1 files changed, 167 insertions, 0 deletions

diff --git a/old/tools/policies/generate_opst_policy.py b/old/tools/policies/generate_opst_policy.py
new file mode 100644
index 00000000..dd01d1c1
--- /dev/null
+++ b/old/tools/policies/generate_opst_policy.py
@@ -0,0 +1,167 @@
+import json
+import os
+import logging
+import argparse
+
+
+FILES = [
+    "cinder.policy.json",
+    "glance.policy.json",
+    "keystone.policy.json",
+    "neutron.policy.json",
+    "nova.policy.json",
+]
+policy = {
+    "pdps": [{
+        "name": "external_pdp",
+        "keystone_project_id": "",
+        "description": "",
+        "policies": [{"name": "OpenStack RBAC Policy"}]}
+    ],
+
+    "policies": [{
+        "name": "OpenStack RBAC Policy",
+        "genre": "authz",
+        "description": "A RBAC policy similar of what you can find through policy.json files",
+        "model": {"name": "OPST_RBAC"}, "mandatory": True, "override": True}
+    ],
+
+    "models": [{"name": "OPST_RBAC", "description": "", "meta_rules": [{"name": "rbac"}], "override": True}],
+
+    "subjects": [
+        {"name": "admin", "description": "", "extra": {}, "policies": [{"name": "OpenStack RBAC Policy"}]},
+        {"name": "demo", "description": "", "extra": {}, "policies": [{"name": "OpenStack RBAC Policy"}]}
+    ],
+
+    "subject_categories": [{"name": "role", "description": "a role in OpenStack"}],
+
+    "subject_data": [
+        {"name": "admin", "description": "the admin role", "policies": [], "category": {"name": "role"}},
+        {"name": "member", "description": "the member role", "policies": [], "category": {"name": "role"}}
+    ],
+
+    "subject_assignments": [
+        {"subject": {"name": "admin"}, "category": {"name": "role"}, "assignments": [{"name": "admin"}, {"name": "member"}]},
+        {"subject": {"name": "demo"}, "category": {"name": "role"}, "assignments": [{"name": "member"}]}
+    ],
+
+    "objects": [],
+
+    "object_categories": [{"name": "id", "description": "the UID of each virtual machine"}],
+
+    "object_data": [
+        {
+            "name": "all_vm",
+            "description": "represents all virtual machines in this project",
+            "policies": [],
+            "category": {"name": "id"}},
+    ],
+
+    "object_assignments": [],
+
+    "actions": [],
+
+    "action_categories": [{"name": "action_id", "description": ""}],
+
+    "action_data": [],
+
+    "action_assignments": [],
+
+    "meta_rules": [
+        {
+            "name": "rbac", "description": "",
+            "subject_categories": [{"name": "role"}],
+            "object_categories": [{"name": "id"}],
+            "action_categories": [{"name": "action_id"}]
+        }
+    ],
+
+    "rules": [],
+
+}
+logger = logging.getLogger(__name__)
+
+
+def init():
+    parser = argparse.ArgumentParser()
+    parser.add_argument("--verbose", '-v', action='store_true', help='verbose mode')
+    parser.add_argument("--debug", '-d', action='store_true', help='debug mode')
+    parser.add_argument("--dir", help='directory containing policy files', default="./policy.json.d")
+    parser.add_argument("--indent", '-i', help='indent the output (default:None)', type=int, default=None)
+    parser.add_argument("--output", '-o', help='output name', type=str, default="opst_default_policy.json")
+    args = parser.parse_args()
+    logging_format = "%(levelname)s: %(message)s"
+    if args.verbose:
+        logging.basicConfig(level=logging.INFO, format=logging_format)
+    if args.debug:
+        logging.basicConfig(level=logging.DEBUG, format=logging_format)
+    else:
+        logging.basicConfig(format=logging_format)
+    return args
+
+
+def get_rules(args):
+    results = {}
+    for f in FILES:
+        _json_file = json.loads(open(os.path.join(args.dir, f)).read())
+        keys = list(_json_file.keys())
+        values = list(_json_file.values())
+        for value in values:
+            if value in keys:
+                keys.remove(value)
+        component = os.path.basename(f).split(".")[0]
+        results[component] = keys
+    return results
+
+
+def build_dict(results):
+    for key in results:
+        for rule in results[key]:
+            _output = {
+                "name": rule,
+                "description": "{} action for {}".format(rule, key),
+                "extra": {"component": key},
+                "policies": []
+            }
+            policy['actions'].append(_output)
+            _output = {
+                "name": rule,
+                "description": "{} action for {}".format(rule, key),
+                "policies": [],
+                "category": {"name": "action_id"}
+            }
+            policy['action_data'].append(_output)
+            _output = {
+                "action": {"name": rule},
+                "category": {"name": "action_id"},
+                "assignments": [{"name": rule}, ]}
+            policy['action_assignments'].append(_output)
+            _output = {
+                "meta_rule": {"name": "rbac"},
+                "rule": {
+                    "subject_data": [{"name": "admin"}],
+                    "object_data": [{"name": "all_vm"}],
+                    "action_data": [{"name": rule}]
+                },
+                "policy": {"name": "OpenStack RBAC Policy"},
+                "instructions": {"decision": "grant"},
+                "enabled": True
+              }
+            policy['rules'].append(_output)
+            # TODO: add rules for member only
+            # TODO: add rules for everyone
+
+
+def write_dict(args):
+    json.dump(policy, open(args.output, "w"), indent=args.indent)
+
+
+def main():
+    args = init()
+    rules = get_rules(args)
+    build_dict(rules)
+    write_dict(args)
+
+
+if __name__ == "__main__":
+    main()
\ No newline at end of file