- if policy_id in self.policies:
- PolicyManager.add_policy("admin", policy_id, self.__policies[policy_id])
+ for policy_id in ctx["security_pipeline"]:
+ if policy_id in self.policies:
+ res = PolicyManager.add_policy("admin", policy_id, self.__policies[policy_id])
self.__add_perimeter(subject_name=ctx.get("subject_name"), object_name=ctx.get("object_name"))
@@ -334,12 +334,12 @@ class Master(object):
if model_id not in models:
ModelManager.add_model("admin", model_id, model_value)
- pdp = PDPManager.add_pdp(user_id="admin", pdp_id=ctx["pdp_id"], value=args)
- if "error" in pdp:
- LOG.error("Error when adding PDP from master {}".format(pdp))
- return False
- LOG.info("pdp={}".format(pdp))
- call("orchestrator", method="add_container",
- ctx={"id": ctx.get("id"), "pipeline": ctx['security_pipeline']})
+ if args:
+ pdp = PDPManager.add_pdp(user_id="admin", pdp_id=ctx["pdp_id"], value=args)
+ if "error" in pdp:
+ LOG.error("Error when adding PDP from master {}".format(pdp))
+ return False
+ call("orchestrator", method="add_container",
+ ctx={"id": ctx.get("id"), "pipeline": ctx['security_pipeline']})
return True
diff --git a/moonv4/moon_manager/moon_manager/api/policies.py b/moonv4/moon_manager/moon_manager/api/policies.py
index 27e28a6c..65b6994f 100644
--- a/moonv4/moon_manager/moon_manager/api/policies.py
+++ b/moonv4/moon_manager/moon_manager/api/policies.py
@@ -325,10 +325,20 @@ class Assignments(object):
if _data_value['name'] == object_name:
return _data_id
+ def __get_action_id(self, ctx, action_name):
+ data = self.manager.get_actions(
+ user_id=ctx["user_id"],
+ policy_id=ctx["id"],
+ perimeter_id=None
+ )
+ for _data_id, _data_value in data.items():
+ if _data_value['name'] == action_name:
+ return _data_id
+
def get_subject_assignments(self, ctx, args):
try:
- if "perimeter_name" in args:
- ctx["perimeter_id"] = self.__get_subject_id(ctx, args['perimeter_name'])
+ if "perimeter_name" in ctx:
+ ctx["perimeter_id"] = self.__get_subject_id(ctx, ctx['perimeter_name'])
data = self.manager.get_subject_assignments(user_id=ctx["user_id"], policy_id=ctx["id"],
subject_id=ctx["perimeter_id"], category_id=ctx["category_id"])
except Exception as e:
@@ -364,8 +374,8 @@ class Assignments(object):
def get_object_assignments(self, ctx, args):
try:
- if "perimeter_name" in args:
- ctx["perimeter_id"] = self.__get_object_id(ctx, args['perimeter_name'])
+ if "perimeter_name" in ctx:
+ ctx["perimeter_id"] = self.__get_object_id(ctx, ctx['perimeter_name'])
data = self.manager.get_object_assignments(user_id=ctx["user_id"], policy_id=ctx["id"],
object_id=ctx["perimeter_id"], category_id=ctx["category_id"])
except Exception as e:
@@ -401,6 +411,8 @@ class Assignments(object):
def get_action_assignments(self, ctx, args):
try:
+ if "perimeter_name" in ctx:
+ ctx["perimeter_id"] = self.__get_action_id(ctx, ctx['perimeter_name'])
data = self.manager.get_action_assignments(user_id=ctx["user_id"], policy_id=ctx["id"],
action_id=ctx["perimeter_id"], category_id=ctx["category_id"])
except Exception as e: