aboutsummaryrefslogtreecommitdiffstats
path: root/old/python_moondb/python_moondb
diff options
context:
space:
mode:
Diffstat (limited to 'old/python_moondb/python_moondb')
-rw-r--r--old/python_moondb/python_moondb/__init__.py6
-rw-r--r--old/python_moondb/python_moondb/api/__init__.py0
-rw-r--r--old/python_moondb/python_moondb/api/keystone.py105
-rw-r--r--old/python_moondb/python_moondb/api/managers.py16
-rw-r--r--old/python_moondb/python_moondb/api/model.py338
-rw-r--r--old/python_moondb/python_moondb/api/pdp.py51
-rw-r--r--old/python_moondb/python_moondb/api/policy.py751
-rw-r--r--old/python_moondb/python_moondb/backends/__init__.py96
-rw-r--r--old/python_moondb/python_moondb/backends/sql.py1884
-rw-r--r--old/python_moondb/python_moondb/core.py228
-rw-r--r--old/python_moondb/python_moondb/db_manager.py82
-rw-r--r--old/python_moondb/python_moondb/migrate_repo/__init__.py0
-rw-r--r--old/python_moondb/python_moondb/migrate_repo/versions/001_moon.py267
-rw-r--r--old/python_moondb/python_moondb/migrate_repo/versions/__init__.py0
14 files changed, 3824 insertions, 0 deletions
diff --git a/old/python_moondb/python_moondb/__init__.py b/old/python_moondb/python_moondb/__init__.py
new file mode 100644
index 00000000..37c9a725
--- /dev/null
+++ b/old/python_moondb/python_moondb/__init__.py
@@ -0,0 +1,6 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+__version__ = "1.2.20"
diff --git a/old/python_moondb/python_moondb/api/__init__.py b/old/python_moondb/python_moondb/api/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/old/python_moondb/python_moondb/api/__init__.py
diff --git a/old/python_moondb/python_moondb/api/keystone.py b/old/python_moondb/python_moondb/api/keystone.py
new file mode 100644
index 00000000..57521c36
--- /dev/null
+++ b/old/python_moondb/python_moondb/api/keystone.py
@@ -0,0 +1,105 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+import os
+import requests
+import json
+from uuid import uuid4
+import logging
+from python_moonutilities import exceptions, configuration
+from python_moonutilities.security_functions import filter_input, login, logout
+from python_moondb.api.managers import Managers
+
+logger = logging.getLogger("moon.db.api.keystone")
+
+
+class KeystoneManager(Managers):
+
+ def __init__(self, connector=None):
+ self.driver = connector.driver
+ Managers.KeystoneManager = self
+ conf = configuration.get_configuration("openstack/keystone")['openstack/keystone']
+
+ self.__url = conf['url']
+ self.__user = conf['user']
+ self.__password = conf['password']
+ self.__domain = conf['domain']
+ self.__project = conf['project']
+ try:
+ os.environ.pop("http_proxy")
+ os.environ.pop("https_proxy")
+ except KeyError:
+ pass
+
+ def __get(self, endpoint, _exception=exceptions.KeystoneError):
+ _headers = login()
+ req = requests.get("{}{}".format(self.__url, endpoint), headers=_headers, verify=False)
+ if req.status_code not in (200, 201):
+ logger.error(req.text)
+ raise _exception
+ data = req.json()
+ logout(_headers)
+ return data
+
+ def __post(self, endpoint, data=None, _exception=exceptions.KeystoneError):
+ _headers = login()
+ req = requests.post("{}{}".format(self.__url, endpoint),
+ data=json.dumps(data),
+ headers=_headers, verify=False)
+ if req.status_code == 409:
+ logger.warning(req.text)
+ raise exceptions.KeystoneUserConflict
+ if req.status_code not in (200, 201):
+ logger.error(req.text)
+ raise _exception
+ data = req.json()
+ logout(_headers)
+ return data
+
+ def list_projects(self):
+ return self.__get(endpoint="/projects/", _exception=exceptions.KeystoneProjectError)
+
+ @filter_input
+ def create_project(self, tenant_dict):
+ if "name" not in tenant_dict:
+ raise exceptions.KeystoneProjectError("Cannot get the project name.")
+ _project = {
+ "project": {
+ "description": tenant_dict['description'] if 'description' in tenant_dict else "",
+ "domain_id": tenant_dict['domain'] if 'domain' in tenant_dict else "default",
+ "enabled": True,
+ "is_domain": False,
+ "name": tenant_dict['name']
+ }
+ }
+ return self.__post(endpoint="/projects/",
+ data=_project,
+ _exception=exceptions.KeystoneProjectError)
+
+ @filter_input
+ def get_user_by_name(self, username, domain_id="default"):
+ return self.__get(endpoint="/users?name={}&domain_id={}".format(username, domain_id),
+ _exception=exceptions.KeystoneUserError)
+
+ @filter_input
+ def create_user(self, subject_dict):
+ _user = {
+ "user": {
+ "enabled": True,
+ "name": subject_dict['name'] if 'name' in subject_dict else uuid4().hex,
+ }
+ }
+ if 'project' in subject_dict:
+ _user['user']['default_project_id'] = subject_dict['project']
+ if 'domain' in subject_dict:
+ _user['user']['domain_id'] = subject_dict['domain']
+ if 'password' in subject_dict:
+ _user['user']['password'] = subject_dict['password']
+ try:
+ return self.__post(endpoint="/users/",
+ data=_user,
+ _exception=exceptions.KeystoneUserError)
+ except exceptions.KeystoneUserConflict:
+ return True
diff --git a/old/python_moondb/python_moondb/api/managers.py b/old/python_moondb/python_moondb/api/managers.py
new file mode 100644
index 00000000..414725f6
--- /dev/null
+++ b/old/python_moondb/python_moondb/api/managers.py
@@ -0,0 +1,16 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+import logging
+
+logger = logging.getLogger("moon.db.api.managers")
+
+
+class Managers(object):
+ """Object that links managers together"""
+ ModelManager = None
+ KeystoneManager = None
+ PDPManager = None
+ PolicyManager = None
diff --git a/old/python_moondb/python_moondb/api/model.py b/old/python_moondb/python_moondb/api/model.py
new file mode 100644
index 00000000..4f6c34cb
--- /dev/null
+++ b/old/python_moondb/python_moondb/api/model.py
@@ -0,0 +1,338 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+from uuid import uuid4
+import logging
+from python_moonutilities import exceptions
+from python_moonutilities.security_functions import filter_input, enforce
+from python_moondb.api.managers import Managers
+import copy
+
+logger = logging.getLogger("moon.db.api.model")
+
+
+class ModelManager(Managers):
+
+ def __init__(self, connector=None):
+ self.driver = connector.driver
+ Managers.ModelManager = self
+
+ @enforce(("read", "write"), "models")
+ def update_model(self, user_id, model_id, value):
+ if model_id not in self.driver.get_models(model_id=model_id):
+ raise exceptions.ModelUnknown
+
+ if not value['name'].strip():
+ raise exceptions.ModelContentError('Model name invalid')
+
+ if 'meta_rules' not in value:
+ raise exceptions.MetaRuleUnknown
+
+ if not value['name']:
+ raise exceptions.ModelContentError
+
+ model = self.get_models(user_id=user_id, model_id=model_id)
+ model = model[next(iter(model))]
+ if ((model['meta_rules'] and value['meta_rules'] and model['meta_rules'] != value[
+ 'meta_rules']) \
+ or (model['meta_rules'] and not value['meta_rules'])):
+ policies = Managers.PolicyManager.get_policies(user_id=user_id)
+ for policy_id in policies:
+ if policies[policy_id]["model_id"] == model_id:
+ raise exceptions.DeleteModelWithPolicy
+
+ if value and 'meta_rules' in value:
+ for meta_rule_id in value['meta_rules']:
+ if not self.driver.get_meta_rules(meta_rule_id=meta_rule_id):
+ raise exceptions.MetaRuleUnknown
+
+ return self.driver.update_model(model_id=model_id, value=value)
+
+ @enforce(("read", "write"), "models")
+ def delete_model(self, user_id, model_id):
+ if model_id not in self.driver.get_models(model_id=model_id):
+ raise exceptions.ModelUnknown
+ # TODO (asteroide): check that no policy is connected to this model
+ policies = Managers.PolicyManager.get_policies(user_id=user_id)
+ for policy in policies:
+ if policies[policy]['model_id'] == model_id:
+ raise exceptions.DeleteModelWithPolicy
+ return self.driver.delete_model(model_id=model_id)
+
+ @enforce(("read", "write"), "models")
+ def add_model(self, user_id, model_id=None, value=None):
+
+ if not value['name']:
+ raise exceptions.ModelContentError
+
+ if not value['name'].strip():
+ raise exceptions.ModelContentError('Model name invalid')
+
+ models = self.driver.get_models()
+ if model_id in models:
+ raise exceptions.ModelExisting
+
+ for model in models:
+ if models[model]['name'] == value['name']:
+ raise exceptions.ModelExisting("Model Name Existed")
+ same_meta_rule_counter = 0
+ for meta_rule_id in models[model]['meta_rules']:
+ if meta_rule_id in value['meta_rules']:
+ same_meta_rule_counter += 1
+ if same_meta_rule_counter == len(value['meta_rules']) and \
+ len(models[model]['meta_rules']) == len(value['meta_rules']):
+ raise exceptions.ModelExisting("Meta Rules List Existed in another Model")
+
+ if not model_id:
+ model_id = uuid4().hex
+ if value and 'meta_rules' in value:
+ for meta_rule_id in value['meta_rules']:
+ if not meta_rule_id:
+ raise exceptions.MetaRuleUnknown
+ meta_rule = self.driver.get_meta_rules(meta_rule_id=meta_rule_id)
+ if not meta_rule:
+ raise exceptions.MetaRuleUnknown
+
+ meta_rule_content = meta_rule[next(iter(meta_rule))]
+ if (not meta_rule_content['subject_categories']) or (
+ not meta_rule_content['object_categories']) or (
+ not meta_rule_content['action_categories']):
+ raise exceptions.MetaRuleContentError
+
+ return self.driver.add_model(model_id=model_id, value=value)
+
+ @enforce("read", "models")
+ def get_models(self, user_id, model_id=None):
+ return self.driver.get_models(model_id=model_id)
+
+ @enforce(("read", "write"), "meta_rules")
+ def update_meta_rule(self, user_id, meta_rule_id, value):
+ meta_rules=self.driver.get_meta_rules()
+ if not meta_rule_id or meta_rule_id not in meta_rules:
+ raise exceptions.MetaRuleUnknown
+ self.__check_meta_rule_dependencies(user_id=user_id, meta_rule_id=meta_rule_id)
+ if value:
+ if 'subject_categories' in value:
+ for subject_category_id in value['subject_categories']:
+ if not subject_category_id or not self.driver.get_subject_categories(
+ category_id=subject_category_id):
+ raise exceptions.SubjectCategoryUnknown
+ if 'object_categories' in value:
+ for object_category_id in value['object_categories']:
+ if not object_category_id or not self.driver.get_object_categories(
+ category_id=object_category_id):
+ raise exceptions.ObjectCategoryUnknown
+ if 'action_categories' in value:
+ for action_category_id in value['action_categories']:
+ if not action_category_id or not self.driver.get_action_categories(
+ category_id=action_category_id):
+ raise exceptions.ActionCategoryUnknown
+
+ for meta_rule_obj_id in meta_rules:
+ counter_matched_list = 0
+ counter_matched_list += self.check_combination(meta_rules[meta_rule_obj_id]['subject_categories'],
+ value['subject_categories'])
+ counter_matched_list += self.check_combination(meta_rules[meta_rule_obj_id]['object_categories'],
+ value['object_categories'])
+ counter_matched_list += self.check_combination(meta_rules[meta_rule_obj_id]['action_categories'],
+ value['action_categories'])
+ if counter_matched_list == 3 and meta_rule_obj_id!=meta_rule_id:
+ raise exceptions.MetaRuleExisting("Same categories combination existed")
+
+ return self.driver.set_meta_rule(meta_rule_id=meta_rule_id, value=value)
+
+ def __check_meta_rule_dependencies(self, user_id, meta_rule_id):
+ policies = Managers.PolicyManager.get_policies(user_id=user_id)
+ for policy_id in policies:
+ rules = Managers.PolicyManager.get_rules(user_id=user_id, policy_id=policy_id,
+ meta_rule_id=meta_rule_id)
+ if len(rules['rules']):
+ raise exceptions.MetaRuleUpdateError
+
+ @enforce("read", "meta_rules")
+ def get_meta_rules(self, user_id, meta_rule_id=None):
+ return self.driver.get_meta_rules(meta_rule_id=meta_rule_id)
+
+ @enforce(("read", "write"), "meta_rules")
+ def add_meta_rule(self, user_id, meta_rule_id=None, value=None):
+
+ if not value['name']:
+ raise exceptions.MetaRuleContentError
+
+ meta_rules = self.driver.get_meta_rules()
+
+ if meta_rule_id in meta_rules:
+ raise exceptions.MetaRuleExisting
+
+ if value:
+ if 'subject_categories' in value:
+ for subject_category_id in value['subject_categories']:
+ if not self.driver.get_subject_categories(category_id=subject_category_id):
+ raise exceptions.SubjectCategoryUnknown
+ if 'object_categories' in value:
+ for object_category_id in value['object_categories']:
+ if not self.driver.get_object_categories(category_id=object_category_id):
+ raise exceptions.ObjectCategoryUnknown
+ if 'action_categories' in value:
+ for action_category_id in value['action_categories']:
+ if not self.driver.get_action_categories(category_id=action_category_id):
+ raise exceptions.ActionCategoryUnknown
+
+ for meta_rule_obj_id in meta_rules:
+ counter_matched_list = 0
+ counter_matched_list += self.check_combination(meta_rules[meta_rule_obj_id]['subject_categories'],
+ value['subject_categories'])
+ counter_matched_list += self.check_combination(meta_rules[meta_rule_obj_id]['object_categories'],
+ value['object_categories'])
+ counter_matched_list += self.check_combination(meta_rules[meta_rule_obj_id]['action_categories'],
+ value['action_categories'])
+ if counter_matched_list == 3:
+ raise exceptions.MetaRuleExisting("Same categories combination existed")
+
+ return self.driver.set_meta_rule(meta_rule_id=meta_rule_id, value=value)
+
+ @enforce(("read", "write"), "meta_rules")
+ def check_combination(self, list_one, list_two):
+ counter_removed_items = 0
+ temp_list_two = copy.deepcopy(list_two)
+ for item in list_one:
+ if item in temp_list_two:
+ temp_list_two.remove(item)
+ counter_removed_items += 1
+
+ if counter_removed_items == len(list_two) and len(list_two) == len(list_one) and len(list_two):
+ return 1
+ return 0
+
+ @enforce(("read", "write"), "meta_rules")
+ def delete_meta_rule(self, user_id, meta_rule_id=None):
+ if meta_rule_id not in self.driver.get_meta_rules(meta_rule_id=meta_rule_id):
+ raise exceptions.MetaRuleUnknown
+ # TODO (asteroide): check and/or delete data and assignments and rules linked to that meta_rule
+ models = self.get_models(user_id=user_id)
+ for model_id in models:
+ for id in models[model_id]['meta_rules']:
+ if id == meta_rule_id:
+ raise exceptions.DeleteMetaRuleWithModel
+ return self.driver.delete_meta_rule(meta_rule_id=meta_rule_id)
+
+ @enforce("read", "meta_data")
+ def get_subject_categories(self, user_id, category_id=None):
+ return self.driver.get_subject_categories(category_id=category_id)
+
+ @enforce(("read", "write"), "meta_data")
+ def add_subject_category(self, user_id, category_id=None, value=None):
+ subject_categories = self.driver.get_subject_categories(category_id=category_id)
+
+ if not value['name']:
+ raise exceptions.CategoryNameInvalid
+
+ if category_id in subject_categories:
+ raise exceptions.SubjectCategoryExisting
+
+ return self.driver.add_subject_category(name=value["name"],
+ description=value["description"], uuid=category_id)
+
+ @enforce(("read", "write"), "meta_data")
+ def delete_subject_category(self, user_id, category_id):
+ # TODO (asteroide): delete all data linked to that category
+ # TODO (asteroide): delete all meta_rules linked to that category
+ if category_id not in self.driver.get_subject_categories(category_id=category_id):
+ raise exceptions.SubjectCategoryUnknown
+ meta_rules = self.get_meta_rules(user_id=user_id)
+ for meta_rule_id in meta_rules:
+ for subject_category_id in meta_rules[meta_rule_id]['subject_categories']:
+ logger.info(
+ "delete_subject_category {} {}".format(subject_category_id, meta_rule_id))
+ logger.info("delete_subject_category {}".format(meta_rules[meta_rule_id]))
+ if subject_category_id == category_id:
+ # has_rules = self.driver.is_meta_rule_has_rules(meta_rule_id)
+ # if has_rules:
+ raise exceptions.DeleteSubjectCategoryWithMetaRule
+
+ if self.driver.is_subject_category_has_assignment(category_id):
+ raise exceptions.DeleteCategoryWithAssignment
+
+ if self.driver.is_subject_data_exist(category_id=category_id):
+ raise exceptions.DeleteCategoryWithData
+
+ return self.driver.delete_subject_category(category_id=category_id)
+
+ @enforce("read", "meta_data")
+ def get_object_categories(self, user_id, category_id=None):
+ return self.driver.get_object_categories(category_id)
+
+ @enforce(("read", "write"), "meta_data")
+ def add_object_category(self, user_id, category_id=None, value=None):
+ if not value['name']:
+ raise exceptions.CategoryNameInvalid
+
+ object_categories = self.driver.get_object_categories(category_id=category_id)
+ if category_id in object_categories:
+ raise exceptions.ObjectCategoryExisting
+
+ return self.driver.add_object_category(name=value["name"], description=value["description"],
+ uuid=category_id)
+
+ @enforce(("read", "write"), "meta_data")
+ def delete_object_category(self, user_id, category_id):
+ # TODO (asteroide): delete all data linked to that category
+ # TODO (asteroide): delete all meta_rules linked to that category
+ if category_id not in self.driver.get_object_categories(category_id=category_id):
+ raise exceptions.ObjectCategoryUnknown
+ meta_rules = self.get_meta_rules(user_id=user_id)
+ for meta_rule_id in meta_rules:
+ for object_category_id in meta_rules[meta_rule_id]['object_categories']:
+ if object_category_id == category_id:
+ # has_rules = self.driver.is_meta_rule_has_rules(meta_rule_id)
+ # if has_rules:
+ raise exceptions.DeleteObjectCategoryWithMetaRule
+
+ if self.driver.is_object_category_has_assignment(category_id):
+ raise exceptions.DeleteCategoryWithAssignment
+
+ if self.driver.is_object_data_exist(category_id=category_id):
+ raise exceptions.DeleteCategoryWithData
+
+ return self.driver.delete_object_category(category_id=category_id)
+
+ @enforce("read", "meta_data")
+ def get_action_categories(self, user_id, category_id=None):
+ return self.driver.get_action_categories(category_id=category_id)
+
+ @enforce(("read", "write"), "meta_data")
+ def add_action_category(self, user_id, category_id=None, value=None):
+
+ if not value['name']:
+ raise exceptions.CategoryNameInvalid
+
+ action_categories = self.driver.get_action_categories(category_id=category_id)
+ if category_id in action_categories:
+ raise exceptions.ActionCategoryExisting
+
+ return self.driver.add_action_category(name=value["name"], description=value["description"],
+ uuid=category_id)
+
+ @enforce(("read", "write"), "meta_data")
+ def delete_action_category(self, user_id, category_id):
+ # TODO (asteroide): delete all data linked to that category
+ # TODO (asteroide): delete all meta_rules linked to that category
+ if category_id not in self.driver.get_action_categories(category_id=category_id):
+ raise exceptions.ActionCategoryUnknown
+ meta_rules = self.get_meta_rules(user_id=user_id)
+ for meta_rule_id in meta_rules:
+ for action_category_id in meta_rules[meta_rule_id]['action_categories']:
+ if action_category_id == category_id:
+ # has_rules = self.driver.is_meta_rule_has_rules(meta_rule_id)
+ # if has_rules:
+ raise exceptions.DeleteActionCategoryWithMetaRule
+
+ if self.driver.is_action_category_has_assignment(category_id):
+ raise exceptions.DeleteCategoryWithAssignment
+
+ if self.driver.is_action_data_exist(category_id=category_id):
+ raise exceptions.DeleteCategoryWithData
+
+ return self.driver.delete_action_category(category_id=category_id)
diff --git a/old/python_moondb/python_moondb/api/pdp.py b/old/python_moondb/python_moondb/api/pdp.py
new file mode 100644
index 00000000..d0a071c9
--- /dev/null
+++ b/old/python_moondb/python_moondb/api/pdp.py
@@ -0,0 +1,51 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+from uuid import uuid4
+import logging
+from python_moonutilities.security_functions import enforce
+from python_moondb.api.managers import Managers
+from python_moonutilities import exceptions
+
+logger = logging.getLogger("moon.db.api.pdp")
+
+
+class PDPManager(Managers):
+
+ def __init__(self, connector=None):
+ self.driver = connector.driver
+ Managers.PDPManager = self
+
+ @enforce(("read", "write"), "pdp")
+ def update_pdp(self, user_id, pdp_id, value):
+ if pdp_id not in self.driver.get_pdp(pdp_id=pdp_id):
+ raise exceptions.PdpUnknown
+ if value and 'security_pipeline' in value:
+ for policy_id in value['security_pipeline']:
+ if not Managers.PolicyManager.get_policies(user_id=user_id, policy_id=policy_id):
+ raise exceptions.PolicyUnknown
+ return self.driver.update_pdp(pdp_id=pdp_id, value=value)
+
+ @enforce(("read", "write"), "pdp")
+ def delete_pdp(self, user_id, pdp_id):
+ if pdp_id not in self.driver.get_pdp(pdp_id=pdp_id):
+ raise exceptions.PdpUnknown
+ return self.driver.delete_pdp(pdp_id=pdp_id)
+
+ @enforce(("read", "write"), "pdp")
+ def add_pdp(self, user_id, pdp_id=None, value=None):
+ if pdp_id in self.driver.get_pdp(pdp_id=pdp_id):
+ raise exceptions.PdpExisting
+ if not pdp_id:
+ pdp_id = uuid4().hex
+ if value and 'security_pipeline' in value:
+ for policy_id in value['security_pipeline']:
+ if not Managers.PolicyManager.get_policies(user_id=user_id, policy_id=policy_id):
+ raise exceptions.PolicyUnknown
+ return self.driver.add_pdp(pdp_id=pdp_id, value=value)
+
+ @enforce("read", "pdp")
+ def get_pdp(self, user_id, pdp_id=None):
+ return self.driver.get_pdp(pdp_id=pdp_id)
diff --git a/old/python_moondb/python_moondb/api/policy.py b/old/python_moondb/python_moondb/api/policy.py
new file mode 100644
index 00000000..03a93ff5
--- /dev/null
+++ b/old/python_moondb/python_moondb/api/policy.py
@@ -0,0 +1,751 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+from uuid import uuid4
+import logging
+from python_moonutilities.security_functions import enforce
+from python_moondb.api.managers import Managers
+from python_moonutilities import exceptions
+
+# from python_moondb.core import PDPManager
+
+logger = logging.getLogger("moon.db.api.policy")
+
+
+class PolicyManager(Managers):
+
+ def __init__(self, connector=None):
+ self.driver = connector.driver
+ Managers.PolicyManager = self
+
+ def get_policy_from_meta_rules(self, user_id, meta_rule_id):
+ policies = self.PolicyManager.get_policies("admin")
+ models = self.ModelManager.get_models("admin")
+ for pdp_key, pdp_value in self.PDPManager.get_pdp(user_id).items():
+ if 'security_pipeline' not in pdp_value:
+ raise exceptions.PdpContentError
+ for policy_id in pdp_value["security_pipeline"]:
+ if not policies or policy_id not in policies:
+ raise exceptions.PolicyUnknown
+ model_id = policies[policy_id]["model_id"]
+ if not models:
+ raise exceptions.ModelUnknown
+ if model_id not in models:
+ raise exceptions.ModelUnknown
+ if meta_rule_id in models[model_id]["meta_rules"]:
+ return policy_id
+
+ @enforce(("read", "write"), "policies")
+ def update_policy(self, user_id, policy_id, value):
+
+ if not value or not value['name']:
+ raise exceptions.PolicyContentError
+
+ policyList = self.driver.get_policies(policy_id=policy_id)
+ if not policy_id or policy_id not in policyList:
+ raise exceptions.PolicyUnknown
+
+ policies = self.driver.get_policies(policy_name=value['name'])
+ if len(policies) and not (policy_id in policies):
+ raise exceptions.PolicyExisting("Policy name Existed")
+
+ if 'model_id' in value and value['model_id']:
+ if not Managers.ModelManager.get_models(user_id, model_id=value['model_id']):
+ raise exceptions.ModelUnknown
+
+ policy_obj = policyList[policy_id]
+ if (policy_obj["model_id"] and value["model_id"] != policy_obj["model_id"]):
+
+ subjects = self.driver.get_subjects(policy_id=policy_id)
+ if subjects:
+ raise exceptions.PolicyUpdateError("Policy is used in subject")
+ objects = self.driver.get_objects(policy_id=policy_id)
+ if objects:
+ raise exceptions.PolicyUpdateError("Policy is used in object")
+ actions = self.driver.get_actions(policy_id=policy_id)
+ if actions:
+ raise exceptions.PolicyUpdateError("Policy is used in action")
+
+ rules = self.driver.get_rules(policy_id=policy_id)["rules"]
+ if rules:
+ raise exceptions.PolicyUpdateError("Policy is used in rule")
+
+ subject_data = self.get_subject_data(user_id, policy_id=policy_id)
+ if subject_data and subject_data[0]["data"]:
+ raise exceptions.PolicyUpdateError("Policy is used in subject_data")
+ object_data = self.get_object_data(user_id, policy_id=policy_id)
+ if object_data and object_data[0]["data"]:
+ raise exceptions.PolicyUpdateError("Policy is used in object_data")
+ action_data = self.get_action_data(user_id, policy_id=policy_id)
+ if action_data and action_data[0]["data"]:
+ raise exceptions.PolicyUpdateError("Policy is used in action_data")
+
+ return self.driver.update_policy(policy_id=policy_id, value=value)
+
+ @enforce(("read", "write"), "policies")
+ def delete_policy(self, user_id, policy_id):
+ # TODO (asteroide): unmap PDP linked to that policy
+ if policy_id not in self.driver.get_policies(policy_id=policy_id):
+ raise exceptions.PolicyUnknown
+ pdps = self.PDPManager.get_pdp(user_id=user_id)
+ for pdp in pdps:
+ for policy_id in pdps[pdp]['security_pipeline']:
+ if policy_id == policy_id:
+ raise exceptions.DeletePolicyWithPdp
+ subjects = self.driver.get_subjects(policy_id=policy_id)
+ if subjects:
+ raise exceptions.DeletePolicyWithPerimeter
+ objects = self.driver.get_objects(policy_id=policy_id)
+ if objects:
+ raise exceptions.DeletePolicyWithPerimeter
+ actions = self.driver.get_actions(policy_id=policy_id)
+ if actions:
+ raise exceptions.DeletePolicyWithPerimeter
+
+ rules = self.driver.get_rules(policy_id=policy_id)["rules"]
+ if rules:
+ raise exceptions.DeletePolicyWithRules
+
+ subject_data = self.get_subject_data(user_id, policy_id=policy_id)
+ if subject_data and subject_data[0]["data"]:
+ raise exceptions.DeletePolicyWithData
+ object_data = self.get_object_data(user_id, policy_id=policy_id)
+ if object_data and object_data[0]["data"]:
+ raise exceptions.DeletePolicyWithData
+ action_data = self.get_action_data(user_id, policy_id=policy_id)
+ if action_data and action_data[0]["data"]:
+ raise exceptions.DeletePolicyWithData
+
+ return self.driver.delete_policy(policy_id=policy_id)
+
+ @enforce(("read", "write"), "policies")
+ def add_policy(self, user_id, policy_id=None, value=None):
+
+ if not value or not value['name']:
+ raise exceptions.PolicyContentError
+ if policy_id in self.driver.get_policies(policy_id=policy_id):
+ raise exceptions.PolicyExisting
+
+ if len(self.driver.get_policies(policy_name=value['name'])):
+ raise exceptions.PolicyExisting("Policy name Existed")
+
+ if not policy_id:
+ policy_id = uuid4().hex
+ if 'model_id' in value and value['model_id'] != "":
+ if not Managers.ModelManager.get_models(user_id, model_id=value['model_id']):
+ raise exceptions.ModelUnknown
+ return self.driver.add_policy(policy_id=policy_id, value=value)
+
+ @enforce("read", "policies")
+ def get_policies(self, user_id, policy_id=None):
+ return self.driver.get_policies(policy_id=policy_id)
+
+ @enforce("read", "perimeter")
+ def get_subjects(self, user_id, policy_id, perimeter_id=None):
+ # if not policy_id:
+ # raise exceptions.PolicyUnknown
+ if policy_id and (not self.get_policies(user_id=user_id, policy_id=policy_id)):
+ raise exceptions.PolicyUnknown
+ return self.driver.get_subjects(policy_id=policy_id, perimeter_id=perimeter_id)
+
+ @enforce(("read", "write"), "perimeter")
+ def add_subject(self, user_id, policy_id, perimeter_id=None, value=None):
+
+ if not value or "name" not in value or not value["name"].strip():
+ raise exceptions.PerimeterContentError('invalid name')
+
+ if not policy_id or (not self.get_policies(user_id=user_id, policy_id=policy_id)):
+ raise exceptions.PolicyUnknown
+
+ if perimeter_id:
+ subjects = self.driver.get_subjects(policy_id=None, perimeter_id=perimeter_id)
+ if subjects and subjects[perimeter_id]['name'] != value['name']:
+ raise exceptions.PerimeterContentError
+
+ if not perimeter_id:
+ subject_per = self.driver.get_subject_by_name(value['name'])
+ if len(subject_per):
+ perimeter_id = next(iter(subject_per))
+
+ k_user = Managers.KeystoneManager.get_user_by_name(value.get('name'))
+ if not k_user['users']:
+ k_user = Managers.KeystoneManager.create_user(value)
+ if not perimeter_id:
+ try:
+ logger.info("k_user={}".format(k_user))
+ perimeter_id = k_user['users'][0].get('id', uuid4().hex)
+ except IndexError:
+ k_user = Managers.KeystoneManager.get_user_by_name(
+ value.get('name'))
+ perimeter_id = uuid4().hex
+ except KeyError:
+ k_user = Managers.KeystoneManager.get_user_by_name(
+ value.get('name'))
+ perimeter_id = uuid4().hex
+
+ value.update(k_user['users'][0])
+
+ return self.driver.set_subject(policy_id=policy_id, perimeter_id=perimeter_id, value=value)
+
+ @enforce(("read", "write"), "perimeter")
+ def update_subject(self, user_id, perimeter_id, value):
+ logger.debug("update_subject perimeter_id = {}".format(perimeter_id))
+
+ if not perimeter_id:
+ raise exceptions.SubjectUnknown
+
+ subjects = self.driver.get_subjects(policy_id=None, perimeter_id=perimeter_id)
+ if not subjects or not (perimeter_id in subjects):
+ raise exceptions.PerimeterContentError
+
+ if 'policy_list' in value or ('name' in value and not value['name']):
+ raise exceptions.PerimeterContentError
+
+ return self.driver.update_subject(perimeter_id=perimeter_id, value=value)
+
+ @enforce(("read", "write"), "perimeter")
+ def delete_subject(self, user_id, policy_id, perimeter_id):
+
+ if not perimeter_id:
+ raise exceptions.SubjectUnknown
+
+ if not policy_id:
+ raise exceptions.PolicyUnknown
+
+ if not self.get_subjects(user_id=user_id, policy_id=policy_id, perimeter_id=perimeter_id):
+ raise exceptions.SubjectUnknown
+
+ if not self.get_policies(user_id=user_id, policy_id=policy_id):
+ raise exceptions.PolicyUnknown
+
+ subj_assig = self.driver.get_subject_assignments(policy_id=policy_id,
+ subject_id=perimeter_id)
+ if subj_assig:
+ raise exceptions.DeletePerimeterWithAssignment
+
+ return self.driver.delete_subject(policy_id=policy_id, perimeter_id=perimeter_id)
+
+ @enforce("read", "perimeter")
+ def get_objects(self, user_id, policy_id, perimeter_id=None):
+ # if not policy_id:
+ # pass
+ if policy_id and (not self.get_policies(user_id=user_id, policy_id=policy_id)):
+ raise exceptions.PolicyUnknown
+ return self.driver.get_objects(policy_id=policy_id, perimeter_id=perimeter_id)
+
+ @enforce(("read", "write"), "perimeter")
+ def add_object(self, user_id, policy_id, perimeter_id=None, value=None):
+ if not value or "name" not in value or not value["name"].strip():
+ raise exceptions.PerimeterContentError('invalid name')
+
+ if not policy_id or (not self.get_policies(user_id=user_id, policy_id=policy_id)):
+ raise exceptions.PolicyUnknown
+
+ if perimeter_id:
+ object_perimeter = self.driver.get_objects(policy_id=None, perimeter_id=perimeter_id)
+ if not object_perimeter:
+ raise exceptions.PerimeterContentError
+
+ if not perimeter_id:
+ object_perimeter = self.driver.get_object_by_name(value['name'])
+ if len(object_perimeter):
+ perimeter_id = next(iter(object_perimeter))
+
+ if perimeter_id and object_perimeter[perimeter_id]['name'] != value['name']:
+ raise exceptions.PerimeterContentError
+
+ if not perimeter_id:
+ perimeter_id = uuid4().hex
+ return self.driver.set_object(policy_id=policy_id, perimeter_id=perimeter_id, value=value)
+
+ @enforce(("read", "write"), "perimeter")
+ def update_object(self, user_id, perimeter_id, value):
+ logger.debug("update_object perimeter_id = {}".format(perimeter_id))
+
+ if not perimeter_id:
+ raise exceptions.ObjectUnknown
+
+ objects = self.driver.get_objects(policy_id=None, perimeter_id=perimeter_id)
+ if not objects or not (perimeter_id in objects):
+ raise exceptions.PerimeterContentError
+
+ if 'policy_list' in value or ('name' in value and not value['name']):
+ raise exceptions.PerimeterContentError
+
+ return self.driver.update_object(perimeter_id=perimeter_id, value=value)
+
+ @enforce(("read", "write"), "perimeter")
+ def delete_object(self, user_id, policy_id, perimeter_id):
+
+ if not perimeter_id:
+ raise exceptions.ObjectUnknown
+
+ if not policy_id:
+ raise exceptions.PolicyUnknown
+
+ if not self.get_objects(user_id=user_id, policy_id=policy_id, perimeter_id=perimeter_id):
+ raise exceptions.ObjectUnknown
+
+ if not self.get_policies(user_id=user_id, policy_id=policy_id):
+ raise exceptions.PolicyUnknown
+
+ obj_assig = self.driver.get_object_assignments(policy_id=policy_id, object_id=perimeter_id)
+ if obj_assig:
+ raise exceptions.DeletePerimeterWithAssignment
+
+ return self.driver.delete_object(policy_id=policy_id, perimeter_id=perimeter_id)
+
+ @enforce("read", "perimeter")
+ def get_actions(self, user_id, policy_id, perimeter_id=None):
+ # if not policy_id:
+ # pass
+ if policy_id and (not self.get_policies(user_id=user_id, policy_id=policy_id)):
+ raise exceptions.PolicyUnknown
+ return self.driver.get_actions(policy_id=policy_id, perimeter_id=perimeter_id)
+
+ @enforce(("read", "write"), "perimeter")
+ def add_action(self, user_id, policy_id, perimeter_id=None, value=None):
+ logger.debug("add_action {}".format(policy_id))
+
+ if not value or "name" not in value or not value["name"].strip():
+ raise exceptions.PerimeterContentError('invalid name')
+
+ if not policy_id or (not self.get_policies(user_id=user_id, policy_id=policy_id)):
+ raise exceptions.PolicyUnknown
+
+ if perimeter_id:
+ action_perimeter = self.driver.get_actions(policy_id=None, perimeter_id=perimeter_id)
+ if not action_perimeter:
+ raise exceptions.PerimeterContentError
+
+ if not perimeter_id:
+ action_perimeter = self.driver.get_action_by_name(value['name'])
+ if len(action_perimeter):
+ perimeter_id = next(iter(action_perimeter))
+
+ if perimeter_id and action_perimeter[perimeter_id]['name'] != value['name']:
+ raise exceptions.PerimeterContentError
+
+ if not perimeter_id:
+ perimeter_id = uuid4().hex
+
+ return self.driver.set_action(policy_id=policy_id, perimeter_id=perimeter_id, value=value)
+
+ @enforce(("read", "write"), "perimeter")
+ def update_action(self, user_id, perimeter_id, value):
+ logger.debug("update_action perimeter_id = {}".format(perimeter_id))
+
+ if not perimeter_id:
+ raise exceptions.ActionUnknown
+
+ actions = self.driver.get_actions(policy_id=None, perimeter_id=perimeter_id)
+ if not actions or not (perimeter_id in actions):
+ raise exceptions.PerimeterContentError
+
+ if 'policy_list' in value or ('name' in value and not value['name']):
+ raise exceptions.PerimeterContentError
+
+ return self.driver.update_action(perimeter_id=perimeter_id, value=value)
+
+ @enforce(("read", "write"), "perimeter")
+ def delete_action(self, user_id, policy_id, perimeter_id):
+
+ if not perimeter_id:
+ raise exceptions.ActionUnknown
+
+ if not policy_id:
+ raise exceptions.PolicyUnknown
+
+ if not self.get_actions(user_id=user_id, policy_id=policy_id, perimeter_id=perimeter_id):
+ raise exceptions.ActionUnknown
+
+ logger.debug("delete_action {} {} {}".format(policy_id, perimeter_id,
+ self.get_policies(user_id=user_id,
+ policy_id=policy_id)))
+ if not self.get_policies(user_id=user_id, policy_id=policy_id):
+ raise exceptions.PolicyUnknown
+
+ act_assig = self.driver.get_action_assignments(policy_id=policy_id, action_id=perimeter_id)
+ if act_assig:
+ raise exceptions.DeletePerimeterWithAssignment
+ return self.driver.delete_action(policy_id=policy_id, perimeter_id=perimeter_id)
+
+ @enforce("read", "data")
+ def get_subject_data(self, user_id, policy_id, data_id=None, category_id=None):
+ available_metadata = self.get_available_metadata(user_id, policy_id)
+ results = []
+ if not category_id:
+ for cat in available_metadata["subject"]:
+ results.append(self.driver.get_subject_data(policy_id=policy_id, data_id=data_id,
+ category_id=cat))
+ if category_id and category_id in available_metadata["subject"]:
+ results.append(self.driver.get_subject_data(policy_id=policy_id, data_id=data_id,
+ category_id=category_id))
+ return results
+
+ @enforce(("read", "write"), "data")
+ def set_subject_data(self, user_id, policy_id, data_id=None, category_id=None, value=None):
+ if not category_id or (
+ not Managers.ModelManager.get_subject_categories(user_id=user_id,
+ category_id=category_id)):
+ raise exceptions.SubjectCategoryUnknown
+
+ self.__category_dependency_validation(user_id, policy_id, category_id, 'subject_categories')
+
+ if not data_id:
+ data_id = uuid4().hex
+ return self.driver.set_subject_data(policy_id=policy_id, data_id=data_id,
+ category_id=category_id, value=value)
+
+ @enforce(("read", "write"), "data")
+ def delete_subject_data(self, user_id, policy_id, data_id, category_id=None):
+ # TODO (asteroide): check and/or delete assignments linked to that data
+ subject_assignments = self.get_subject_assignments(user_id=user_id, policy_id=policy_id,
+ category_id=category_id)
+ if subject_assignments:
+ raise exceptions.DeleteData
+ return self.driver.delete_subject_data(policy_id=policy_id, category_id=category_id,
+ data_id=data_id)
+
+ @enforce("read", "data")
+ def get_object_data(self, user_id, policy_id, data_id=None, category_id=None):
+ available_metadata = self.get_available_metadata(user_id, policy_id)
+ results = []
+ if not category_id:
+ for cat in available_metadata["object"]:
+ results.append(self.driver.get_object_data(policy_id=policy_id, data_id=data_id,
+ category_id=cat))
+ if category_id and category_id in available_metadata["object"]:
+ results.append(self.driver.get_object_data(policy_id=policy_id, data_id=data_id,
+ category_id=category_id))
+ return results
+
+ @enforce(("read", "write"), "data")
+ def add_object_data(self, user_id, policy_id, data_id=None, category_id=None, value=None):
+
+ if not category_id or (
+ not Managers.ModelManager.get_object_categories(user_id=user_id,
+ category_id=category_id)):
+ raise exceptions.ObjectCategoryUnknown
+
+ self.__category_dependency_validation(user_id, policy_id, category_id, 'object_categories')
+
+ if not data_id:
+ data_id = uuid4().hex
+ return self.driver.set_object_data(policy_id=policy_id, data_id=data_id,
+ category_id=category_id, value=value)
+
+ @enforce(("read", "write"), "data")
+ def delete_object_data(self, user_id, policy_id, data_id, category_id=None):
+ # TODO (asteroide): check and/or delete assignments linked to that data
+ object_assignments = self.get_object_assignments(user_id=user_id, policy_id=policy_id,
+ category_id=category_id)
+ if object_assignments:
+ raise exceptions.DeleteData
+ return self.driver.delete_object_data(policy_id=policy_id, category_id=category_id,
+ data_id=data_id)
+
+ @enforce("read", "data")
+ def get_action_data(self, user_id, policy_id, data_id=None, category_id=None):
+ available_metadata = self.get_available_metadata(user_id, policy_id)
+ results = []
+ if not category_id:
+ for cat in available_metadata["action"]:
+ results.append(self.driver.get_action_data(policy_id=policy_id, data_id=data_id,
+ category_id=cat))
+ if category_id and category_id in available_metadata["action"]:
+ results.append(self.driver.get_action_data(policy_id=policy_id, data_id=data_id,
+ category_id=category_id))
+ return results
+
+ @enforce(("read", "write"), "data")
+ def add_action_data(self, user_id, policy_id, data_id=None, category_id=None, value=None):
+ if not category_id or (
+ not Managers.ModelManager.get_action_categories(user_id=user_id,
+ category_id=category_id)):
+ raise exceptions.ActionCategoryUnknown
+
+ self.__category_dependency_validation(user_id, policy_id, category_id, 'action_categories')
+
+ if not data_id:
+ data_id = uuid4().hex
+ return self.driver.set_action_data(policy_id=policy_id, data_id=data_id,
+ category_id=category_id, value=value)
+
+ @enforce(("read", "write"), "data")
+ def delete_action_data(self, user_id, policy_id, data_id, category_id=None):
+ # TODO (asteroide): check and/or delete assignments linked to that data
+ action_assignments = self.get_action_assignments(user_id=user_id, policy_id=policy_id,
+ category_id=category_id)
+ if action_assignments:
+ raise exceptions.DeleteData
+ return self.driver.delete_action_data(policy_id=policy_id, category_id=category_id,
+ data_id=data_id)
+
+ @enforce("read", "assignments")
+ def get_subject_assignments(self, user_id, policy_id, subject_id=None, category_id=None):
+ return self.driver.get_subject_assignments(policy_id=policy_id, subject_id=subject_id,
+ category_id=category_id)
+
+ @enforce(("read", "write"), "assignments")
+ def add_subject_assignment(self, user_id, policy_id, subject_id, category_id, data_id):
+
+ if not category_id or (
+ not Managers.ModelManager.get_subject_categories(user_id=user_id,
+ category_id=category_id)):
+ raise exceptions.SubjectCategoryUnknown
+
+ self.__category_dependency_validation(user_id, policy_id, category_id, 'subject_categories')
+
+ if not subject_id or (
+ not self.get_subjects(user_id=user_id, policy_id=policy_id,
+ perimeter_id=subject_id)):
+ raise exceptions.SubjectUnknown
+
+ if not data_id or (
+ not self.get_subject_data(user_id=user_id, policy_id=policy_id, data_id=data_id,
+ category_id=category_id)):
+ raise exceptions.DataUnknown
+
+ return self.driver.add_subject_assignment(policy_id=policy_id, subject_id=subject_id,
+ category_id=category_id, data_id=data_id)
+
+ @enforce(("read", "write"), "assignments")
+ def delete_subject_assignment(self, user_id, policy_id, subject_id, category_id, data_id):
+ return self.driver.delete_subject_assignment(policy_id=policy_id, subject_id=subject_id,
+ category_id=category_id, data_id=data_id)
+
+ @enforce("read", "assignments")
+ def get_object_assignments(self, user_id, policy_id, object_id=None, category_id=None):
+ return self.driver.get_object_assignments(policy_id=policy_id, object_id=object_id,
+ category_id=category_id)
+
+ @enforce(("read", "write"), "assignments")
+ def add_object_assignment(self, user_id, policy_id, object_id, category_id, data_id):
+
+ if not category_id or (
+ not Managers.ModelManager.get_object_categories(user_id=user_id,
+ category_id=category_id)):
+ raise exceptions.ObjectCategoryUnknown
+
+ self.__category_dependency_validation(user_id, policy_id, category_id, 'object_categories')
+
+ if not object_id or (
+ not self.get_objects(user_id=user_id, policy_id=policy_id, perimeter_id=object_id)):
+ raise exceptions.ObjectUnknown
+
+ if not data_id or (
+ not self.get_object_data(user_id=user_id, policy_id=policy_id, data_id=data_id,
+ category_id=category_id)):
+ raise exceptions.DataUnknown
+
+ return self.driver.add_object_assignment(policy_id=policy_id, object_id=object_id,
+ category_id=category_id, data_id=data_id)
+
+ @enforce(("read", "write"), "assignments")
+ def delete_object_assignment(self, user_id, policy_id, object_id, category_id, data_id):
+ return self.driver.delete_object_assignment(policy_id=policy_id, object_id=object_id,
+ category_id=category_id, data_id=data_id)
+
+ @enforce("read", "assignments")
+ def get_action_assignments(self, user_id, policy_id, action_id=None, category_id=None):
+ return self.driver.get_action_assignments(policy_id=policy_id, action_id=action_id,
+ category_id=category_id)
+
+ @enforce(("read", "write"), "assignments")
+ def add_action_assignment(self, user_id, policy_id, action_id, category_id, data_id):
+
+ if not category_id or (
+ not Managers.ModelManager.get_action_categories(user_id=user_id,
+ category_id=category_id)):
+ raise exceptions.ActionCategoryUnknown
+
+ self.__category_dependency_validation(user_id, policy_id, category_id, 'action_categories')
+
+ if not action_id or (
+ not self.get_actions(user_id=user_id, policy_id=policy_id, perimeter_id=action_id)):
+ raise exceptions.ActionUnknown
+
+ if not data_id or (
+ not self.get_action_data(user_id=user_id, policy_id=policy_id, data_id=data_id,
+ category_id=category_id)):
+ raise exceptions.DataUnknown
+
+ return self.driver.add_action_assignment(policy_id=policy_id, action_id=action_id,
+ category_id=category_id, data_id=data_id)
+
+ @enforce(("read", "write"), "assignments")
+ def delete_action_assignment(self, user_id, policy_id, action_id, category_id, data_id):
+ return self.driver.delete_action_assignment(policy_id=policy_id, action_id=action_id,
+ category_id=category_id, data_id=data_id)
+
+ @enforce("read", "rules")
+ def get_rules(self, user_id, policy_id, meta_rule_id=None, rule_id=None):
+ return self.driver.get_rules(policy_id=policy_id, meta_rule_id=meta_rule_id,
+ rule_id=rule_id)
+
+ @enforce(("read", "write"), "rules")
+ def add_rule(self, user_id, policy_id, meta_rule_id, value):
+ if not meta_rule_id or (
+ not self.ModelManager.get_meta_rules(user_id=user_id, meta_rule_id=meta_rule_id)):
+ raise exceptions.MetaRuleUnknown
+
+ self.__check_existing_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, user_id=user_id,
+ rule_value=value)
+ self.__dependencies_validation(user_id, policy_id, meta_rule_id)
+
+ return self.driver.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value)
+
+ def __check_existing_rule(self, user_id, policy_id, meta_rule_id, rule_value):
+
+ if not meta_rule_id:
+ raise exceptions.MetaRuleUnknown
+
+ meta_rule = self.ModelManager.get_meta_rules(user_id=user_id, meta_rule_id=meta_rule_id)
+ if not meta_rule:
+ raise exceptions.MetaRuleUnknown
+
+ if len(meta_rule[meta_rule_id]['subject_categories']) + len(
+ meta_rule[meta_rule_id]['object_categories']) \
+ + len(meta_rule[meta_rule_id]['action_categories']) > len(rule_value['rule']):
+ raise exceptions.RuleContentError(message="Missing Data")
+
+ if len(meta_rule[meta_rule_id]['subject_categories']) + len(
+ meta_rule[meta_rule_id]['object_categories']) \
+ + len(meta_rule[meta_rule_id]['action_categories']) < len(rule_value['rule']):
+ raise exceptions.MetaRuleContentError(message="Missing Data")
+
+ temp_rule_data = list(
+ rule_value['rule'][0:len(meta_rule[meta_rule_id]['subject_categories'])])
+ found_data_counter = 0
+ start_sub = len(meta_rule[meta_rule_id]['subject_categories'])
+
+ for sub_cat_id in meta_rule[meta_rule_id]['subject_categories']:
+ subjects_data = self.get_subject_data(user_id=user_id,
+ category_id=sub_cat_id, policy_id=policy_id)
+ found_data_counter = self.__validate_data_id(sub_cat_id, subjects_data[0]['data'],
+ temp_rule_data,
+ "Missing Subject_category "
+ , found_data_counter)
+
+ if found_data_counter != len(meta_rule[meta_rule_id]['subject_categories']):
+ raise exceptions.RuleContentError(message="Missing Data")
+
+ temp_rule_data = list(
+ rule_value['rule'][
+ start_sub:start_sub + len(meta_rule[meta_rule_id]['object_categories'])])
+ found_data_counter = 0
+ start_sub = start_sub + len(meta_rule[meta_rule_id]['object_categories'])
+
+ for ob_cat_id in meta_rule[meta_rule_id]['object_categories']:
+ object_data = self.get_object_data(user_id=user_id,
+ category_id=ob_cat_id, policy_id=policy_id)
+
+ found_data_counter = self.__validate_data_id(ob_cat_id, object_data[0]['data'],
+ temp_rule_data,
+ "Missing Object_category ",
+ found_data_counter)
+
+ if found_data_counter != len(meta_rule[meta_rule_id]['object_categories']):
+ raise exceptions.RuleContentError(message="Missing Data")
+
+ temp_rule_data = list(
+ rule_value['rule'][
+ start_sub:start_sub + len(meta_rule[meta_rule_id]['action_categories'])])
+ found_data_counter = 0
+
+ for act_cat_id in meta_rule[meta_rule_id]['action_categories']:
+ action_data = self.get_action_data(user_id=user_id, category_id=act_cat_id,
+ policy_id=policy_id)
+ found_data_counter = self.__validate_data_id(act_cat_id, action_data[0]['data'],
+ temp_rule_data,
+ "Missing Action_category ",
+ found_data_counter)
+
+ if found_data_counter != len(meta_rule[meta_rule_id]['action_categories']):
+ raise exceptions.RuleContentError(message="Missing Data")
+
+ def __validate_data_id(self, cat_id, data_ids, temp_rule_data, error_msg, found_data_counter):
+ for ID in data_ids:
+ if ID in temp_rule_data:
+ temp_rule_data.remove(ID)
+ found_data_counter += 1
+ # if no data id found in the rule, so rule not valid
+ if found_data_counter < 1:
+ raise exceptions.RuleContentError(message=error_msg + cat_id)
+ return found_data_counter
+
+ @enforce(("read", "write"), "rules")
+ def delete_rule(self, user_id, policy_id, rule_id):
+ return self.driver.delete_rule(policy_id=policy_id, rule_id=rule_id)
+
+ @enforce("read", "meta_data")
+ def get_available_metadata(self, user_id, policy_id):
+ categories = {
+ "subject": [],
+ "object": [],
+ "action": []
+ }
+ policy = self.driver.get_policies(policy_id=policy_id)
+ if not policy:
+ raise exceptions.PolicyUnknown
+ model_id = policy[policy_id]["model_id"]
+ model = Managers.ModelManager.get_models(user_id=user_id, model_id=model_id)
+ try:
+ meta_rule_list = model[model_id]["meta_rules"]
+ for meta_rule_id in meta_rule_list:
+ meta_rule = Managers.ModelManager.get_meta_rules(user_id=user_id,
+ meta_rule_id=meta_rule_id)
+ categories["subject"].extend(meta_rule[meta_rule_id]["subject_categories"])
+ categories["object"].extend(meta_rule[meta_rule_id]["object_categories"])
+ categories["action"].extend(meta_rule[meta_rule_id]["action_categories"])
+ finally:
+ return categories
+
+ def __dependencies_validation(self, user_id, policy_id, meta_rule_id=None):
+
+ policies = self.get_policies(user_id=user_id, policy_id=policy_id)
+ if not policy_id or (not policies):
+ raise exceptions.PolicyUnknown
+
+ policy_content = policies[next(iter(policies))]
+ model_id = policy_content['model_id']
+ models = Managers.ModelManager.get_models(user_id=user_id, model_id=model_id)
+ if not model_id or not models:
+ raise exceptions.ModelUnknown
+
+ model_content = models[next(iter(models))]
+ if meta_rule_id:
+ meta_rule_exists = False
+
+ for model_meta_rule_id in model_content['meta_rules']:
+ if model_meta_rule_id == meta_rule_id:
+ meta_rule_exists = True
+ break
+
+ if not meta_rule_exists:
+ raise exceptions.MetaRuleNotLinkedWithPolicyModel
+
+ meta_rule = self.ModelManager.get_meta_rules(user_id=user_id, meta_rule_id=meta_rule_id)
+ meta_rule_content = meta_rule[next(iter(meta_rule))]
+ if (not meta_rule_content['subject_categories']) or (
+ not meta_rule_content['object_categories']) or (
+ not meta_rule_content['action_categories']):
+ raise exceptions.MetaRuleContentError
+ return model_content
+
+ def __category_dependency_validation(self, user_id, policy_id, category_id, category_key):
+ model = self.__dependencies_validation(user_id=user_id, policy_id=policy_id)
+ category_found = False
+ for model_meta_rule_id in model['meta_rules']:
+ meta_rule = self.ModelManager.get_meta_rules(user_id=user_id,
+ meta_rule_id=model_meta_rule_id)
+ meta_rule_content = meta_rule[next(iter(meta_rule))]
+ if meta_rule_content[category_key] and category_id in meta_rule_content[category_key]:
+ category_found = True
+ break
+
+ if not category_found:
+ raise exceptions.CategoryNotAssignedMetaRule
diff --git a/old/python_moondb/python_moondb/backends/__init__.py b/old/python_moondb/python_moondb/backends/__init__.py
new file mode 100644
index 00000000..6f1cd3d5
--- /dev/null
+++ b/old/python_moondb/python_moondb/backends/__init__.py
@@ -0,0 +1,96 @@
+"""
+intra_extensions = {
+ intra_extension_id1: {
+ name: xxx,
+ model: yyy,
+ description: zzz},
+ intra_extension_id2: {...},
+ ...
+}
+
+tenants = {
+ tenant_id1: {
+ name: xxx,
+ description: yyy,
+ intra_authz_extension_id: zzz,
+ intra_admin_extension_id: zzz,
+ },
+ tenant_id2: {...},
+ ...
+}
+
+--------------- for each intra-extension -----------------
+
+subject_categories = {
+ subject_category_id1: {
+ name: xxx,
+ description: yyy},
+ subject_category_id2: {...},
+ ...
+}
+
+subjects = {
+ subject_id1: {
+ name: xxx,
+ description: yyy,
+ ...},
+ subject_id2: {...},
+ ...
+}
+
+subject_scopes = {
+ subject_category_id1: {
+ subject_scope_id1: {
+ name: xxx,
+ description: aaa},
+ subject_scope_id2: {
+ name: yyy,
+ description: bbb},
+ ...},
+ subject_scope_id3: {
+ ...}
+ subject_category_id2: {...},
+ ...
+}
+
+subject_assignments = {
+ subject_id1: {
+ subject_category_id1: [subject_scope_id1, subject_scope_id2, ...],
+ subject_category_id2: [subject_scope_id3, subject_scope_id4, ...],
+ ...
+ },
+ subject_id2: {
+ subject_category_id1: [subject_scope_id1, subject_scope_id2, ...],
+ subject_category_id2: [subject_scope_id3, subject_scope_id4, ...],
+ ...
+ },
+ ...
+}
+
+aggregation_algorithm = {
+ aggregation_algorithm_id: {
+ name: xxx,
+ description: yyy
+ }
+ }
+
+sub_meta_rules = {
+ sub_meta_rule_id_1: {
+ "name": xxx,
+ "algorithm": yyy,
+ "subject_categories": [subject_category_id1, subject_category_id2,...],
+ "object_categories": [object_category_id1, object_category_id2,...],
+ "action_categories": [action_category_id1, action_category_id2,...]
+ sub_meta_rule_id_2: {...},
+ ...
+}
+
+rules = {
+ sub_meta_rule_id1: {
+ rule_id1: [subject_scope1, subject_scope2, ..., action_scope1, ..., object_scope1, ... ],
+ rule_id2: [subject_scope3, subject_scope4, ..., action_scope3, ..., object_scope3, ... ],
+ rule_id3: [thomas, write, admin.subjects]
+ ...},
+ sub_meta_rule_id2: { },
+ ...}
+"""
diff --git a/old/python_moondb/python_moondb/backends/sql.py b/old/python_moondb/python_moondb/backends/sql.py
new file mode 100644
index 00000000..d25586ba
--- /dev/null
+++ b/old/python_moondb/python_moondb/backends/sql.py
@@ -0,0 +1,1884 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+import copy
+import json
+from uuid import uuid4
+import sqlalchemy as sql
+import logging
+from sqlalchemy.orm import sessionmaker
+from sqlalchemy.ext.declarative import declarative_base, declared_attr
+from sqlalchemy import create_engine
+from contextlib import contextmanager
+from sqlalchemy import types as sql_types
+from python_moonutilities import configuration
+from python_moonutilities import exceptions
+from python_moondb.core import PDPDriver, PolicyDriver, ModelDriver
+import sqlalchemy
+
+logger = logging.getLogger("moon.db.driver.sql")
+Base = declarative_base()
+DEBUG = True if configuration.get_configuration("logging")['logging']['loggers']['moon'][
+ 'level'] == "DEBUG" else False
+
+
+class DictBase:
+ attributes = []
+
+ @classmethod
+ def from_dict(cls, d):
+ new_d = d.copy()
+ return cls(**new_d)
+ # new_d = d.copy()
+ #
+ # new_d['extra'] = {k: new_d.pop(k) for k in six.iterkeys(d)
+ # if k not in cls.attributes and k != 'extra'}
+ #
+ # return cls(**new_d)
+
+ def to_dict(self):
+ d = dict()
+ for attr in self.__class__.attributes:
+ d[attr] = getattr(self, attr)
+ return d
+
+ def __getitem__(self, key):
+ # if "extra" in dir(self) and key in self.extra:
+ # return self.extra[key]
+ return getattr(self, key)
+
+
+class JsonBlob(sql_types.TypeDecorator):
+ impl = sql.Text
+
+ def process_bind_param(self, value, dialect):
+ return json.dumps(value)
+
+ def process_result_value(self, value, dialect):
+ return json.loads(value)
+
+
+class Model(Base, DictBase):
+ __tablename__ = 'models'
+ attributes = ['id', 'name', 'value']
+ id = sql.Column(sql.String(64), primary_key=True)
+ name = sql.Column(sql.String(256), nullable=False)
+ value = sql.Column(JsonBlob(), nullable=True)
+
+ def to_dict(self):
+ return {
+ "name": self.name,
+ "description": self.value.get("description", ""),
+ "meta_rules": self.value.get("meta_rules", list()),
+ }
+
+
+class Policy(Base, DictBase):
+ __tablename__ = 'policies'
+ attributes = ['id', 'name', 'model_id', 'value']
+ id = sql.Column(sql.String(64), primary_key=True)
+ name = sql.Column(sql.String(256), nullable=False)
+ model_id = sql.Column(sql.String(64), nullable=True, default="")
+ value = sql.Column(JsonBlob(), nullable=True)
+
+ def to_dict(self):
+ return {
+ "description": self.value.get("description", ""),
+ "genre": self.value.get("genre", ""),
+ "model_id": self.model_id,
+ "name": self.name
+ }
+
+
+class PDP(Base, DictBase):
+ __tablename__ = 'pdp'
+ attributes = ['id', 'name', 'keystone_project_id', 'value']
+ id = sql.Column(sql.String(64), primary_key=True)
+ name = sql.Column(sql.String(256), nullable=False)
+ keystone_project_id = sql.Column(sql.String(64), nullable=True, default="")
+ value = sql.Column(JsonBlob(), nullable=True)
+
+ def to_dict(self):
+ return {
+ "name": self.name,
+ "description": self.value.get("description", ""),
+ "keystone_project_id": self.keystone_project_id,
+ "security_pipeline": self.value.get("security_pipeline", []),
+ }
+
+
+class PerimeterCategoryBase(DictBase):
+ attributes = ['id', 'name', 'description']
+ id = sql.Column(sql.String(64), primary_key=True)
+ name = sql.Column(sql.String(256), nullable=False)
+ description = sql.Column(sql.String(256), nullable=True)
+
+
+class SubjectCategory(Base, PerimeterCategoryBase):
+ __tablename__ = 'subject_categories'
+
+
+class ObjectCategory(Base, PerimeterCategoryBase):
+ __tablename__ = 'object_categories'
+
+
+class ActionCategory(Base, PerimeterCategoryBase):
+ __tablename__ = 'action_categories'
+
+
+class PerimeterBase(DictBase):
+ attributes = ['id', 'name', 'value']
+ id = sql.Column(sql.String(64), primary_key=True)
+ name = sql.Column(sql.String(256), nullable=False)
+ value = sql.Column(JsonBlob(), nullable=True)
+ __mapper_args__ = {'concrete': True}
+
+ def __repr__(self):
+ return "{} with name {} : {}".format(self.id, self.name, json.dumps(self.value))
+
+ def to_return(self):
+ return {
+ 'id': self.id,
+ 'name': self.name,
+ 'description': self.value.get("description", ""),
+ 'email': self.value.get("email", ""),
+ 'extra': self.value.get("extra", dict()),
+ 'policy_list': self.value.get("policy_list", [])
+ }
+
+ def to_dict(self):
+ dict_value = copy.deepcopy(self.value)
+ dict_value["name"] = self.name
+ return {
+ 'id': self.id,
+ 'value': dict_value
+ }
+
+
+class Subject(Base, PerimeterBase):
+ __tablename__ = 'subjects'
+
+
+class Object(Base, PerimeterBase):
+ __tablename__ = 'objects'
+
+
+class Action(Base, PerimeterBase):
+ __tablename__ = 'actions'
+
+
+class PerimeterDataBase(DictBase):
+ attributes = ['id', 'name', 'value', 'category_id', 'policy_id']
+ id = sql.Column(sql.String(64), primary_key=True)
+ name = sql.Column(sql.String(256), nullable=False)
+ value = sql.Column(JsonBlob(), nullable=True)
+
+ @declared_attr
+ def policy_id(cls):
+ return sql.Column(sql.ForeignKey("policies.id"), nullable=False)
+
+ def to_dict(self):
+ return {
+ 'id': self.id,
+ 'name': self.name,
+ 'description': self.value.get("description", ""),
+ 'category_id': self.category_id,
+ 'policy_id': self.policy_id
+ }
+
+
+class SubjectData(Base, PerimeterDataBase):
+ __tablename__ = 'subject_data'
+ category_id = sql.Column(sql.ForeignKey("subject_categories.id"), nullable=False)
+
+
+class ObjectData(Base, PerimeterDataBase):
+ __tablename__ = 'object_data'
+ category_id = sql.Column(sql.ForeignKey("object_categories.id"), nullable=False)
+
+
+class ActionData(Base, PerimeterDataBase):
+ __tablename__ = 'action_data'
+ category_id = sql.Column(sql.ForeignKey("action_categories.id"), nullable=False)
+
+
+class PerimeterAssignmentBase(DictBase):
+ attributes = ['id', 'assignments', 'policy_id', 'subject_id', 'category_id']
+ id = sql.Column(sql.String(64), primary_key=True)
+ assignments = sql.Column(JsonBlob(), nullable=True)
+ category_id = None
+
+ @declared_attr
+ def policy_id(cls):
+ return sql.Column(sql.ForeignKey("policies.id"), nullable=False)
+
+ def _to_dict(self, element_key, element_value):
+ return {
+ "id": self.id,
+ "policy_id": self.policy_id,
+ element_key: element_value,
+ "category_id": self.category_id,
+ "assignments": self.assignments,
+ }
+
+
+class SubjectAssignment(Base, PerimeterAssignmentBase):
+ __tablename__ = 'subject_assignments'
+ subject_id = sql.Column(sql.ForeignKey("subjects.id"), nullable=False)
+ category_id = sql.Column(sql.ForeignKey("subject_categories.id"), nullable=False)
+
+ def to_dict(self):
+ return self._to_dict("subject_id", self.subject_id)
+
+
+class ObjectAssignment(Base, PerimeterAssignmentBase):
+ __tablename__ = 'object_assignments'
+ attributes = ['id', 'assignments', 'policy_id', 'object_id', 'category_id']
+ object_id = sql.Column(sql.ForeignKey("objects.id"), nullable=False)
+ category_id = sql.Column(sql.ForeignKey("object_categories.id"), nullable=False)
+
+ def to_dict(self):
+ return self._to_dict("object_id", self.object_id)
+
+
+class ActionAssignment(Base, PerimeterAssignmentBase):
+ __tablename__ = 'action_assignments'
+ attributes = ['id', 'assignments', 'policy_id', 'action_id', 'category_id']
+ action_id = sql.Column(sql.ForeignKey("actions.id"), nullable=False)
+ category_id = sql.Column(sql.ForeignKey("action_categories.id"), nullable=False)
+
+ def to_dict(self):
+ return self._to_dict("action_id", self.action_id)
+
+
+class MetaRule(Base, DictBase):
+ __tablename__ = 'meta_rules'
+ attributes = ['id', 'name', 'subject_categories', 'object_categories', 'action_categories',
+ 'value']
+ id = sql.Column(sql.String(64), primary_key=True)
+ name = sql.Column(sql.String(256), nullable=False)
+ subject_categories = sql.Column(JsonBlob(), nullable=True)
+ object_categories = sql.Column(JsonBlob(), nullable=True)
+ action_categories = sql.Column(JsonBlob(), nullable=True)
+ value = sql.Column(JsonBlob(), nullable=True)
+
+ def to_dict(self):
+ return {
+ "name": self.name,
+ "description": self.value.get("description", ""),
+ "subject_categories": self.subject_categories,
+ "object_categories": self.object_categories,
+ "action_categories": self.action_categories,
+ }
+
+
+class Rule(Base, DictBase):
+ __tablename__ = 'rules'
+ attributes = ['id', 'rule', 'policy_id', 'meta_rule_id']
+ id = sql.Column(sql.String(64), primary_key=True)
+ rule = sql.Column(JsonBlob(), nullable=True)
+ policy_id = sql.Column(sql.ForeignKey("policies.id"), nullable=False)
+ meta_rule_id = sql.Column(sql.ForeignKey("meta_rules.id"), nullable=False)
+
+ def to_dict(self):
+ return {
+ 'id': self.id,
+ 'rule': self.rule["rule"],
+ 'instructions': self.rule["instructions"],
+ 'enabled': self.rule["enabled"],
+ 'policy_id': self.policy_id,
+ 'meta_rule_id': self.meta_rule_id
+ }
+
+ def __repr__(self):
+ return "{}".format(self.rule)
+
+
+@contextmanager
+def session_scope(engine):
+ """Provide a transactional scope around a series of operations."""
+ if type(engine) is str:
+ echo = DEBUG
+ engine = create_engine(engine, echo=echo)
+ session = sessionmaker(bind=engine)()
+ try:
+ yield session
+ session.commit()
+ except:
+ session.rollback()
+ raise
+ finally:
+ session.close()
+
+
+class BaseConnector(object):
+ """Provide a base connector to connect them all"""
+ engine = ""
+
+ def __init__(self, engine_name):
+ echo = DEBUG
+ self.engine = create_engine(engine_name, echo=echo)
+
+ def init_db(self):
+ Base.metadata.create_all(self.engine)
+
+ def set_engine(self, engine_name):
+ self.engine = engine_name
+
+ def get_session(self):
+ return session_scope(self.engine)
+
+ def get_session_for_read(self):
+ return self.get_session()
+
+ def get_session_for_write(self):
+ return self.get_session()
+
+
+class PDPConnector(BaseConnector, PDPDriver):
+
+ def update_pdp(self, pdp_id, value):
+ try:
+ with self.get_session_for_write() as session:
+ query = session.query(PDP)
+ query = query.filter_by(id=pdp_id)
+ ref = query.first()
+ if ref:
+ value_wo_name = copy.deepcopy(value)
+ value_wo_name.pop("name", None)
+ value_wo_name.pop("keystone_project_id", None)
+ ref.name = value["name"]
+ ref.keystone_project_id = value["keystone_project_id"]
+ d = dict(ref.value)
+ d.update(value_wo_name)
+ setattr(ref, "value", d)
+ return {ref.id: ref.to_dict()}
+ except sqlalchemy.exc.IntegrityError as error:
+ if 'UNIQUE constraint' in str(error):
+ raise exceptions.PdpExisting
+ raise error
+
+ def delete_pdp(self, pdp_id):
+ with self.get_session_for_write() as session:
+ ref = session.query(PDP).get(pdp_id)
+ session.delete(ref)
+
+ def add_pdp(self, pdp_id=None, value=None):
+ try:
+ with self.get_session_for_write() as session:
+ value_wo_name = copy.deepcopy(value)
+ value_wo_name.pop("name", None)
+ value_wo_name.pop("keystone_project_id", None)
+ new = PDP.from_dict({
+ "id": pdp_id if pdp_id else uuid4().hex,
+ "name": value["name"],
+ "keystone_project_id": value["keystone_project_id"],
+ "value": value_wo_name
+ })
+ session.add(new)
+ return {new.id: new.to_dict()}
+ except sqlalchemy.exc.IntegrityError as error:
+ if 'UNIQUE constraint' in str(error):
+ raise exceptions.PdpExisting
+ raise error
+
+ def get_pdp(self, pdp_id=None):
+ with self.get_session_for_read() as session:
+ query = session.query(PDP)
+ if pdp_id:
+ query = query.filter_by(id=pdp_id)
+ ref_list = query.all()
+ return {_ref.id: _ref.to_dict() for _ref in ref_list}
+
+
+class PolicyConnector(BaseConnector, PolicyDriver):
+
+ def update_policy(self, policy_id, value):
+ try:
+ with self.get_session_for_write() as session:
+ query = session.query(Policy)
+ query = query.filter_by(id=policy_id)
+ ref = query.first()
+
+ if ref:
+ value_wo_other_info = copy.deepcopy(value)
+ value_wo_other_info.pop("name", None)
+ value_wo_other_info.pop("model_id", None)
+ ref.name = value["name"]
+ ref.model_id = value["model_id"]
+ d = dict(ref.value)
+ d.update(value_wo_other_info)
+ setattr(ref, "value", d)
+ return {ref.id: ref.to_dict()}
+
+ except sqlalchemy.exc.IntegrityError as error:
+ if 'UNIQUE constraint' in str(error):
+ raise exceptions.PolicyExisting
+ raise error
+
+ def delete_policy(self, policy_id):
+ with self.get_session_for_write() as session:
+ ref = session.query(Policy).get(policy_id)
+ session.delete(ref)
+
+ def add_policy(self, policy_id=None, value=None):
+ try:
+ with self.get_session_for_write() as session:
+ value_wo_other_info = copy.deepcopy(value)
+ value_wo_other_info.pop("name", None)
+ value_wo_other_info.pop("model_id", None)
+ new = Policy.from_dict({
+ "id": policy_id if policy_id else uuid4().hex,
+ "name": value["name"],
+ "model_id": value.get("model_id", ""),
+ "value": value_wo_other_info
+ })
+ session.add(new)
+ return {new.id: new.to_dict()}
+
+ except sqlalchemy.exc.IntegrityError as error:
+ if 'UNIQUE constraint' in str(error):
+ raise exceptions.PolicyExisting
+ raise error
+
+ def get_policies(self, policy_id=None, policy_name=None):
+ with self.get_session_for_read() as session:
+ query = session.query(Policy)
+ if policy_id:
+ query = query.filter_by(id=policy_id)
+ elif policy_name:
+ query = query.filter_by(name=policy_name)
+
+ ref_list = query.all()
+ return {_ref.id: _ref.to_dict() for _ref in ref_list}
+
+ def __get_perimeters(self, ClassType, policy_id, perimeter_id=None):
+ # if not policy_id:
+ # raise exceptions.PolicyUnknown
+
+ with self.get_session_for_read() as session:
+ query = session.query(ClassType)
+
+ if perimeter_id:
+ query = query.filter_by(id=perimeter_id)
+
+ ref_list = copy.deepcopy(query.all())
+
+ if policy_id:
+ results = []
+ for _ref in ref_list:
+ _ref_value = _ref.to_return()
+ if policy_id in _ref_value["policy_list"]:
+ results.append(_ref)
+ return {_ref.id: _ref.to_return() for _ref in results}
+ return {_ref.id: _ref.to_return() for _ref in ref_list}
+
+ def __get_perimeter_by_name(self, ClassType, perimeter_name):
+ # if not policy_id:
+ # raise exceptions.PolicyUnknown
+ with self.get_session_for_read() as session:
+ query = session.query(ClassType)
+ if not perimeter_name or not perimeter_name.strip():
+ raise exceptions.PerimeterContentError('invalid name')
+ query = query.filter_by(name=perimeter_name)
+ ref_list = copy.deepcopy(query.all())
+ return {_ref.id: _ref.to_return() for _ref in ref_list}
+
+ def __update_perimeter(self, class_type, class_type_exception, perimeter_id, value):
+ if not perimeter_id:
+ return exceptions.PerimeterContentError
+ with self.get_session_for_write() as session:
+ query = session.query(class_type)
+ query = query.filter_by(id=perimeter_id)
+ _perimeter = query.first()
+ if not _perimeter:
+ raise class_type_exception
+ temp_perimeter = copy.deepcopy(_perimeter.to_dict())
+ if 'name' in value:
+ temp_perimeter['value']['name'] = value['name']
+ if 'description' in value:
+ temp_perimeter['value']['description'] = value['description']
+ if 'extra' in value:
+ temp_perimeter['value']['extra'] = value['extra']
+ name = temp_perimeter['value']['name']
+ temp_perimeter['value'].pop("name", None)
+ new_perimeter = class_type.from_dict({
+ "id": temp_perimeter["id"],
+ "name": name,
+ "value": temp_perimeter["value"]
+ })
+ _perimeter.value = new_perimeter.value
+ _perimeter.name = new_perimeter.name
+ return {_perimeter.id: _perimeter.to_return()}
+
+ def __set_perimeter(self, ClassType, ClassTypeException, policy_id, perimeter_id=None,
+ value=None):
+ if not value or "name" not in value or not value["name"].strip():
+ raise exceptions.PerimeterContentError('invalid name')
+ with self.get_session_for_write() as session:
+ _perimeter = None
+ if perimeter_id:
+ query = session.query(ClassType)
+ query = query.filter_by(id=perimeter_id)
+ _perimeter = query.first()
+ if not perimeter_id and not _perimeter:
+ query = session.query(ClassType)
+ query = query.filter_by(name=value['name'])
+ _perimeter = query.first()
+ if _perimeter:
+ raise ClassTypeException
+ if not _perimeter:
+ if "policy_list" not in value or type(value["policy_list"]) is not list:
+ value["policy_list"] = []
+ if policy_id and policy_id not in value["policy_list"]:
+ value["policy_list"] = [policy_id, ]
+
+ value_wo_name = copy.deepcopy(value)
+ value_wo_name.pop("name", None)
+ new = ClassType.from_dict({
+ "id": perimeter_id if perimeter_id else uuid4().hex,
+ "name": value["name"],
+ "value": value_wo_name
+ })
+ session.add(new)
+ return {new.id: new.to_return()}
+ else:
+ _value = copy.deepcopy(_perimeter.to_dict())
+ if "policy_list" not in _value["value"] or type(
+ _value["value"]["policy_list"]) is not list:
+ _value["value"]["policy_list"] = []
+ if policy_id and policy_id not in _value["value"]["policy_list"]:
+ _value["value"]["policy_list"].append(policy_id)
+ else:
+ if policy_id:
+ raise exceptions.PolicyExisting
+ raise exceptions.PerimeterContentError
+
+ _value["value"].update(value)
+
+ name = _value["value"]["name"]
+ _value["value"].pop("name")
+ new_perimeter = ClassType.from_dict({
+ "id": _value["id"],
+ "name": name,
+ "value": _value["value"]
+ })
+ _perimeter.value = new_perimeter.value
+ _perimeter.name = new_perimeter.name
+ return {_perimeter.id: _perimeter.to_return()}
+
+ def __delete_perimeter(self, ClassType, ClassUnknownException, policy_id, perimeter_id):
+ with self.get_session_for_write() as session:
+ query = session.query(ClassType)
+ query = query.filter_by(id=perimeter_id)
+ _perimeter = query.first()
+ if not _perimeter:
+ raise ClassUnknownException
+ old_perimeter = copy.deepcopy(_perimeter.to_dict())
+ try:
+ old_perimeter["value"]["policy_list"].remove(policy_id)
+ new_perimeter = ClassType.from_dict(old_perimeter)
+ if not new_perimeter.value["policy_list"]:
+ session.delete(_perimeter)
+ else:
+ setattr(_perimeter, "value", getattr(new_perimeter, "value"))
+ except ValueError:
+ if not _perimeter.value["policy_list"]:
+ session.delete(_perimeter)
+
+ def get_subjects(self, policy_id, perimeter_id=None):
+ return self.__get_perimeters(Subject, policy_id, perimeter_id)
+
+ def get_subject_by_name(self, perimeter_name):
+ return self.__get_perimeter_by_name(Subject, perimeter_name)
+
+ def set_subject(self, policy_id, perimeter_id=None, value=None):
+ try:
+ return self.__set_perimeter(Subject, exceptions.SubjectExisting, policy_id,
+ perimeter_id=perimeter_id, value=value)
+ except sqlalchemy.exc.IntegrityError as error:
+ if 'UNIQUE constraint' in str(error):
+ raise exceptions.SubjectExisting
+ raise error
+
+ def update_subject(self, perimeter_id, value):
+ try:
+ return self.__update_perimeter(Subject, exceptions.SubjectExisting, perimeter_id, value)
+ except sqlalchemy.exc.IntegrityError as error:
+ if 'UNIQUE constraint' in str(error):
+ raise exceptions.SubjectExisting
+ raise error
+
+ def delete_subject(self, policy_id, perimeter_id):
+ self.__delete_perimeter(Subject, exceptions.SubjectUnknown, policy_id, perimeter_id)
+
+ def get_objects(self, policy_id, perimeter_id=None):
+ return self.__get_perimeters(Object, policy_id, perimeter_id)
+
+ def get_object_by_name(self, perimeter_name):
+ return self.__get_perimeter_by_name(Object, perimeter_name)
+
+ def set_object(self, policy_id, perimeter_id=None, value=None):
+ try:
+ return self.__set_perimeter(Object, exceptions.ObjectExisting, policy_id,
+ perimeter_id=perimeter_id, value=value)
+ except sqlalchemy.exc.IntegrityError as error:
+ logger.exception("IntegrityError {}".format(error))
+ if 'UNIQUE constraint' in str(error):
+ raise exceptions.ObjectExisting
+ raise error
+
+ def update_object(self, perimeter_id, value):
+ try:
+ return self.__update_perimeter(Object, exceptions.ObjectExisting, perimeter_id, value)
+ except sqlalchemy.exc.IntegrityError as error:
+ if 'UNIQUE constraint' in str(error):
+ raise exceptions.ObjectExisting
+ raise error
+
+ def delete_object(self, policy_id, perimeter_id):
+ self.__delete_perimeter(Object, exceptions.ObjectUnknown, policy_id, perimeter_id)
+
+ def get_actions(self, policy_id, perimeter_id=None):
+ return self.__get_perimeters(Action, policy_id, perimeter_id)
+
+ def get_action_by_name(self, perimeter_name):
+ return self.__get_perimeter_by_name(Action, perimeter_name)
+
+ def set_action(self, policy_id, perimeter_id=None, value=None):
+ try:
+ return self.__set_perimeter(Action, exceptions.ActionExisting, policy_id,
+ perimeter_id=perimeter_id, value=value)
+ except sqlalchemy.exc.IntegrityError as error:
+ if 'UNIQUE constraint' in str(error):
+ raise exceptions.ActionExisting
+ raise error
+
+ def update_action(self, perimeter_id, value):
+ try:
+ return self.__update_perimeter(Action, exceptions.ActionExisting, perimeter_id, value)
+ except sqlalchemy.exc.IntegrityError as error:
+ if 'UNIQUE constraint' in str(error):
+ raise exceptions.ActionExisting
+ raise error
+
+ def delete_action(self, policy_id, perimeter_id):
+ self.__delete_perimeter(Action, exceptions.ActionUnknown, policy_id, perimeter_id)
+
+ def __is_data_exist(self, ClassType, category_id=None):
+
+ with self.get_session_for_read() as session:
+ query = session.query(ClassType)
+ query = query.filter_by(category_id=category_id)
+ ref_list = query.all()
+ if ref_list:
+ return True
+ return False
+
+ def __get_data(self, ClassType, policy_id, data_id=None, category_id=None):
+ with self.get_session_for_read() as session:
+ query = session.query(ClassType)
+ if policy_id and data_id and category_id:
+ query = query.filter_by(policy_id=policy_id, id=data_id, category_id=category_id)
+ elif policy_id and category_id:
+ query = query.filter_by(policy_id=policy_id, category_id=category_id)
+ elif category_id:
+ query = query.filter_by(category_id=category_id)
+ elif policy_id:
+ query = query.filter_by(policy_id=policy_id)
+ else:
+ raise exceptions.PolicyUnknown
+
+ ref_list = query.all()
+ return {
+ "policy_id": policy_id,
+ "category_id": category_id,
+ "data": {_ref.id: _ref.to_dict() for _ref in ref_list}
+ }
+
+ def __set_data(self, ClassType, ClassTypeData, policy_id, data_id=None, category_id=None,
+ value=None):
+ with self.get_session_for_write() as session:
+ query = session.query(ClassTypeData)
+ query = query.filter_by(policy_id=policy_id, id=data_id, category_id=category_id)
+ ref = query.first()
+ if not ref:
+ value_wo_name = copy.deepcopy(value)
+ value_wo_name.pop("name", None)
+ new_ref = ClassTypeData.from_dict(
+ {
+ "id": data_id if data_id else uuid4().hex,
+ 'name': value["name"],
+ 'value': value_wo_name,
+ 'category_id': category_id,
+ 'policy_id': policy_id,
+ }
+ )
+ session.add(new_ref)
+ ref = new_ref
+ else:
+ for attr in ClassType.attributes:
+ if attr != 'id':
+ setattr(ref, attr, getattr(ref, attr))
+ # session.flush()
+ return {
+ "policy_id": policy_id,
+ "category_id": category_id,
+ "data": {ref.id: ref.to_dict()}
+ }
+
+ def __delete_data(self, ClassType, policy_id, category_id, data_id):
+
+ if not data_id:
+ raise exceptions.DataUnknown
+ with self.get_session_for_write() as session:
+ query = session.query(ClassType)
+ if category_id:
+ query = query.filter_by(policy_id=policy_id, category_id=category_id, id=data_id)
+ else:
+ query = query.filter_by(policy_id=policy_id, id=data_id)
+ ref = query.first()
+ if ref:
+ session.delete(ref)
+
+ def is_subject_data_exist(self, category_id=None):
+ return self.__is_data_exist(SubjectData, category_id=category_id)
+
+ def get_subject_data(self, policy_id, data_id=None, category_id=None):
+ return self.__get_data(SubjectData, policy_id, data_id=data_id, category_id=category_id)
+
+ def set_subject_data(self, policy_id, data_id=None, category_id=None, value=None):
+ try:
+ return self.__set_data(Subject, SubjectData, policy_id, data_id=data_id,
+ category_id=category_id, value=value)
+ except sqlalchemy.exc.IntegrityError as error:
+ if 'UNIQUE constraint' in str(error):
+ raise exceptions.SubjectScopeExisting
+ raise error
+
+ def delete_subject_data(self, policy_id, category_id, data_id):
+ return self.__delete_data(SubjectData, policy_id, category_id, data_id)
+
+ def is_object_data_exist(self, category_id=None):
+ return self.__is_data_exist(ObjectData, category_id=category_id)
+
+ def get_object_data(self, policy_id, data_id=None, category_id=None):
+ return self.__get_data(ObjectData, policy_id, data_id=data_id, category_id=category_id)
+
+ def set_object_data(self, policy_id, data_id=None, category_id=None, value=None):
+ try:
+ return self.__set_data(Object, ObjectData, policy_id, data_id=data_id,
+ category_id=category_id, value=value)
+ except sqlalchemy.exc.IntegrityError as error:
+ if 'UNIQUE constraint' in str(error):
+ raise exceptions.ObjectScopeExisting
+ raise error
+
+ def delete_object_data(self, policy_id, category_id, data_id):
+ return self.__delete_data(ObjectData, policy_id, category_id, data_id)
+
+ def is_action_data_exist(self, category_id=None):
+ return self.__is_data_exist(ActionData, category_id=category_id)
+
+ def get_action_data(self, policy_id, data_id=None, category_id=None):
+ return self.__get_data(ActionData, policy_id, data_id=data_id, category_id=category_id)
+
+ def set_action_data(self, policy_id, data_id=None, category_id=None, value=None):
+ try:
+ return self.__set_data(Action, ActionData, policy_id, data_id=data_id,
+ category_id=category_id, value=value)
+ except sqlalchemy.exc.IntegrityError as error:
+ if 'UNIQUE constraint' in str(error):
+ raise exceptions.ActionScopeExisting
+ raise error
+
+ def delete_action_data(self, policy_id, category_id, data_id):
+ return self.__delete_data(ActionData, policy_id, category_id, data_id)
+
+ def get_subject_assignments(self, policy_id, subject_id=None, category_id=None):
+ with self.get_session_for_write() as session:
+ query = session.query(SubjectAssignment)
+ if subject_id and category_id:
+ # TODO change the subject_id to perimeter_id to allow code refactoring
+ query = query.filter_by(policy_id=policy_id, subject_id=subject_id,
+ category_id=category_id)
+ elif subject_id:
+ query = query.filter_by(policy_id=policy_id, subject_id=subject_id)
+ else:
+ query = query.filter_by(policy_id=policy_id)
+ ref_list = query.all()
+ return {_ref.id: _ref.to_dict() for _ref in ref_list}
+
+ def add_subject_assignment(self, policy_id, subject_id, category_id, data_id):
+ with self.get_session_for_write() as session:
+ query = session.query(SubjectAssignment)
+ query = query.filter_by(policy_id=policy_id, subject_id=subject_id,
+ category_id=category_id)
+ ref = query.first()
+ if ref:
+ old_ref = copy.deepcopy(ref.to_dict())
+ assignments = old_ref["assignments"]
+ if data_id not in assignments:
+ assignments.append(data_id)
+ setattr(ref, "assignments", assignments)
+ else:
+ raise exceptions.SubjectAssignmentExisting
+ else:
+ ref = SubjectAssignment.from_dict(
+ {
+ "id": uuid4().hex,
+ "policy_id": policy_id,
+ "subject_id": subject_id,
+ "category_id": category_id,
+ "assignments": [data_id, ],
+ }
+ )
+ session.add(ref)
+ return {ref.id: ref.to_dict()}
+
+ def is_subject_category_has_assignment(self, category_id):
+ return self.__is_category_has_assignment(SubjectAssignment, category_id)
+
+ def is_object_category_has_assignment(self, category_id):
+ return self.__is_category_has_assignment(ObjectAssignment, category_id)
+
+ def is_action_category_has_assignment(self, category_id):
+ return self.__is_category_has_assignment(ActionAssignment, category_id)
+
+ def __is_category_has_assignment(self, ClassType, category_id):
+ with self.get_session_for_write() as session:
+ query = session.query(ClassType)
+ query = query.filter_by(category_id=category_id)
+ count = query.count()
+ return count > 0
+
+ def delete_subject_assignment(self, policy_id, subject_id, category_id, data_id):
+ with self.get_session_for_write() as session:
+ query = session.query(SubjectAssignment)
+ query = query.filter_by(policy_id=policy_id, subject_id=subject_id,
+ category_id=category_id)
+ ref = query.first()
+ if ref:
+ old_ref = copy.deepcopy(ref.to_dict())
+ assignments = old_ref["assignments"]
+ # TODO (asteroide): if data_id is None, delete all
+ if data_id in assignments:
+ assignments.remove(data_id)
+ # FIXME (asteroide): the setattr doesn't work here ; the assignments is not updated in the database
+ setattr(ref, "assignments", assignments)
+ if not assignments:
+ session.delete(ref)
+
+ def get_object_assignments(self, policy_id, object_id=None, category_id=None):
+ with self.get_session_for_write() as session:
+ query = session.query(ObjectAssignment)
+ if object_id and category_id:
+ # TODO change the object_id to perimeter_id to allow code refactoring
+ query = query.filter_by(policy_id=policy_id, object_id=object_id,
+ category_id=category_id)
+ elif object_id:
+ query = query.filter_by(policy_id=policy_id, object_id=object_id)
+ else:
+ query = query.filter_by(policy_id=policy_id)
+ ref_list = query.all()
+ return {_ref.id: _ref.to_dict() for _ref in ref_list}
+
+ def add_object_assignment(self, policy_id, object_id, category_id, data_id):
+ with self.get_session_for_write() as session:
+ query = session.query(ObjectAssignment)
+ query = query.filter_by(policy_id=policy_id, object_id=object_id,
+ category_id=category_id)
+ ref = query.first()
+ if ref:
+ old_ref = copy.deepcopy(ref.to_dict())
+ assignments = old_ref["assignments"]
+ if data_id not in assignments:
+ assignments.append(data_id)
+ setattr(ref, "assignments", assignments)
+ else:
+ raise exceptions.ObjectAssignmentExisting
+ else:
+ ref = ObjectAssignment.from_dict(
+ {
+ "id": uuid4().hex,
+ "policy_id": policy_id,
+ "object_id": object_id,
+ "category_id": category_id,
+ "assignments": [data_id, ],
+ }
+ )
+ session.add(ref)
+ return {ref.id: ref.to_dict()}
+
+ def delete_object_assignment(self, policy_id, object_id, category_id, data_id):
+ with self.get_session_for_write() as session:
+ query = session.query(ObjectAssignment)
+ query = query.filter_by(policy_id=policy_id, object_id=object_id,
+ category_id=category_id)
+ ref = query.first()
+ if ref:
+ old_ref = copy.deepcopy(ref.to_dict())
+ assignments = old_ref["assignments"]
+ # TODO (asteroide): if data_id is None, delete all
+ if data_id in assignments:
+ assignments.remove(data_id)
+ # FIXME (asteroide): the setattr doesn't work here ; the assignments is not updated in the database
+ setattr(ref, "assignments", assignments)
+ if not assignments:
+ session.delete(ref)
+
+ def get_action_assignments(self, policy_id, action_id=None, category_id=None):
+ with self.get_session_for_write() as session:
+ if not policy_id:
+ return exceptions.PolicyUnknown
+ query = session.query(ActionAssignment)
+ if action_id and category_id:
+ # TODO change the action_id to perimeter_id to allow code refactoring
+ query = query.filter_by(policy_id=policy_id, action_id=action_id,
+ category_id=category_id)
+ elif action_id:
+ query = query.filter_by(policy_id=policy_id, action_id=action_id)
+ elif category_id:
+ query = query.filter_by(policy_id=policy_id, category_id=category_id)
+ else:
+ query = query.filter_by(policy_id=policy_id)
+ ref_list = query.all()
+ return {_ref.id: _ref.to_dict() for _ref in ref_list}
+
+ def add_action_assignment(self, policy_id, action_id, category_id, data_id):
+ with self.get_session_for_write() as session:
+ query = session.query(ActionAssignment)
+ query = query.filter_by(policy_id=policy_id, action_id=action_id,
+ category_id=category_id)
+ ref = query.first()
+ if ref:
+ old_ref = copy.deepcopy(ref.to_dict())
+ assignments = old_ref["assignments"]
+ if data_id not in assignments:
+ assignments.append(data_id)
+ setattr(ref, "assignments", assignments)
+ else:
+ raise exceptions.ActionAssignmentExisting
+ else:
+ ref = ActionAssignment.from_dict(
+ {
+ "id": uuid4().hex,
+ "policy_id": policy_id,
+ "action_id": action_id,
+ "category_id": category_id,
+ "assignments": [data_id, ],
+ }
+ )
+ session.add(ref)
+ return {ref.id: ref.to_dict()}
+
+ def delete_action_assignment(self, policy_id, action_id, category_id, data_id):
+ with self.get_session_for_write() as session:
+ query = session.query(ActionAssignment)
+ query = query.filter_by(policy_id=policy_id, action_id=action_id,
+ category_id=category_id)
+ ref = query.first()
+ if ref:
+ old_ref = copy.deepcopy(ref.to_dict())
+ assignments = old_ref["assignments"]
+ # TODO (asteroide): if data_id is None, delete all
+ if data_id in assignments:
+ assignments.remove(data_id)
+ # FIXME (asteroide): the setattr doesn't work here ; the assignments is not updated in the database
+ setattr(ref, "assignments", assignments)
+ if not assignments:
+ session.delete(ref)
+
+ def get_rules(self, policy_id, rule_id=None, meta_rule_id=None):
+ with self.get_session_for_read() as session:
+ query = session.query(Rule)
+ if rule_id:
+ query = query.filter_by(policy_id=policy_id, rule_id=rule_id)
+ ref = query.first()
+ return {ref.id: ref.to_dict()}
+ elif meta_rule_id and policy_id:
+ query = query.filter_by(policy_id=policy_id, meta_rule_id=meta_rule_id)
+ ref_list = query.all()
+ return {
+ "meta_rule_id": meta_rule_id,
+ "policy_id": policy_id,
+ "rules": list(map(lambda x: x.to_dict(), ref_list))
+ }
+ else:
+ query = query.filter_by(policy_id=policy_id)
+ ref_list = query.all()
+ return {
+ "policy_id": policy_id,
+ "rules": list(map(lambda x: x.to_dict(), ref_list))
+ }
+
+ def is_meta_rule_has_rules(self, meta_rule_id):
+ with self.get_session_for_read() as session:
+ query = session.query(Rule)
+
+ query = query.filter_by(meta_rule_id=meta_rule_id)
+ count = query.count()
+ return count > 0
+
+ def add_rule(self, policy_id, meta_rule_id, value):
+ try:
+ rules = self.get_rules(policy_id, meta_rule_id=meta_rule_id)
+ for _rule in map(lambda x: x["rule"], rules["rules"]):
+ if list(value.get('rule')) == list(_rule):
+ raise exceptions.RuleExisting
+ with self.get_session_for_write() as session:
+ ref = Rule.from_dict(
+ {
+ "id": uuid4().hex,
+ "policy_id": policy_id,
+ "meta_rule_id": meta_rule_id,
+ "rule": value
+ }
+ )
+ session.add(ref)
+ return {ref.id: ref.to_dict()}
+ except sqlalchemy.exc.IntegrityError as error:
+ if 'UNIQUE constraint' in str(error):
+ raise exceptions.RuleExisting
+ raise error
+
+ def delete_rule(self, policy_id, rule_id):
+ with self.get_session_for_write() as session:
+ query = session.query(Rule)
+ query = query.filter_by(policy_id=policy_id, id=rule_id)
+ ref = query.first()
+ if ref:
+ session.delete(ref)
+
+
+class ModelConnector(BaseConnector, ModelDriver):
+
+ def update_model(self, model_id, value):
+ try:
+ with self.get_session_for_write() as session:
+ query = session.query(Model)
+ if model_id:
+ query = query.filter_by(id=model_id)
+ ref = query.first()
+ if ref:
+ value_wo_name = copy.deepcopy(value)
+ value_wo_name.pop("name", None)
+ setattr(ref, "name", value["name"])
+ d = dict(ref.value)
+ d.update(value_wo_name)
+ setattr(ref, "value", d)
+ return {ref.id: ref.to_dict()}
+ except sqlalchemy.exc.IntegrityError as error:
+ if 'UNIQUE constraint' in str(error):
+ raise exceptions.ModelExisting
+ raise error
+
+ def delete_model(self, model_id):
+ with self.get_session_for_write() as session:
+ ref = session.query(Model).get(model_id)
+ session.delete(ref)
+
+ def add_model(self, model_id=None, value=None):
+ try:
+ with self.get_session_for_write() as session:
+ value_wo_name = copy.deepcopy(value)
+ value_wo_name.pop("name", None)
+ new = Model.from_dict({
+ "id": model_id if model_id else uuid4().hex,
+ "name": value["name"],
+ "value": value_wo_name
+ })
+ session.add(new)
+ return {new.id: new.to_dict()}
+ except sqlalchemy.exc.IntegrityError as error:
+ if 'UNIQUE constraint' in str(error):
+ raise exceptions.ModelExisting
+
+ def get_models(self, model_id=None):
+ with self.get_session_for_read() as session:
+ query = session.query(Model)
+ if model_id:
+ ref_list = query.filter(Model.id == model_id)
+ else:
+ ref_list = query.all()
+
+ r = {_ref.id: _ref.to_dict() for _ref in ref_list}
+ return r
+
+ def set_meta_rule(self, meta_rule_id, value):
+ try:
+ with self.get_session_for_write() as session:
+ value_wo_other_data = copy.deepcopy(value)
+ value_wo_other_data.pop("name", None)
+ value_wo_other_data.pop("subject_categories", None)
+ value_wo_other_data.pop("object_categories", None)
+ value_wo_other_data.pop("action_categories", None)
+ if meta_rule_id is None:
+ try:
+ ref = MetaRule.from_dict(
+ {
+ "id": uuid4().hex,
+ "name": value["name"],
+ "subject_categories": value["subject_categories"],
+ "object_categories": value["object_categories"],
+ "action_categories": value["action_categories"],
+ "value": value_wo_other_data
+ }
+ )
+ session.add(ref)
+ except sqlalchemy.exc.IntegrityError as error:
+ if 'UNIQUE constraint' in str(error):
+ raise exceptions.MetaRuleExisting
+ raise error
+ else:
+ query = session.query(MetaRule)
+ query = query.filter_by(id=meta_rule_id)
+ ref = query.first()
+ setattr(ref, "name", value["name"])
+ setattr(ref, "subject_categories", value["subject_categories"])
+ setattr(ref, "object_categories", value["object_categories"])
+ setattr(ref, "action_categories", value["action_categories"])
+ setattr(ref, "value", value_wo_other_data)
+ return {ref.id: ref.to_dict()}
+ except sqlalchemy.exc.IntegrityError as error:
+ if 'UNIQUE constraint' in str(error):
+ raise exceptions.MetaRuleExisting
+ raise error
+
+ def get_meta_rules(self, meta_rule_id=None):
+ with self.get_session_for_read() as session:
+ query = session.query(MetaRule)
+ if meta_rule_id:
+ query = query.filter_by(id=meta_rule_id)
+ ref_list = query.all()
+ return {_ref.id: _ref.to_dict() for _ref in ref_list}
+
+ def delete_meta_rule(self, meta_rule_id=None):
+ with self.get_session_for_write() as session:
+ query = session.query(MetaRule)
+ query = query.filter_by(id=meta_rule_id)
+ ref = query.first()
+ if ref:
+ session.delete(ref)
+
+ def __get_perimeter_categories(self, ClassType, category_id=None):
+ with self.get_session_for_read() as session:
+ query = session.query(ClassType)
+ if category_id:
+ query = query.filter_by(id=category_id)
+ ref_list = query.all()
+ return {_ref.id: _ref.to_dict() for _ref in ref_list}
+
+ def __add_perimeter_category(self, ClassType, name, description, uuid=None):
+ if not name or not name.strip():
+ raise exceptions.CategoryNameInvalid
+ with self.get_session_for_write() as session:
+ ref = ClassType.from_dict(
+ {
+ "id": uuid if uuid else uuid4().hex,
+ "name": name,
+ "description": description
+ }
+ )
+ session.add(ref)
+ return {ref.id: ref.to_dict()}
+
+ def __delete_perimeter_category(self, ClassType, category_id):
+ with self.get_session_for_write() as session:
+ query = session.query(ClassType)
+ query = query.filter_by(id=category_id)
+ ref = query.first()
+ if ref:
+ session.delete(ref)
+
+ def get_subject_categories(self, category_id=None):
+ return self.__get_perimeter_categories(SubjectCategory, category_id=category_id)
+
+ def add_subject_category(self, name, description, uuid=None):
+ try:
+ return self.__add_perimeter_category(SubjectCategory, name, description, uuid=uuid)
+ except sql.exc.IntegrityError as error:
+ if 'UNIQUE constraint' in str(error):
+ raise exceptions.SubjectCategoryExisting
+ raise error
+
+ def delete_subject_category(self, category_id):
+ self.__delete_perimeter_category(SubjectCategory, category_id)
+
+ def get_object_categories(self, category_id=None):
+ return self.__get_perimeter_categories(ObjectCategory, category_id=category_id)
+
+ def add_object_category(self, name, description, uuid=None):
+ try:
+ return self.__add_perimeter_category(ObjectCategory, name, description, uuid=uuid)
+ except sql.exc.IntegrityError as error:
+ if 'UNIQUE constraint' in str(error):
+ raise exceptions.ObjectCategoryExisting
+ raise error
+
+ def delete_object_category(self, category_id):
+ self.__delete_perimeter_category(ObjectCategory, category_id)
+
+ def get_action_categories(self, category_id=None):
+
+ return self.__get_perimeter_categories(ActionCategory, category_id=category_id)
+
+ def add_action_category(self, name, description, uuid=None):
+ try:
+ return self.__add_perimeter_category(ActionCategory, name, description, uuid=uuid)
+ except sql.exc.IntegrityError as error:
+ if 'UNIQUE constraint' in str(error):
+ raise exceptions.ActionCategoryExisting
+ raise error
+
+ def delete_action_category(self, category_id):
+ self.__delete_perimeter_category(ActionCategory, category_id)
+
+ # Getter and Setter for subject_category
+
+ # def get_subject_categories_dict(self, intra_extension_id):
+ # with self.get_session_for_read() as session:
+ # query = session.query(SubjectCategory)
+ # query = query.filter_by(intra_extension_id=intra_extension_id)
+ # ref_list = query.all()
+ # return {_ref.id: _ref.subject_category for _ref in ref_list}
+ #
+ # def set_subject_category_dict(self, intra_extension_id, subject_category_id, subject_category_dict):
+ # with self.get_session_for_write() as session:
+ # query = session.query(SubjectCategory)
+ # query = query.filter_by(intra_extension_id=intra_extension_id, id=subject_category_id)
+ # ref = query.first()
+ # new_ref = SubjectCategory.from_dict(
+ # {
+ # "id": subject_category_id,
+ # 'subject_category': subject_category_dict,
+ # 'intra_extension_id': intra_extension_id
+ # }
+ # )
+ # if not ref:
+ # session.add(new_ref)
+ # ref = new_ref
+ # else:
+ # for attr in SubjectCategory.attributes:
+ # if attr != 'id':
+ # setattr(ref, attr, getattr(new_ref, attr))
+ # # # session.flush()
+ # return {subject_category_id: SubjectCategory.to_dict(ref)['subject_category']}
+ #
+ # def del_subject_category(self, intra_extension_id, subject_category_id):
+ # with self.get_session_for_write() as session:
+ # query = session.query(SubjectCategory)
+ # query = query.filter_by(intra_extension_id=intra_extension_id, id=subject_category_id)
+ # ref = query.first()
+ # self.del_subject_assignment(intra_extension_id, None, None, None)
+ # session.delete(ref)
+ #
+ # # Getter and Setter for object_category
+ #
+ # def get_object_categories_dict(self, intra_extension_id):
+ # with self.get_session_for_read() as session:
+ # query = session.query(ObjectCategory)
+ # query = query.filter_by(intra_extension_id=intra_extension_id)
+ # ref_list = query.all()
+ # return {_ref.id: _ref.object_category for _ref in ref_list}
+ #
+ # def set_object_category_dict(self, intra_extension_id, object_category_id, object_category_dict):
+ # with self.get_session_for_write() as session:
+ # query = session.query(ObjectCategory)
+ # query = query.filter_by(intra_extension_id=intra_extension_id, id=object_category_id)
+ # ref = query.first()
+ # new_ref = ObjectCategory.from_dict(
+ # {
+ # "id": object_category_id,
+ # 'object_category': object_category_dict,
+ # 'intra_extension_id': intra_extension_id
+ # }
+ # )
+ # if not ref:
+ # session.add(new_ref)
+ # ref = new_ref
+ # else:
+ # for attr in ObjectCategory.attributes:
+ # if attr != 'id':
+ # setattr(ref, attr, getattr(new_ref, attr))
+ # # session.flush()
+ # return {object_category_id: ObjectCategory.to_dict(ref)['object_category']}
+ #
+ # def del_object_category(self, intra_extension_id, object_category_id):
+ # with self.get_session_for_write() as session:
+ # query = session.query(ObjectCategory)
+ # query = query.filter_by(intra_extension_id=intra_extension_id, id=object_category_id)
+ # ref = query.first()
+ # self.del_object_assignment(intra_extension_id, None, None, None)
+ # session.delete(ref)
+ #
+ # # Getter and Setter for action_category
+ #
+ # def get_action_categories_dict(self, intra_extension_id):
+ # with self.get_session_for_read() as session:
+ # query = session.query(ActionCategory)
+ # query = query.filter_by(intra_extension_id=intra_extension_id)
+ # ref_list = query.all()
+ # return {_ref.id: _ref.action_category for _ref in ref_list}
+ #
+ # def set_action_category_dict(self, intra_extension_id, action_category_id, action_category_dict):
+ # with self.get_session_for_write() as session:
+ # query = session.query(ActionCategory)
+ # query = query.filter_by(intra_extension_id=intra_extension_id, id=action_category_id)
+ # ref = query.first()
+ # new_ref = ActionCategory.from_dict(
+ # {
+ # "id": action_category_id,
+ # 'action_category': action_category_dict,
+ # 'intra_extension_id': intra_extension_id
+ # }
+ # )
+ # if not ref:
+ # session.add(new_ref)
+ # ref = new_ref
+ # else:
+ # for attr in ActionCategory.attributes:
+ # if attr != 'id':
+ # setattr(ref, attr, getattr(new_ref, attr))
+ # # session.flush()
+ # return {action_category_id: ActionCategory.to_dict(ref)['action_category']}
+ #
+ # def del_action_category(self, intra_extension_id, action_category_id):
+ # with self.get_session_for_write() as session:
+ # query = session.query(ActionCategory)
+ # query = query.filter_by(intra_extension_id=intra_extension_id, id=action_category_id)
+ # ref = query.first()
+ # self.del_action_assignment(intra_extension_id, None, None, None)
+ # session.delete(ref)
+
+ # Perimeter
+
+ # def get_subjects_dict(self, intra_extension_id):
+ # with self.get_session_for_read() as session:
+ # query = session.query(Subject)
+ # query = query.filter_by(intra_extension_id=intra_extension_id)
+ # ref_list = query.all()
+ # return {_ref.id: _ref.subject for _ref in ref_list}
+ #
+ # def set_subject_dict(self, intra_extension_id, subject_id, subject_dict):
+ # with self.get_session_for_write() as session:
+ # query = session.query(Subject)
+ # query = query.filter_by(intra_extension_id=intra_extension_id, id=subject_id)
+ # ref = query.first()
+ # # if 'id' in subject_dict:
+ # # subject_dict['id'] = subject_id
+ # new_ref = Subject.from_dict(
+ # {
+ # "id": subject_id,
+ # 'subject': subject_dict,
+ # 'intra_extension_id': intra_extension_id
+ # }
+ # )
+ # if not ref:
+ # session.add(new_ref)
+ # ref = new_ref
+ # else:
+ # for attr in Subject.attributes:
+ # if attr != 'id':
+ # setattr(ref, attr, getattr(new_ref, attr))
+ # # session.flush()
+ # return {subject_id: Subject.to_dict(ref)['subject']}
+ #
+ # def del_subject(self, intra_extension_id, subject_id):
+ # with self.get_session_for_write() as session:
+ # query = session.query(Subject)
+ # query = query.filter_by(intra_extension_id=intra_extension_id, id=subject_id)
+ # ref = query.first()
+ # session.delete(ref)
+ #
+ # def get_objects_dict(self, intra_extension_id):
+ # with self.get_session_for_read() as session:
+ # query = session.query(Object)
+ # query = query.filter_by(intra_extension_id=intra_extension_id)
+ # ref_list = query.all()
+ # return {_ref.id: _ref.object for _ref in ref_list}
+ #
+ # def set_object_dict(self, intra_extension_id, object_id, object_dict):
+ # with self.get_session_for_write() as session:
+ # query = session.query(Object)
+ # query = query.filter_by(intra_extension_id=intra_extension_id, id=object_id)
+ # ref = query.first()
+ # new_ref = Object.from_dict(
+ # {
+ # "id": object_id,
+ # 'object': object_dict,
+ # 'intra_extension_id': intra_extension_id
+ # }
+ # )
+ # if not ref:
+ # session.add(new_ref)
+ # ref = new_ref
+ # else:
+ # for attr in Object.attributes:
+ # if attr != 'id':
+ # setattr(ref, attr, getattr(new_ref, attr))
+ # # session.flush()
+ # return {object_id: Object.to_dict(ref)['object']}
+ #
+ # def del_object(self, intra_extension_id, object_id):
+ # with self.get_session_for_write() as session:
+ # query = session.query(Object)
+ # query = query.filter_by(intra_extension_id=intra_extension_id, id=object_id)
+ # ref = query.first()
+ # session.delete(ref)
+ #
+ # def get_actions_dict(self, intra_extension_id):
+ # with self.get_session_for_read() as session:
+ # query = session.query(Action)
+ # query = query.filter_by(intra_extension_id=intra_extension_id)
+ # ref_list = query.all()
+ # return {_ref.id: _ref.action for _ref in ref_list}
+ #
+ # def set_action_dict(self, intra_extension_id, action_id, action_dict):
+ # with self.get_session_for_write() as session:
+ # query = session.query(Action)
+ # query = query.filter_by(intra_extension_id=intra_extension_id, id=action_id)
+ # ref = query.first()
+ # new_ref = Action.from_dict(
+ # {
+ # "id": action_id,
+ # 'action': action_dict,
+ # 'intra_extension_id': intra_extension_id
+ # }
+ # )
+ # if not ref:
+ # session.add(new_ref)
+ # ref = new_ref
+ # else:
+ # for attr in Action.attributes:
+ # if attr != 'id':
+ # setattr(ref, attr, getattr(new_ref, attr))
+ # # session.flush()
+ # return {action_id: Action.to_dict(ref)['action']}
+ #
+ # def del_action(self, intra_extension_id, action_id):
+ # with self.get_session_for_write() as session:
+ # query = session.query(Action)
+ # query = query.filter_by(intra_extension_id=intra_extension_id, id=action_id)
+ # ref = query.first()
+ # session.delete(ref)
+
+ # Getter and Setter for subject_scope
+
+ # def get_subject_scopes_dict(self, intra_extension_id, subject_category_id):
+ # with self.get_session_for_read() as session:
+ # query = session.query(SubjectScope)
+ # query = query.filter_by(intra_extension_id=intra_extension_id, subject_category_id=subject_category_id)
+ # ref_list = query.all()
+ # return {_ref.id: _ref.subject_scope for _ref in ref_list}
+ #
+ # def set_subject_scope_dict(self, intra_extension_id, subject_category_id, subject_scope_id, subject_scope_dict):
+ # with self.get_session_for_write() as session:
+ # query = session.query(SubjectScope)
+ # query = query.filter_by(intra_extension_id=intra_extension_id, subject_category_id=subject_category_id, id=subject_scope_id)
+ # ref = query.first()
+ # new_ref = SubjectScope.from_dict(
+ # {
+ # "id": subject_scope_id,
+ # 'subject_scope': subject_scope_dict,
+ # 'intra_extension_id': intra_extension_id,
+ # 'subject_category_id': subject_category_id
+ # }
+ # )
+ # if not ref:
+ # session.add(new_ref)
+ # ref = new_ref
+ # else:
+ # for attr in Subject.attributes:
+ # if attr != 'id':
+ # setattr(ref, attr, getattr(new_ref, attr))
+ # # session.flush()
+ # return {subject_scope_id: SubjectScope.to_dict(ref)['subject_scope']}
+ #
+ # def del_subject_scope(self, intra_extension_id, subject_category_id, subject_scope_id):
+ # with self.get_session_for_write() as session:
+ # query = session.query(SubjectScope)
+ # if not subject_category_id or not subject_scope_id:
+ # query = query.filter_by(intra_extension_id=intra_extension_id)
+ # for ref in query.all():
+ # session.delete(ref)
+ # else:
+ # query = query.filter_by(intra_extension_id=intra_extension_id, subject_category_id=subject_category_id, id=subject_scope_id)
+ # ref = query.first()
+ # session.delete(ref)
+ #
+ # # Getter and Setter for object_category_scope
+ #
+ # def get_object_scopes_dict(self, intra_extension_id, object_category_id):
+ # with self.get_session_for_read() as session:
+ # query = session.query(ObjectScope)
+ # query = query.filter_by(intra_extension_id=intra_extension_id, object_category_id=object_category_id)
+ # ref_list = query.all()
+ # return {_ref.id: _ref.object_scope for _ref in ref_list}
+ #
+ # def set_object_scope_dict(self, intra_extension_id, object_category_id, object_scope_id, object_scope_dict):
+ # with self.get_session_for_write() as session:
+ # query = session.query(ObjectScope)
+ # query = query.filter_by(intra_extension_id=intra_extension_id, object_category_id=object_category_id, id=object_scope_id)
+ # ref = query.first()
+ # new_ref = ObjectScope.from_dict(
+ # {
+ # "id": object_scope_id,
+ # 'object_scope': object_scope_dict,
+ # 'intra_extension_id': intra_extension_id,
+ # 'object_category_id': object_category_id
+ # }
+ # )
+ # if not ref:
+ # session.add(new_ref)
+ # ref = new_ref
+ # else:
+ # for attr in Object.attributes:
+ # if attr != 'id':
+ # setattr(ref, attr, getattr(new_ref, attr))
+ # # session.flush()
+ # return {object_scope_id: ObjectScope.to_dict(ref)['object_scope']}
+ #
+ # def del_object_scope(self, intra_extension_id, object_category_id, object_scope_id):
+ # with self.get_session_for_write() as session:
+ # query = session.query(ObjectScope)
+ # if not object_category_id or not object_scope_id:
+ # query = query.filter_by(intra_extension_id=intra_extension_id)
+ # for ref in query.all():
+ # session.delete(ref)
+ # else:
+ # query = query.filter_by(intra_extension_id=intra_extension_id, object_category_id=object_category_id, id=object_scope_id)
+ # ref = query.first()
+ # session.delete(ref)
+ #
+ # # Getter and Setter for action_scope
+ #
+ # def get_action_scopes_dict(self, intra_extension_id, action_category_id):
+ # with self.get_session_for_read() as session:
+ # query = session.query(ActionScope)
+ # query = query.filter_by(intra_extension_id=intra_extension_id, action_category_id=action_category_id)
+ # ref_list = query.all()
+ # return {_ref.id: _ref.action_scope for _ref in ref_list}
+ #
+ # def set_action_scope_dict(self, intra_extension_id, action_category_id, action_scope_id, action_scope_dict):
+ # with self.get_session_for_write() as session:
+ # query = session.query(ActionScope)
+ # query = query.filter_by(intra_extension_id=intra_extension_id, action_category_id=action_category_id, id=action_scope_id)
+ # ref = query.first()
+ # new_ref = ActionScope.from_dict(
+ # {
+ # "id": action_scope_id,
+ # 'action_scope': action_scope_dict,
+ # 'intra_extension_id': intra_extension_id,
+ # 'action_category_id': action_category_id
+ # }
+ # )
+ # if not ref:
+ # session.add(new_ref)
+ # ref = new_ref
+ # else:
+ # for attr in Action.attributes:
+ # if attr != 'id':
+ # setattr(ref, attr, getattr(new_ref, attr))
+ # # session.flush()
+ # return {action_scope_id: ActionScope.to_dict(ref)['action_scope']}
+ #
+ # def del_action_scope(self, intra_extension_id, action_category_id, action_scope_id):
+ # with self.get_session_for_write() as session:
+ # query = session.query(ActionScope)
+ # if not action_category_id or not action_scope_id:
+ # query = query.filter_by(intra_extension_id=intra_extension_id)
+ # for ref in query.all():
+ # session.delete(ref)
+ # else:
+ # query = query.filter_by(intra_extension_id=intra_extension_id, action_category_id=action_category_id, id=action_scope_id)
+ # ref = query.first()
+ # session.delete(ref)
+ #
+ # # Getter and Setter for subject_category_assignment
+ #
+ # def get_subject_assignment_list(self, intra_extension_id, subject_id, subject_category_id):
+ # with self.get_session_for_read() as session:
+ # query = session.query(SubjectAssignment)
+ # if not subject_id or not subject_category_id or not subject_category_id:
+ # query = query.filter_by(intra_extension_id=intra_extension_id)
+ # ref = query.all()
+ # return ref
+ # else:
+ # query = query.filter_by(intra_extension_id=intra_extension_id, subject_id=subject_id, subject_category_id=subject_category_id)
+ # ref = query.first()
+ # if not ref:
+ # return list()
+ # LOG.info("get_subject_assignment_list {}".format(ref.subject_assignment))
+ # return list(ref.subject_assignment)
+ #
+ # def set_subject_assignment_list(self, intra_extension_id, subject_id, subject_category_id, subject_assignment_list=[]):
+ # with self.get_session_for_write() as session:
+ # query = session.query(SubjectAssignment)
+ # query = query.filter_by(intra_extension_id=intra_extension_id, subject_id=subject_id, subject_category_id=subject_category_id)
+ # ref = query.first()
+ # new_ref = SubjectAssignment.from_dict(
+ # {
+ # "id": uuid4().hex,
+ # 'subject_assignment': subject_assignment_list,
+ # 'intra_extension_id': intra_extension_id,
+ # 'subject_id': subject_id,
+ # 'subject_category_id': subject_category_id
+ # }
+ # )
+ # if not ref:
+ # session.add(new_ref)
+ # ref = new_ref
+ # else:
+ # for attr in SubjectAssignment.attributes:
+ # if attr != 'id':
+ # setattr(ref, attr, getattr(new_ref, attr))
+ # # session.flush()
+ # return subject_assignment_list
+ #
+ # def add_subject_assignment_list(self, intra_extension_id, subject_id, subject_category_id, subject_scope_id):
+ # new_subject_assignment_list = self.get_subject_assignment_list(intra_extension_id, subject_id, subject_category_id)
+ # if subject_scope_id not in new_subject_assignment_list:
+ # new_subject_assignment_list.append(subject_scope_id)
+ # return self.set_subject_assignment_list(intra_extension_id, subject_id, subject_category_id, new_subject_assignment_list)
+ #
+ # def del_subject_assignment(self, intra_extension_id, subject_id, subject_category_id, subject_scope_id):
+ # if not subject_id or not subject_category_id or not subject_category_id:
+ # with self.get_session_for_write() as session:
+ # for ref in self.get_subject_assignment_list(intra_extension_id, None, None):
+ # session.delete(ref)
+ # session.flush()
+ # return
+ # new_subject_assignment_list = self.get_subject_assignment_list(intra_extension_id, subject_id, subject_category_id)
+ # new_subject_assignment_list.remove(subject_scope_id)
+ # return self.set_subject_assignment_list(intra_extension_id, subject_id, subject_category_id, new_subject_assignment_list)
+ #
+ # # Getter and Setter for object_category_assignment
+ #
+ # def get_object_assignment_list(self, intra_extension_id, object_id, object_category_id):
+ # with self.get_session_for_read() as session:
+ # query = session.query(ObjectAssignment)
+ # if not object_id or not object_category_id or not object_category_id:
+ # query = query.filter_by(intra_extension_id=intra_extension_id)
+ # ref = query.all()
+ # return ref
+ # else:
+ # query = query.filter_by(intra_extension_id=intra_extension_id, object_id=object_id, object_category_id=object_category_id)
+ # ref = query.first()
+ # if not ref:
+ # return list()
+ # return list(ref.object_assignment)
+ #
+ # def set_object_assignment_list(self, intra_extension_id, object_id, object_category_id, object_assignment_list=[]):
+ # with self.get_session_for_write() as session:
+ # query = session.query(ObjectAssignment)
+ # query = query.filter_by(intra_extension_id=intra_extension_id, object_id=object_id, object_category_id=object_category_id)
+ # ref = query.first()
+ # new_ref = ObjectAssignment.from_dict(
+ # {
+ # "id": uuid4().hex,
+ # 'object_assignment': object_assignment_list,
+ # 'intra_extension_id': intra_extension_id,
+ # 'object_id': object_id,
+ # 'object_category_id': object_category_id
+ # }
+ # )
+ # if not ref:
+ # session.add(new_ref)
+ # else:
+ # for attr in ObjectAssignment.attributes:
+ # if attr != 'id':
+ # setattr(ref, attr, getattr(new_ref, attr))
+ # # session.flush()
+ # return self.get_object_assignment_list(intra_extension_id, object_id, object_category_id)
+ #
+ # def add_object_assignment_list(self, intra_extension_id, object_id, object_category_id, object_scope_id):
+ # new_object_assignment_list = self.get_object_assignment_list(intra_extension_id, object_id, object_category_id)
+ # if object_scope_id not in new_object_assignment_list:
+ # new_object_assignment_list.append(object_scope_id)
+ # return self.set_object_assignment_list(intra_extension_id, object_id, object_category_id, new_object_assignment_list)
+ #
+ # def del_object_assignment(self, intra_extension_id, object_id, object_category_id, object_scope_id):
+ # if not object_id or not object_category_id or not object_category_id:
+ # with self.get_session_for_write() as session:
+ # for ref in self.get_object_assignment_list(intra_extension_id, None, None):
+ # session.delete(ref)
+ # session.flush()
+ # return
+ # new_object_assignment_list = self.get_object_assignment_list(intra_extension_id, object_id, object_category_id)
+ # new_object_assignment_list.remove(object_scope_id)
+ # return self.set_object_assignment_list(intra_extension_id, object_id, object_category_id, new_object_assignment_list)
+ #
+ # # Getter and Setter for action_category_assignment
+ #
+ # def get_action_assignment_list(self, intra_extension_id, action_id, action_category_id):
+ # with self.get_session_for_read() as session:
+ # query = session.query(ActionAssignment)
+ # if not action_id or not action_category_id or not action_category_id:
+ # query = query.filter_by(intra_extension_id=intra_extension_id)
+ # ref = query.all()
+ # return ref
+ # else:
+ # query = query.filter_by(intra_extension_id=intra_extension_id, action_id=action_id, action_category_id=action_category_id)
+ # ref = query.first()
+ # if not ref:
+ # return list()
+ # return list(ref.action_assignment)
+ #
+ # def set_action_assignment_list(self, intra_extension_id, action_id, action_category_id, action_assignment_list=[]):
+ # with self.get_session_for_write() as session:
+ # query = session.query(ActionAssignment)
+ # query = query.filter_by(intra_extension_id=intra_extension_id, action_id=action_id, action_category_id=action_category_id)
+ # ref = query.first()
+ # new_ref = ActionAssignment.from_dict(
+ # {
+ # "id": uuid4().hex,
+ # 'action_assignment': action_assignment_list,
+ # 'intra_extension_id': intra_extension_id,
+ # 'action_id': action_id,
+ # 'action_category_id': action_category_id
+ # }
+ # )
+ # if not ref:
+ # session.add(new_ref)
+ # else:
+ # for attr in ActionAssignment.attributes:
+ # if attr != 'id':
+ # setattr(ref, attr, getattr(new_ref, attr))
+ # # session.flush()
+ # return self.get_action_assignment_list(intra_extension_id, action_id, action_category_id)
+ #
+ # def add_action_assignment_list(self, intra_extension_id, action_id, action_category_id, action_scope_id):
+ # new_action_assignment_list = self.get_action_assignment_list(intra_extension_id, action_id, action_category_id)
+ # if action_scope_id not in new_action_assignment_list:
+ # new_action_assignment_list.append(action_scope_id)
+ # return self.set_action_assignment_list(intra_extension_id, action_id, action_category_id, new_action_assignment_list)
+ #
+ # def del_action_assignment(self, intra_extension_id, action_id, action_category_id, action_scope_id):
+ # if not action_id or not action_category_id or not action_category_id:
+ # with self.get_session_for_write() as session:
+ # for ref in self.get_action_assignment_list(intra_extension_id, None, None):
+ # session.delete(ref)
+ # session.flush()
+ # return
+ # new_action_assignment_list = self.get_action_assignment_list(intra_extension_id, action_id, action_category_id)
+ # new_action_assignment_list.remove(action_scope_id)
+ # return self.set_action_assignment_list(intra_extension_id, action_id, action_category_id, new_action_assignment_list)
+ #
+ # # Getter and Setter for sub_meta_rule
+ #
+ # def get_aggregation_algorithm_id(self, intra_extension_id):
+ # with self.get_session_for_read() as session:
+ # query = session.query(IntraExtension)
+ # query = query.filter_by(id=intra_extension_id)
+ # ref = query.first()
+ # try:
+ # return {"aggregation_algorithm": ref.intra_extension["aggregation_algorithm"]}
+ # except KeyError:
+ # return ""
+ #
+ # def set_aggregation_algorithm_id(self, intra_extension_id, aggregation_algorithm_id):
+ # with self.get_session_for_write() as session:
+ # query = session.query(IntraExtension)
+ # query = query.filter_by(id=intra_extension_id)
+ # ref = query.first()
+ # intra_extension_dict = dict(ref.intra_extension)
+ # intra_extension_dict["aggregation_algorithm"] = aggregation_algorithm_id
+ # setattr(ref, "intra_extension", intra_extension_dict)
+ # # session.flush()
+ # return {"aggregation_algorithm": ref.intra_extension["aggregation_algorithm"]}
+ #
+ # def del_aggregation_algorithm(self, intra_extension_id):
+ # with self.get_session_for_write() as session:
+ # query = session.query(IntraExtension)
+ # query = query.filter_by(id=intra_extension_id)
+ # ref = query.first()
+ # intra_extension_dict = dict(ref.intra_extension)
+ # intra_extension_dict["aggregation_algorithm"] = ""
+ # setattr(ref, "intra_extension", intra_extension_dict)
+ # return self.get_aggregation_algorithm_id(intra_extension_id)
+ #
+ # # Getter and Setter for sub_meta_rule
+ #
+ # def get_sub_meta_rules_dict(self, intra_extension_id):
+ # with self.get_session_for_read() as session:
+ # query = session.query(SubMetaRule)
+ # query = query.filter_by(intra_extension_id=intra_extension_id)
+ # ref_list = query.all()
+ # return {_ref.id: _ref.sub_meta_rule for _ref in ref_list}
+ #
+ # def set_sub_meta_rule_dict(self, intra_extension_id, sub_meta_rule_id, sub_meta_rule_dict):
+ # with self.get_session_for_write() as session:
+ # query = session.query(SubMetaRule)
+ # query = query.filter_by(intra_extension_id=intra_extension_id, id=sub_meta_rule_id)
+ # ref = query.first()
+ # new_ref = SubMetaRule.from_dict(
+ # {
+ # "id": sub_meta_rule_id,
+ # 'sub_meta_rule': sub_meta_rule_dict,
+ # 'intra_extension_id': intra_extension_id
+ # }
+ # )
+ # if not ref:
+ # session.add(new_ref)
+ # else:
+ # _sub_meta_rule_dict = dict(ref.sub_meta_rule)
+ # _sub_meta_rule_dict.update(sub_meta_rule_dict)
+ # setattr(new_ref, "sub_meta_rule", _sub_meta_rule_dict)
+ # for attr in SubMetaRule.attributes:
+ # if attr != 'id':
+ # setattr(ref, attr, getattr(new_ref, attr))
+ # # session.flush()
+ # return self.get_sub_meta_rules_dict(intra_extension_id)
+ #
+ # def del_sub_meta_rule(self, intra_extension_id, sub_meta_rule_id):
+ # with self.get_session_for_write() as session:
+ # query = session.query(SubMetaRule)
+ # query = query.filter_by(intra_extension_id=intra_extension_id, id=sub_meta_rule_id)
+ # ref = query.first()
+ # session.delete(ref)
+ #
+ # # Getter and Setter for rules
+ #
+ # def get_rules_dict(self, intra_extension_id, sub_meta_rule_id):
+ # with self.get_session_for_read() as session:
+ # query = session.query(Rule)
+ # query = query.filter_by(intra_extension_id=intra_extension_id, sub_meta_rule_id=sub_meta_rule_id)
+ # ref_list = query.all()
+ # return {_ref.id: _ref.rule for _ref in ref_list}
+ #
+ # def set_rule_dict(self, intra_extension_id, sub_meta_rule_id, rule_id, rule_list):
+ # with self.get_session_for_write() as session:
+ # query = session.query(Rule)
+ # query = query.filter_by(intra_extension_id=intra_extension_id, sub_meta_rule_id=sub_meta_rule_id, id=rule_id)
+ # ref = query.first()
+ # new_ref = Rule.from_dict(
+ # {
+ # "id": rule_id,
+ # 'rule': rule_list,
+ # 'intra_extension_id': intra_extension_id,
+ # 'sub_meta_rule_id': sub_meta_rule_id
+ # }
+ # )
+ # if not ref:
+ # session.add(new_ref)
+ # ref = new_ref
+ # else:
+ # for attr in Rule.attributes:
+ # if attr != 'id':
+ # setattr(ref, attr, getattr(new_ref, attr))
+ # # session.flush()
+ # return {rule_id: ref.rule}
+ #
+ # def del_rule(self, intra_extension_id, sub_meta_rule_id, rule_id):
+ # with self.get_session_for_write() as session:
+ # query = session.query(Rule)
+ # query = query.filter_by(intra_extension_id=intra_extension_id, sub_meta_rule_id=sub_meta_rule_id, id=rule_id)
+ # ref = query.first()
+ # session.delete(ref)
+
+
+class SQLConnector(PDPConnector, PolicyConnector, ModelConnector):
+ pass
diff --git a/old/python_moondb/python_moondb/core.py b/old/python_moondb/python_moondb/core.py
new file mode 100644
index 00000000..3fee146b
--- /dev/null
+++ b/old/python_moondb/python_moondb/core.py
@@ -0,0 +1,228 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+import logging
+from stevedore.driver import DriverManager
+from python_moonutilities import configuration
+from python_moondb.api import model, policy, pdp, keystone
+
+logger = logging.getLogger("moon.db")
+
+
+class Driver(DriverManager):
+
+ def __init__(self, driver_name, engine_name):
+ logger.info("initialization of Driver {}".format(driver_name))
+ super(Driver, self).__init__(
+ namespace='moon_db.driver',
+ name=driver_name,
+ invoke_on_load=True,
+ invoke_args=(engine_name,),
+ )
+
+
+class ModelDriver(Driver):
+
+ def __init__(self, driver_name, engine_name):
+ super(ModelDriver, self).__init__(driver_name, engine_name)
+
+ def update_model(self, model_id, value):
+ raise NotImplementedError() # pragma: no cover
+
+ def delete_model(self, model_id):
+ raise NotImplementedError() # pragma: no cover
+
+ def add_model(self, model_id=None, value=None):
+ raise NotImplementedError() # pragma: no cover
+
+ def get_models(self, model_id=None):
+ raise NotImplementedError() # pragma: no cover
+
+ def set_meta_rule(self, meta_rule_id, value):
+ raise NotImplementedError() # pragma: no cover
+
+ def get_meta_rules(self, meta_rule_id=None):
+ raise NotImplementedError() # pragma: no cover
+
+ def delete_meta_rule(self, meta_rule_id=None):
+ raise NotImplementedError() # pragma: no cover
+
+ def get_subject_categories(self, category_id=None):
+ raise NotImplementedError() # pragma: no cover
+
+ def add_subject_category(self, name, description):
+ raise NotImplementedError() # pragma: no cover
+
+ def delete_subject_category(self, category_id):
+ raise NotImplementedError() # pragma: no cover
+
+ def get_object_categories(self, category_id):
+ raise NotImplementedError() # pragma: no cover
+
+ def add_object_category(self, category_id, value):
+ raise NotImplementedError() # pragma: no cover
+
+ def delete_object_category(self, category_id):
+ raise NotImplementedError() # pragma: no cover
+
+ def get_action_categories(self, category_id):
+ raise NotImplementedError() # pragma: no cover
+
+ def add_action_category(self, category_id, value):
+ raise NotImplementedError() # pragma: no cover
+
+ def delete_action_category(self, category_id):
+ raise NotImplementedError() # pragma: no cover
+
+
+class PolicyDriver(Driver):
+
+ def __init__(self, driver_name, engine_name):
+ super(PolicyDriver, self).__init__(driver_name, engine_name)
+
+ def update_policy(self, policy_id, value):
+ raise NotImplementedError() # pragma: no cover
+
+ def delete_policy(self, policy_id):
+ raise NotImplementedError() # pragma: no cover
+
+ def add_policy(self, policy_id=None, value=None):
+ raise NotImplementedError() # pragma: no cover
+
+ def get_policies(self, policy_id=None):
+ raise NotImplementedError() # pragma: no cover
+
+ def get_subjects(self, policy_id, perimeter_id=None):
+ raise NotImplementedError() # pragma: no cover
+
+ def set_subject(self, policy_id, perimeter_id=None, value=None):
+ raise NotImplementedError() # pragma: no cover
+
+ def delete_subject(self, policy_id, perimeter_id):
+ raise NotImplementedError() # pragma: no cover
+
+ def get_objects(self, policy_id, perimeter_id=None):
+ raise NotImplementedError() # pragma: no cover
+
+ def set_object(self, policy_id, perimeter_id=None, value=None):
+ raise NotImplementedError() # pragma: no cover
+
+ def delete_object(self, policy_id, perimeter_id):
+ raise NotImplementedError() # pragma: no cover
+
+ def get_actions(self, policy_id, perimeter_id=None):
+ raise NotImplementedError() # pragma: no cover
+
+ def set_action(self, policy_id, perimeter_id=None, value=None):
+ raise NotImplementedError() # pragma: no cover
+
+ def delete_action(self, policy_id, perimeter_id):
+ raise NotImplementedError() # pragma: no cover
+
+ def get_subject_data(self, policy_id, data_id=None, category_id=None):
+ raise NotImplementedError() # pragma: no cover
+
+ def set_subject_data(self, policy_id, data_id=None, category_id=None, value=None):
+ raise NotImplementedError() # pragma: no cover
+
+ def delete_subject_data(self, policy_id, data_id):
+ raise NotImplementedError() # pragma: no cover
+
+ def get_object_data(self, policy_id, data_id=None, category_id=None):
+ raise NotImplementedError() # pragma: no cover
+
+ def set_object_data(self, policy_id, data_id=None, category_id=None, value=None):
+ raise NotImplementedError() # pragma: no cover
+
+ def delete_object_data(self, policy_id, data_id):
+ raise NotImplementedError() # pragma: no cover
+
+ def get_action_data(self, policy_id, data_id=None, category_id=None):
+ raise NotImplementedError() # pragma: no cover
+
+ def set_action_data(self, policy_id, data_id=None, category_id=None, value=None):
+ raise NotImplementedError() # pragma: no cover
+
+ def delete_action_data(self, policy_id, data_id):
+ raise NotImplementedError() # pragma: no cover
+
+ def get_subject_assignments(self, policy_id, subject_id=None, category_id=None):
+ raise NotImplementedError() # pragma: no cover
+
+ def add_subject_assignment(self, policy_id, subject_id, category_id, data_id):
+ raise NotImplementedError() # pragma: no cover
+
+ def delete_subject_assignment(self, policy_id, subject_id, category_id, data_id):
+ raise NotImplementedError() # pragma: no cover
+
+ def get_object_assignments(self, policy_id, assignment_id=None):
+ raise NotImplementedError() # pragma: no cover
+
+ def add_object_assignment(self, policy_id, subject_id, category_id, data_id):
+ raise NotImplementedError() # pragma: no cover
+
+ def delete_object_assignment(self, policy_id, object_id, category_id, data_id):
+ raise NotImplementedError() # pragma: no cover
+
+ def get_action_assignments(self, policy_id, assignment_id=None):
+ raise NotImplementedError() # pragma: no cover
+
+ def add_action_assignment(self, policy_id, action_id, category_id, data_id):
+ raise NotImplementedError() # pragma: no cover
+
+ def delete_action_assignment(self, policy_id, action_id, category_id, data_id):
+ raise NotImplementedError() # pragma: no cover
+
+ def get_rules(self, policy_id, rule_id=None, meta_rule_id=None):
+ raise NotImplementedError() # pragma: no cover
+
+ def add_rule(self, policy_id, meta_rule_id, value):
+ raise NotImplementedError() # pragma: no cover
+
+ def delete_rule(self, policy_id, rule_id):
+ raise NotImplementedError() # pragma: no cover
+
+
+class PDPDriver(Driver):
+
+ def __init__(self, driver_name, engine_name):
+ super(PDPDriver, self).__init__(driver_name, engine_name)
+
+ def update_pdp(self, pdp_id, value):
+ raise NotImplementedError() # pragma: no cover
+
+ def delete_pdp(self, pdp_id):
+ raise NotImplementedError() # pragma: no cover
+
+ def add_pdp(self, pdp_id=None, value=None):
+ raise NotImplementedError() # pragma: no cover
+
+ def get_pdp(self, pdp_id=None):
+ raise NotImplementedError() # pragma: no cover
+
+
+class KeystoneDriver(Driver):
+
+ def __init__(self, driver_name, engine_name):
+ super(KeystoneDriver, self).__init__(driver_name, engine_name)
+
+
+conf = configuration.get_configuration("database")['database']
+
+KeystoneManager = keystone.KeystoneManager(
+ KeystoneDriver(conf['driver'], conf['url'])
+)
+
+ModelManager = model.ModelManager(
+ ModelDriver(conf['driver'], conf['url'])
+)
+
+PolicyManager = policy.PolicyManager(
+ PolicyDriver(conf['driver'], conf['url'])
+)
+
+PDPManager = pdp.PDPManager(
+ PDPDriver(conf['driver'], conf['url'])
+)
diff --git a/old/python_moondb/python_moondb/db_manager.py b/old/python_moondb/python_moondb/db_manager.py
new file mode 100644
index 00000000..c251afbb
--- /dev/null
+++ b/old/python_moondb/python_moondb/db_manager.py
@@ -0,0 +1,82 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+"""
+"""
+
+import os
+import glob
+import importlib
+import argparse
+import logging
+from sqlalchemy import create_engine
+from python_moonutilities import configuration
+from python_moondb.migrate_repo import versions
+
+
+def init_args():
+ parser = argparse.ArgumentParser()
+ parser.add_argument('command', help='command (upgrade or downgrade)',
+ nargs=1)
+ parser.add_argument("--verbose", "-v", action='store_true',
+ help="verbose mode")
+ parser.add_argument("--debug", "-d", action='store_true',
+ help="debug mode")
+ args = parser.parse_args()
+
+ FORMAT = '%(asctime)-15s %(levelname)s %(message)s'
+ if args.debug:
+ logging.basicConfig(
+ format=FORMAT,
+ level=logging.DEBUG)
+ elif args.verbose:
+ logging.basicConfig(
+ format=FORMAT,
+ level=logging.INFO)
+ else:
+ logging.basicConfig(
+ format=FORMAT,
+ level=logging.WARNING)
+
+ requests_log = logging.getLogger("requests.packages.urllib3")
+ requests_log.setLevel(logging.WARNING)
+ requests_log.propagate = True
+
+ logger = logging.getLogger("moon.db.manager")
+ return args, logger
+
+
+def init_engine():
+ db_conf = configuration.get_configuration("database")["database"]
+ return create_engine(db_conf['url'])
+
+
+def main(command, logger, engine):
+ files = glob.glob(versions.__path__[0] + "/[0-9][0-9][0-9]*.py")
+ for filename in files:
+ filename = os.path.basename(filename).replace(".py", "")
+ o = importlib.import_module(
+ "python_moondb.migrate_repo.versions.{}".format(filename))
+ logger.info("Command is {}".format(command))
+ if command in ("upgrade", "u", "up"):
+ logger.info(
+ "upgrading python_moondb.migrate_repo.versions.{}".format(filename))
+ o.upgrade(engine)
+ elif command in ("downgrade", "d", "down"):
+ logger.info(
+ "downgrading python_moondb.migrate_repo.versions.{}".format(
+ filename))
+ o.downgrade(engine)
+ else:
+ logger.critical("Cannot understand the command!")
+
+
+def run():
+ args, logger = init_args()
+ engine = init_engine()
+ main(args.command[0], logger, engine)
+
+
+if __name__ == "__main__":
+ run()
diff --git a/old/python_moondb/python_moondb/migrate_repo/__init__.py b/old/python_moondb/python_moondb/migrate_repo/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/old/python_moondb/python_moondb/migrate_repo/__init__.py
diff --git a/old/python_moondb/python_moondb/migrate_repo/versions/001_moon.py b/old/python_moondb/python_moondb/migrate_repo/versions/001_moon.py
new file mode 100644
index 00000000..13670b91
--- /dev/null
+++ b/old/python_moondb/python_moondb/migrate_repo/versions/001_moon.py
@@ -0,0 +1,267 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+import json
+import sqlalchemy as sql
+from sqlalchemy import types as sql_types
+
+
+class JsonBlob(sql_types.TypeDecorator):
+ impl = sql.Text
+
+ def process_bind_param(self, value, dialect):
+ return json.dumps(value)
+
+ def process_result_value(self, value, dialect):
+ return json.loads(value)
+
+
+def upgrade(migrate_engine):
+ meta = sql.MetaData()
+ meta.bind = migrate_engine
+
+ table = sql.Table(
+ 'pdp',
+ meta,
+ sql.Column('id', sql.String(64), primary_key=True),
+ sql.Column('name', sql.String(256), nullable=False),
+ sql.Column('keystone_project_id', sql.String(64), nullable=True, default=""),
+ sql.Column('value', JsonBlob(), nullable=True),
+ sql.UniqueConstraint('name', 'keystone_project_id', name='unique_constraint_models'),
+ mysql_engine='InnoDB',
+ mysql_charset='utf8')
+ table.create(migrate_engine, checkfirst=True)
+
+ table = sql.Table(
+ 'policies',
+ meta,
+ sql.Column('id', sql.String(64), primary_key=True),
+ sql.Column('name', sql.String(256), nullable=False),
+ sql.Column('model_id', sql.String(64), nullable=True, default=""),
+ sql.Column('value', JsonBlob(), nullable=True),
+ sql.UniqueConstraint('name', 'model_id', name='unique_constraint_models'),
+ mysql_engine='InnoDB',
+ mysql_charset='utf8')
+ table.create(migrate_engine, checkfirst=True)
+
+ table = sql.Table(
+ 'models',
+ meta,
+ sql.Column('id', sql.String(64), primary_key=True),
+ sql.Column('name', sql.String(256), nullable=False),
+ sql.Column('value', JsonBlob(), nullable=True),
+ sql.UniqueConstraint('name', name='unique_constraint_models'),
+ mysql_engine='InnoDB',
+ mysql_charset='utf8')
+ table.create(migrate_engine, checkfirst=True)
+
+ subject_categories_table = sql.Table(
+ 'subject_categories',
+ meta,
+ sql.Column('id', sql.String(64), primary_key=True),
+ sql.Column('name', sql.String(256), nullable=False),
+ sql.Column('description', sql.String(256), nullable=True),
+
+ sql.UniqueConstraint('name', name='unique_constraint_subject_categories'),
+ mysql_engine='InnoDB',
+ mysql_charset='utf8')
+ subject_categories_table.create(migrate_engine, checkfirst=True)
+
+ object_categories_table = sql.Table(
+ 'object_categories',
+ meta,
+ sql.Column('id', sql.String(64), primary_key=True),
+ sql.Column('name', sql.String(256), nullable=False),
+ sql.Column('description', sql.String(256), nullable=True),
+
+ sql.UniqueConstraint('name', name='unique_constraint_object_categories'),
+ mysql_engine='InnoDB',
+ mysql_charset='utf8')
+ object_categories_table.create(migrate_engine, checkfirst=True)
+
+ action_categories_table = sql.Table(
+ 'action_categories',
+ meta,
+ sql.Column('id', sql.String(64), primary_key=True),
+ sql.Column('name', sql.String(256), nullable=False),
+ sql.Column('description', sql.String(256), nullable=True),
+
+ sql.UniqueConstraint('name', name='unique_constraint_action_categories'),
+ mysql_engine='InnoDB',
+ mysql_charset='utf8')
+ action_categories_table.create(migrate_engine, checkfirst=True)
+
+ subjects_table = sql.Table(
+ 'subjects',
+ meta,
+ sql.Column('id', sql.String(64), primary_key=True),
+ sql.Column('name', sql.String(256), nullable=False),
+ sql.Column('value', JsonBlob(), nullable=True),
+ sql.UniqueConstraint('name', name='unique_constraint_subjects'),
+ mysql_engine='InnoDB',
+ mysql_charset='utf8')
+ subjects_table.create(migrate_engine, checkfirst=True)
+
+ objects_table = sql.Table(
+ 'objects',
+ meta,
+ sql.Column('id', sql.String(64), primary_key=True),
+ sql.Column('name', sql.String(256), nullable=False),
+ sql.Column('value', JsonBlob(), nullable=True),
+ sql.UniqueConstraint('name', name='unique_constraint_objects'),
+ mysql_engine='InnoDB',
+ mysql_charset='utf8')
+ objects_table.create(migrate_engine, checkfirst=True)
+
+ actions_table = sql.Table(
+ 'actions',
+ meta,
+ sql.Column('id', sql.String(64), primary_key=True),
+ sql.Column('name', sql.String(256), nullable=False),
+ sql.Column('value', JsonBlob(), nullable=True),
+ sql.UniqueConstraint('name', name='unique_constraint_actions'),
+ mysql_engine='InnoDB',
+ mysql_charset='utf8')
+ actions_table.create(migrate_engine, checkfirst=True)
+
+ subject_data_table = sql.Table(
+ 'subject_data',
+ meta,
+ sql.Column('id', sql.String(64), primary_key=True),
+ sql.Column('name', sql.String(256), nullable=False),
+ sql.Column('value', JsonBlob(), nullable=True),
+ sql.Column('category_id', sql.ForeignKey("subject_categories.id"), nullable=False),
+ sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False),
+ sql.UniqueConstraint('name', 'category_id', 'policy_id',
+ name='unique_constraint_subject_data'),
+ mysql_engine='InnoDB',
+ mysql_charset='utf8')
+ subject_data_table.create(migrate_engine, checkfirst=True)
+
+ object_data_table = sql.Table(
+ 'object_data',
+ meta,
+ sql.Column('id', sql.String(64), primary_key=True),
+ sql.Column('name', sql.String(256), nullable=False),
+ sql.Column('value', JsonBlob(), nullable=True),
+ sql.Column('category_id', sql.ForeignKey("object_categories.id"), nullable=False),
+ sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False),
+ sql.UniqueConstraint('name', 'category_id', 'policy_id',
+ name='unique_constraint_object_data'),
+ mysql_engine='InnoDB',
+ mysql_charset='utf8')
+ object_data_table.create(migrate_engine, checkfirst=True)
+
+ action_data_table = sql.Table(
+ 'action_data',
+ meta,
+ sql.Column('id', sql.String(64), primary_key=True),
+ sql.Column('name', sql.String(256), nullable=False),
+ sql.Column('value', JsonBlob(), nullable=True),
+ sql.Column('category_id', sql.ForeignKey("action_categories.id"), nullable=False),
+ sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False),
+ sql.UniqueConstraint('name', 'category_id', 'policy_id',
+ name='unique_constraint_action_data'),
+ mysql_engine='InnoDB',
+ mysql_charset='utf8')
+ action_data_table.create(migrate_engine, checkfirst=True)
+
+ subject_assignments_table = sql.Table(
+ 'subject_assignments',
+ meta,
+ sql.Column('id', sql.String(64), primary_key=True),
+ sql.Column('assignments', sql.String(256), nullable=True),
+ sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False),
+ sql.Column('subject_id', sql.ForeignKey("subjects.id"), nullable=False),
+ sql.Column('category_id', sql.ForeignKey("subject_categories.id"), nullable=False),
+ sql.UniqueConstraint('policy_id', 'subject_id', 'category_id',
+ name='unique_constraint_subject_assignment'),
+ mysql_engine='InnoDB',
+ mysql_charset='utf8')
+ subject_assignments_table.create(migrate_engine, checkfirst=True)
+
+ object_assignments_table = sql.Table(
+ 'object_assignments',
+ meta,
+ sql.Column('id', sql.String(64), primary_key=True),
+ sql.Column('assignments', sql.String(256), nullable=True),
+ sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False),
+ sql.Column('object_id', sql.ForeignKey("objects.id"), nullable=False),
+ sql.Column('category_id', sql.ForeignKey("object_categories.id"), nullable=False),
+ sql.UniqueConstraint('policy_id', 'object_id', 'category_id',
+ name='unique_constraint_object_assignment'),
+ mysql_engine='InnoDB',
+ mysql_charset='utf8')
+ object_assignments_table.create(migrate_engine, checkfirst=True)
+
+ action_assignments_table = sql.Table(
+ 'action_assignments',
+ meta,
+ sql.Column('id', sql.String(64), primary_key=True),
+ sql.Column('assignments', sql.String(256), nullable=True),
+ sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False),
+ sql.Column('action_id', sql.ForeignKey("actions.id"), nullable=False),
+ sql.Column('category_id', sql.ForeignKey("action_categories.id"), nullable=False),
+ sql.UniqueConstraint('policy_id', 'action_id', 'category_id',
+ name='unique_constraint_action_assignment'),
+ mysql_engine='InnoDB',
+ mysql_charset='utf8')
+ action_assignments_table.create(migrate_engine, checkfirst=True)
+
+ meta_rules_table = sql.Table(
+ 'meta_rules',
+ meta,
+ sql.Column('id', sql.String(64), primary_key=True),
+ sql.Column('name', sql.String(256), nullable=False),
+ sql.Column('subject_categories', JsonBlob(), nullable=False),
+ sql.Column('object_categories', JsonBlob(), nullable=False),
+ sql.Column('action_categories', JsonBlob(), nullable=False),
+ sql.Column('value', JsonBlob(), nullable=True),
+ sql.UniqueConstraint('name', name='unique_constraint_meta_rule_name'),
+ # sql.UniqueConstraint('subject_categories', 'object_categories', 'action_categories', name='unique_constraint_meta_rule_def'),
+ mysql_engine='InnoDB',
+ mysql_charset='utf8')
+ meta_rules_table.create(migrate_engine, checkfirst=True)
+
+ rules_table = sql.Table(
+ 'rules',
+ meta,
+ sql.Column('id', sql.String(64), primary_key=True),
+ sql.Column('rule', JsonBlob(), nullable=True),
+ sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False),
+ sql.Column('meta_rule_id', sql.ForeignKey("meta_rules.id"), nullable=False),
+ mysql_engine='InnoDB',
+ mysql_charset='utf8')
+ rules_table.create(migrate_engine, checkfirst=True)
+
+
+def downgrade(migrate_engine):
+ meta = sql.MetaData()
+ meta.bind = migrate_engine
+
+ for _table in (
+ 'rules',
+ 'meta_rules',
+ 'action_assignments',
+ 'object_assignments',
+ 'subject_assignments',
+ 'action_data',
+ 'object_data',
+ 'subject_data',
+ 'actions',
+ 'objects',
+ 'subjects',
+ 'action_categories',
+ 'object_categories',
+ 'subject_categories',
+ 'models',
+ 'policies',
+ 'pdp'
+ ):
+ try:
+ table = sql.Table(_table, meta, autoload=True)
+ table.drop(migrate_engine, checkfirst=True)
+ except Exception as e:
+ print(e)
diff --git a/old/python_moondb/python_moondb/migrate_repo/versions/__init__.py b/old/python_moondb/python_moondb/migrate_repo/versions/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/old/python_moondb/python_moondb/migrate_repo/versions/__init__.py