aboutsummaryrefslogtreecommitdiffstats
path: root/python_moondb/python_moondb/api
diff options
context:
space:
mode:
Diffstat (limited to 'python_moondb/python_moondb/api')
-rw-r--r--python_moondb/python_moondb/api/__init__.py0
-rw-r--r--python_moondb/python_moondb/api/keystone.py105
-rw-r--r--python_moondb/python_moondb/api/managers.py16
-rw-r--r--python_moondb/python_moondb/api/model.py338
-rw-r--r--python_moondb/python_moondb/api/pdp.py51
-rw-r--r--python_moondb/python_moondb/api/policy.py751
6 files changed, 0 insertions, 1261 deletions
diff --git a/python_moondb/python_moondb/api/__init__.py b/python_moondb/python_moondb/api/__init__.py
deleted file mode 100644
index e69de29b..00000000
--- a/python_moondb/python_moondb/api/__init__.py
+++ /dev/null
diff --git a/python_moondb/python_moondb/api/keystone.py b/python_moondb/python_moondb/api/keystone.py
deleted file mode 100644
index 57521c36..00000000
--- a/python_moondb/python_moondb/api/keystone.py
+++ /dev/null
@@ -1,105 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-
-import os
-import requests
-import json
-from uuid import uuid4
-import logging
-from python_moonutilities import exceptions, configuration
-from python_moonutilities.security_functions import filter_input, login, logout
-from python_moondb.api.managers import Managers
-
-logger = logging.getLogger("moon.db.api.keystone")
-
-
-class KeystoneManager(Managers):
-
- def __init__(self, connector=None):
- self.driver = connector.driver
- Managers.KeystoneManager = self
- conf = configuration.get_configuration("openstack/keystone")['openstack/keystone']
-
- self.__url = conf['url']
- self.__user = conf['user']
- self.__password = conf['password']
- self.__domain = conf['domain']
- self.__project = conf['project']
- try:
- os.environ.pop("http_proxy")
- os.environ.pop("https_proxy")
- except KeyError:
- pass
-
- def __get(self, endpoint, _exception=exceptions.KeystoneError):
- _headers = login()
- req = requests.get("{}{}".format(self.__url, endpoint), headers=_headers, verify=False)
- if req.status_code not in (200, 201):
- logger.error(req.text)
- raise _exception
- data = req.json()
- logout(_headers)
- return data
-
- def __post(self, endpoint, data=None, _exception=exceptions.KeystoneError):
- _headers = login()
- req = requests.post("{}{}".format(self.__url, endpoint),
- data=json.dumps(data),
- headers=_headers, verify=False)
- if req.status_code == 409:
- logger.warning(req.text)
- raise exceptions.KeystoneUserConflict
- if req.status_code not in (200, 201):
- logger.error(req.text)
- raise _exception
- data = req.json()
- logout(_headers)
- return data
-
- def list_projects(self):
- return self.__get(endpoint="/projects/", _exception=exceptions.KeystoneProjectError)
-
- @filter_input
- def create_project(self, tenant_dict):
- if "name" not in tenant_dict:
- raise exceptions.KeystoneProjectError("Cannot get the project name.")
- _project = {
- "project": {
- "description": tenant_dict['description'] if 'description' in tenant_dict else "",
- "domain_id": tenant_dict['domain'] if 'domain' in tenant_dict else "default",
- "enabled": True,
- "is_domain": False,
- "name": tenant_dict['name']
- }
- }
- return self.__post(endpoint="/projects/",
- data=_project,
- _exception=exceptions.KeystoneProjectError)
-
- @filter_input
- def get_user_by_name(self, username, domain_id="default"):
- return self.__get(endpoint="/users?name={}&domain_id={}".format(username, domain_id),
- _exception=exceptions.KeystoneUserError)
-
- @filter_input
- def create_user(self, subject_dict):
- _user = {
- "user": {
- "enabled": True,
- "name": subject_dict['name'] if 'name' in subject_dict else uuid4().hex,
- }
- }
- if 'project' in subject_dict:
- _user['user']['default_project_id'] = subject_dict['project']
- if 'domain' in subject_dict:
- _user['user']['domain_id'] = subject_dict['domain']
- if 'password' in subject_dict:
- _user['user']['password'] = subject_dict['password']
- try:
- return self.__post(endpoint="/users/",
- data=_user,
- _exception=exceptions.KeystoneUserError)
- except exceptions.KeystoneUserConflict:
- return True
diff --git a/python_moondb/python_moondb/api/managers.py b/python_moondb/python_moondb/api/managers.py
deleted file mode 100644
index 414725f6..00000000
--- a/python_moondb/python_moondb/api/managers.py
+++ /dev/null
@@ -1,16 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-
-import logging
-
-logger = logging.getLogger("moon.db.api.managers")
-
-
-class Managers(object):
- """Object that links managers together"""
- ModelManager = None
- KeystoneManager = None
- PDPManager = None
- PolicyManager = None
diff --git a/python_moondb/python_moondb/api/model.py b/python_moondb/python_moondb/api/model.py
deleted file mode 100644
index 4f6c34cb..00000000
--- a/python_moondb/python_moondb/api/model.py
+++ /dev/null
@@ -1,338 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-
-from uuid import uuid4
-import logging
-from python_moonutilities import exceptions
-from python_moonutilities.security_functions import filter_input, enforce
-from python_moondb.api.managers import Managers
-import copy
-
-logger = logging.getLogger("moon.db.api.model")
-
-
-class ModelManager(Managers):
-
- def __init__(self, connector=None):
- self.driver = connector.driver
- Managers.ModelManager = self
-
- @enforce(("read", "write"), "models")
- def update_model(self, user_id, model_id, value):
- if model_id not in self.driver.get_models(model_id=model_id):
- raise exceptions.ModelUnknown
-
- if not value['name'].strip():
- raise exceptions.ModelContentError('Model name invalid')
-
- if 'meta_rules' not in value:
- raise exceptions.MetaRuleUnknown
-
- if not value['name']:
- raise exceptions.ModelContentError
-
- model = self.get_models(user_id=user_id, model_id=model_id)
- model = model[next(iter(model))]
- if ((model['meta_rules'] and value['meta_rules'] and model['meta_rules'] != value[
- 'meta_rules']) \
- or (model['meta_rules'] and not value['meta_rules'])):
- policies = Managers.PolicyManager.get_policies(user_id=user_id)
- for policy_id in policies:
- if policies[policy_id]["model_id"] == model_id:
- raise exceptions.DeleteModelWithPolicy
-
- if value and 'meta_rules' in value:
- for meta_rule_id in value['meta_rules']:
- if not self.driver.get_meta_rules(meta_rule_id=meta_rule_id):
- raise exceptions.MetaRuleUnknown
-
- return self.driver.update_model(model_id=model_id, value=value)
-
- @enforce(("read", "write"), "models")
- def delete_model(self, user_id, model_id):
- if model_id not in self.driver.get_models(model_id=model_id):
- raise exceptions.ModelUnknown
- # TODO (asteroide): check that no policy is connected to this model
- policies = Managers.PolicyManager.get_policies(user_id=user_id)
- for policy in policies:
- if policies[policy]['model_id'] == model_id:
- raise exceptions.DeleteModelWithPolicy
- return self.driver.delete_model(model_id=model_id)
-
- @enforce(("read", "write"), "models")
- def add_model(self, user_id, model_id=None, value=None):
-
- if not value['name']:
- raise exceptions.ModelContentError
-
- if not value['name'].strip():
- raise exceptions.ModelContentError('Model name invalid')
-
- models = self.driver.get_models()
- if model_id in models:
- raise exceptions.ModelExisting
-
- for model in models:
- if models[model]['name'] == value['name']:
- raise exceptions.ModelExisting("Model Name Existed")
- same_meta_rule_counter = 0
- for meta_rule_id in models[model]['meta_rules']:
- if meta_rule_id in value['meta_rules']:
- same_meta_rule_counter += 1
- if same_meta_rule_counter == len(value['meta_rules']) and \
- len(models[model]['meta_rules']) == len(value['meta_rules']):
- raise exceptions.ModelExisting("Meta Rules List Existed in another Model")
-
- if not model_id:
- model_id = uuid4().hex
- if value and 'meta_rules' in value:
- for meta_rule_id in value['meta_rules']:
- if not meta_rule_id:
- raise exceptions.MetaRuleUnknown
- meta_rule = self.driver.get_meta_rules(meta_rule_id=meta_rule_id)
- if not meta_rule:
- raise exceptions.MetaRuleUnknown
-
- meta_rule_content = meta_rule[next(iter(meta_rule))]
- if (not meta_rule_content['subject_categories']) or (
- not meta_rule_content['object_categories']) or (
- not meta_rule_content['action_categories']):
- raise exceptions.MetaRuleContentError
-
- return self.driver.add_model(model_id=model_id, value=value)
-
- @enforce("read", "models")
- def get_models(self, user_id, model_id=None):
- return self.driver.get_models(model_id=model_id)
-
- @enforce(("read", "write"), "meta_rules")
- def update_meta_rule(self, user_id, meta_rule_id, value):
- meta_rules=self.driver.get_meta_rules()
- if not meta_rule_id or meta_rule_id not in meta_rules:
- raise exceptions.MetaRuleUnknown
- self.__check_meta_rule_dependencies(user_id=user_id, meta_rule_id=meta_rule_id)
- if value:
- if 'subject_categories' in value:
- for subject_category_id in value['subject_categories']:
- if not subject_category_id or not self.driver.get_subject_categories(
- category_id=subject_category_id):
- raise exceptions.SubjectCategoryUnknown
- if 'object_categories' in value:
- for object_category_id in value['object_categories']:
- if not object_category_id or not self.driver.get_object_categories(
- category_id=object_category_id):
- raise exceptions.ObjectCategoryUnknown
- if 'action_categories' in value:
- for action_category_id in value['action_categories']:
- if not action_category_id or not self.driver.get_action_categories(
- category_id=action_category_id):
- raise exceptions.ActionCategoryUnknown
-
- for meta_rule_obj_id in meta_rules:
- counter_matched_list = 0
- counter_matched_list += self.check_combination(meta_rules[meta_rule_obj_id]['subject_categories'],
- value['subject_categories'])
- counter_matched_list += self.check_combination(meta_rules[meta_rule_obj_id]['object_categories'],
- value['object_categories'])
- counter_matched_list += self.check_combination(meta_rules[meta_rule_obj_id]['action_categories'],
- value['action_categories'])
- if counter_matched_list == 3 and meta_rule_obj_id!=meta_rule_id:
- raise exceptions.MetaRuleExisting("Same categories combination existed")
-
- return self.driver.set_meta_rule(meta_rule_id=meta_rule_id, value=value)
-
- def __check_meta_rule_dependencies(self, user_id, meta_rule_id):
- policies = Managers.PolicyManager.get_policies(user_id=user_id)
- for policy_id in policies:
- rules = Managers.PolicyManager.get_rules(user_id=user_id, policy_id=policy_id,
- meta_rule_id=meta_rule_id)
- if len(rules['rules']):
- raise exceptions.MetaRuleUpdateError
-
- @enforce("read", "meta_rules")
- def get_meta_rules(self, user_id, meta_rule_id=None):
- return self.driver.get_meta_rules(meta_rule_id=meta_rule_id)
-
- @enforce(("read", "write"), "meta_rules")
- def add_meta_rule(self, user_id, meta_rule_id=None, value=None):
-
- if not value['name']:
- raise exceptions.MetaRuleContentError
-
- meta_rules = self.driver.get_meta_rules()
-
- if meta_rule_id in meta_rules:
- raise exceptions.MetaRuleExisting
-
- if value:
- if 'subject_categories' in value:
- for subject_category_id in value['subject_categories']:
- if not self.driver.get_subject_categories(category_id=subject_category_id):
- raise exceptions.SubjectCategoryUnknown
- if 'object_categories' in value:
- for object_category_id in value['object_categories']:
- if not self.driver.get_object_categories(category_id=object_category_id):
- raise exceptions.ObjectCategoryUnknown
- if 'action_categories' in value:
- for action_category_id in value['action_categories']:
- if not self.driver.get_action_categories(category_id=action_category_id):
- raise exceptions.ActionCategoryUnknown
-
- for meta_rule_obj_id in meta_rules:
- counter_matched_list = 0
- counter_matched_list += self.check_combination(meta_rules[meta_rule_obj_id]['subject_categories'],
- value['subject_categories'])
- counter_matched_list += self.check_combination(meta_rules[meta_rule_obj_id]['object_categories'],
- value['object_categories'])
- counter_matched_list += self.check_combination(meta_rules[meta_rule_obj_id]['action_categories'],
- value['action_categories'])
- if counter_matched_list == 3:
- raise exceptions.MetaRuleExisting("Same categories combination existed")
-
- return self.driver.set_meta_rule(meta_rule_id=meta_rule_id, value=value)
-
- @enforce(("read", "write"), "meta_rules")
- def check_combination(self, list_one, list_two):
- counter_removed_items = 0
- temp_list_two = copy.deepcopy(list_two)
- for item in list_one:
- if item in temp_list_two:
- temp_list_two.remove(item)
- counter_removed_items += 1
-
- if counter_removed_items == len(list_two) and len(list_two) == len(list_one) and len(list_two):
- return 1
- return 0
-
- @enforce(("read", "write"), "meta_rules")
- def delete_meta_rule(self, user_id, meta_rule_id=None):
- if meta_rule_id not in self.driver.get_meta_rules(meta_rule_id=meta_rule_id):
- raise exceptions.MetaRuleUnknown
- # TODO (asteroide): check and/or delete data and assignments and rules linked to that meta_rule
- models = self.get_models(user_id=user_id)
- for model_id in models:
- for id in models[model_id]['meta_rules']:
- if id == meta_rule_id:
- raise exceptions.DeleteMetaRuleWithModel
- return self.driver.delete_meta_rule(meta_rule_id=meta_rule_id)
-
- @enforce("read", "meta_data")
- def get_subject_categories(self, user_id, category_id=None):
- return self.driver.get_subject_categories(category_id=category_id)
-
- @enforce(("read", "write"), "meta_data")
- def add_subject_category(self, user_id, category_id=None, value=None):
- subject_categories = self.driver.get_subject_categories(category_id=category_id)
-
- if not value['name']:
- raise exceptions.CategoryNameInvalid
-
- if category_id in subject_categories:
- raise exceptions.SubjectCategoryExisting
-
- return self.driver.add_subject_category(name=value["name"],
- description=value["description"], uuid=category_id)
-
- @enforce(("read", "write"), "meta_data")
- def delete_subject_category(self, user_id, category_id):
- # TODO (asteroide): delete all data linked to that category
- # TODO (asteroide): delete all meta_rules linked to that category
- if category_id not in self.driver.get_subject_categories(category_id=category_id):
- raise exceptions.SubjectCategoryUnknown
- meta_rules = self.get_meta_rules(user_id=user_id)
- for meta_rule_id in meta_rules:
- for subject_category_id in meta_rules[meta_rule_id]['subject_categories']:
- logger.info(
- "delete_subject_category {} {}".format(subject_category_id, meta_rule_id))
- logger.info("delete_subject_category {}".format(meta_rules[meta_rule_id]))
- if subject_category_id == category_id:
- # has_rules = self.driver.is_meta_rule_has_rules(meta_rule_id)
- # if has_rules:
- raise exceptions.DeleteSubjectCategoryWithMetaRule
-
- if self.driver.is_subject_category_has_assignment(category_id):
- raise exceptions.DeleteCategoryWithAssignment
-
- if self.driver.is_subject_data_exist(category_id=category_id):
- raise exceptions.DeleteCategoryWithData
-
- return self.driver.delete_subject_category(category_id=category_id)
-
- @enforce("read", "meta_data")
- def get_object_categories(self, user_id, category_id=None):
- return self.driver.get_object_categories(category_id)
-
- @enforce(("read", "write"), "meta_data")
- def add_object_category(self, user_id, category_id=None, value=None):
- if not value['name']:
- raise exceptions.CategoryNameInvalid
-
- object_categories = self.driver.get_object_categories(category_id=category_id)
- if category_id in object_categories:
- raise exceptions.ObjectCategoryExisting
-
- return self.driver.add_object_category(name=value["name"], description=value["description"],
- uuid=category_id)
-
- @enforce(("read", "write"), "meta_data")
- def delete_object_category(self, user_id, category_id):
- # TODO (asteroide): delete all data linked to that category
- # TODO (asteroide): delete all meta_rules linked to that category
- if category_id not in self.driver.get_object_categories(category_id=category_id):
- raise exceptions.ObjectCategoryUnknown
- meta_rules = self.get_meta_rules(user_id=user_id)
- for meta_rule_id in meta_rules:
- for object_category_id in meta_rules[meta_rule_id]['object_categories']:
- if object_category_id == category_id:
- # has_rules = self.driver.is_meta_rule_has_rules(meta_rule_id)
- # if has_rules:
- raise exceptions.DeleteObjectCategoryWithMetaRule
-
- if self.driver.is_object_category_has_assignment(category_id):
- raise exceptions.DeleteCategoryWithAssignment
-
- if self.driver.is_object_data_exist(category_id=category_id):
- raise exceptions.DeleteCategoryWithData
-
- return self.driver.delete_object_category(category_id=category_id)
-
- @enforce("read", "meta_data")
- def get_action_categories(self, user_id, category_id=None):
- return self.driver.get_action_categories(category_id=category_id)
-
- @enforce(("read", "write"), "meta_data")
- def add_action_category(self, user_id, category_id=None, value=None):
-
- if not value['name']:
- raise exceptions.CategoryNameInvalid
-
- action_categories = self.driver.get_action_categories(category_id=category_id)
- if category_id in action_categories:
- raise exceptions.ActionCategoryExisting
-
- return self.driver.add_action_category(name=value["name"], description=value["description"],
- uuid=category_id)
-
- @enforce(("read", "write"), "meta_data")
- def delete_action_category(self, user_id, category_id):
- # TODO (asteroide): delete all data linked to that category
- # TODO (asteroide): delete all meta_rules linked to that category
- if category_id not in self.driver.get_action_categories(category_id=category_id):
- raise exceptions.ActionCategoryUnknown
- meta_rules = self.get_meta_rules(user_id=user_id)
- for meta_rule_id in meta_rules:
- for action_category_id in meta_rules[meta_rule_id]['action_categories']:
- if action_category_id == category_id:
- # has_rules = self.driver.is_meta_rule_has_rules(meta_rule_id)
- # if has_rules:
- raise exceptions.DeleteActionCategoryWithMetaRule
-
- if self.driver.is_action_category_has_assignment(category_id):
- raise exceptions.DeleteCategoryWithAssignment
-
- if self.driver.is_action_data_exist(category_id=category_id):
- raise exceptions.DeleteCategoryWithData
-
- return self.driver.delete_action_category(category_id=category_id)
diff --git a/python_moondb/python_moondb/api/pdp.py b/python_moondb/python_moondb/api/pdp.py
deleted file mode 100644
index d0a071c9..00000000
--- a/python_moondb/python_moondb/api/pdp.py
+++ /dev/null
@@ -1,51 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-
-from uuid import uuid4
-import logging
-from python_moonutilities.security_functions import enforce
-from python_moondb.api.managers import Managers
-from python_moonutilities import exceptions
-
-logger = logging.getLogger("moon.db.api.pdp")
-
-
-class PDPManager(Managers):
-
- def __init__(self, connector=None):
- self.driver = connector.driver
- Managers.PDPManager = self
-
- @enforce(("read", "write"), "pdp")
- def update_pdp(self, user_id, pdp_id, value):
- if pdp_id not in self.driver.get_pdp(pdp_id=pdp_id):
- raise exceptions.PdpUnknown
- if value and 'security_pipeline' in value:
- for policy_id in value['security_pipeline']:
- if not Managers.PolicyManager.get_policies(user_id=user_id, policy_id=policy_id):
- raise exceptions.PolicyUnknown
- return self.driver.update_pdp(pdp_id=pdp_id, value=value)
-
- @enforce(("read", "write"), "pdp")
- def delete_pdp(self, user_id, pdp_id):
- if pdp_id not in self.driver.get_pdp(pdp_id=pdp_id):
- raise exceptions.PdpUnknown
- return self.driver.delete_pdp(pdp_id=pdp_id)
-
- @enforce(("read", "write"), "pdp")
- def add_pdp(self, user_id, pdp_id=None, value=None):
- if pdp_id in self.driver.get_pdp(pdp_id=pdp_id):
- raise exceptions.PdpExisting
- if not pdp_id:
- pdp_id = uuid4().hex
- if value and 'security_pipeline' in value:
- for policy_id in value['security_pipeline']:
- if not Managers.PolicyManager.get_policies(user_id=user_id, policy_id=policy_id):
- raise exceptions.PolicyUnknown
- return self.driver.add_pdp(pdp_id=pdp_id, value=value)
-
- @enforce("read", "pdp")
- def get_pdp(self, user_id, pdp_id=None):
- return self.driver.get_pdp(pdp_id=pdp_id)
diff --git a/python_moondb/python_moondb/api/policy.py b/python_moondb/python_moondb/api/policy.py
deleted file mode 100644
index 03a93ff5..00000000
--- a/python_moondb/python_moondb/api/policy.py
+++ /dev/null
@@ -1,751 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-
-from uuid import uuid4
-import logging
-from python_moonutilities.security_functions import enforce
-from python_moondb.api.managers import Managers
-from python_moonutilities import exceptions
-
-# from python_moondb.core import PDPManager
-
-logger = logging.getLogger("moon.db.api.policy")
-
-
-class PolicyManager(Managers):
-
- def __init__(self, connector=None):
- self.driver = connector.driver
- Managers.PolicyManager = self
-
- def get_policy_from_meta_rules(self, user_id, meta_rule_id):
- policies = self.PolicyManager.get_policies("admin")
- models = self.ModelManager.get_models("admin")
- for pdp_key, pdp_value in self.PDPManager.get_pdp(user_id).items():
- if 'security_pipeline' not in pdp_value:
- raise exceptions.PdpContentError
- for policy_id in pdp_value["security_pipeline"]:
- if not policies or policy_id not in policies:
- raise exceptions.PolicyUnknown
- model_id = policies[policy_id]["model_id"]
- if not models:
- raise exceptions.ModelUnknown
- if model_id not in models:
- raise exceptions.ModelUnknown
- if meta_rule_id in models[model_id]["meta_rules"]:
- return policy_id
-
- @enforce(("read", "write"), "policies")
- def update_policy(self, user_id, policy_id, value):
-
- if not value or not value['name']:
- raise exceptions.PolicyContentError
-
- policyList = self.driver.get_policies(policy_id=policy_id)
- if not policy_id or policy_id not in policyList:
- raise exceptions.PolicyUnknown
-
- policies = self.driver.get_policies(policy_name=value['name'])
- if len(policies) and not (policy_id in policies):
- raise exceptions.PolicyExisting("Policy name Existed")
-
- if 'model_id' in value and value['model_id']:
- if not Managers.ModelManager.get_models(user_id, model_id=value['model_id']):
- raise exceptions.ModelUnknown
-
- policy_obj = policyList[policy_id]
- if (policy_obj["model_id"] and value["model_id"] != policy_obj["model_id"]):
-
- subjects = self.driver.get_subjects(policy_id=policy_id)
- if subjects:
- raise exceptions.PolicyUpdateError("Policy is used in subject")
- objects = self.driver.get_objects(policy_id=policy_id)
- if objects:
- raise exceptions.PolicyUpdateError("Policy is used in object")
- actions = self.driver.get_actions(policy_id=policy_id)
- if actions:
- raise exceptions.PolicyUpdateError("Policy is used in action")
-
- rules = self.driver.get_rules(policy_id=policy_id)["rules"]
- if rules:
- raise exceptions.PolicyUpdateError("Policy is used in rule")
-
- subject_data = self.get_subject_data(user_id, policy_id=policy_id)
- if subject_data and subject_data[0]["data"]:
- raise exceptions.PolicyUpdateError("Policy is used in subject_data")
- object_data = self.get_object_data(user_id, policy_id=policy_id)
- if object_data and object_data[0]["data"]:
- raise exceptions.PolicyUpdateError("Policy is used in object_data")
- action_data = self.get_action_data(user_id, policy_id=policy_id)
- if action_data and action_data[0]["data"]:
- raise exceptions.PolicyUpdateError("Policy is used in action_data")
-
- return self.driver.update_policy(policy_id=policy_id, value=value)
-
- @enforce(("read", "write"), "policies")
- def delete_policy(self, user_id, policy_id):
- # TODO (asteroide): unmap PDP linked to that policy
- if policy_id not in self.driver.get_policies(policy_id=policy_id):
- raise exceptions.PolicyUnknown
- pdps = self.PDPManager.get_pdp(user_id=user_id)
- for pdp in pdps:
- for policy_id in pdps[pdp]['security_pipeline']:
- if policy_id == policy_id:
- raise exceptions.DeletePolicyWithPdp
- subjects = self.driver.get_subjects(policy_id=policy_id)
- if subjects:
- raise exceptions.DeletePolicyWithPerimeter
- objects = self.driver.get_objects(policy_id=policy_id)
- if objects:
- raise exceptions.DeletePolicyWithPerimeter
- actions = self.driver.get_actions(policy_id=policy_id)
- if actions:
- raise exceptions.DeletePolicyWithPerimeter
-
- rules = self.driver.get_rules(policy_id=policy_id)["rules"]
- if rules:
- raise exceptions.DeletePolicyWithRules
-
- subject_data = self.get_subject_data(user_id, policy_id=policy_id)
- if subject_data and subject_data[0]["data"]:
- raise exceptions.DeletePolicyWithData
- object_data = self.get_object_data(user_id, policy_id=policy_id)
- if object_data and object_data[0]["data"]:
- raise exceptions.DeletePolicyWithData
- action_data = self.get_action_data(user_id, policy_id=policy_id)
- if action_data and action_data[0]["data"]:
- raise exceptions.DeletePolicyWithData
-
- return self.driver.delete_policy(policy_id=policy_id)
-
- @enforce(("read", "write"), "policies")
- def add_policy(self, user_id, policy_id=None, value=None):
-
- if not value or not value['name']:
- raise exceptions.PolicyContentError
- if policy_id in self.driver.get_policies(policy_id=policy_id):
- raise exceptions.PolicyExisting
-
- if len(self.driver.get_policies(policy_name=value['name'])):
- raise exceptions.PolicyExisting("Policy name Existed")
-
- if not policy_id:
- policy_id = uuid4().hex
- if 'model_id' in value and value['model_id'] != "":
- if not Managers.ModelManager.get_models(user_id, model_id=value['model_id']):
- raise exceptions.ModelUnknown
- return self.driver.add_policy(policy_id=policy_id, value=value)
-
- @enforce("read", "policies")
- def get_policies(self, user_id, policy_id=None):
- return self.driver.get_policies(policy_id=policy_id)
-
- @enforce("read", "perimeter")
- def get_subjects(self, user_id, policy_id, perimeter_id=None):
- # if not policy_id:
- # raise exceptions.PolicyUnknown
- if policy_id and (not self.get_policies(user_id=user_id, policy_id=policy_id)):
- raise exceptions.PolicyUnknown
- return self.driver.get_subjects(policy_id=policy_id, perimeter_id=perimeter_id)
-
- @enforce(("read", "write"), "perimeter")
- def add_subject(self, user_id, policy_id, perimeter_id=None, value=None):
-
- if not value or "name" not in value or not value["name"].strip():
- raise exceptions.PerimeterContentError('invalid name')
-
- if not policy_id or (not self.get_policies(user_id=user_id, policy_id=policy_id)):
- raise exceptions.PolicyUnknown
-
- if perimeter_id:
- subjects = self.driver.get_subjects(policy_id=None, perimeter_id=perimeter_id)
- if subjects and subjects[perimeter_id]['name'] != value['name']:
- raise exceptions.PerimeterContentError
-
- if not perimeter_id:
- subject_per = self.driver.get_subject_by_name(value['name'])
- if len(subject_per):
- perimeter_id = next(iter(subject_per))
-
- k_user = Managers.KeystoneManager.get_user_by_name(value.get('name'))
- if not k_user['users']:
- k_user = Managers.KeystoneManager.create_user(value)
- if not perimeter_id:
- try:
- logger.info("k_user={}".format(k_user))
- perimeter_id = k_user['users'][0].get('id', uuid4().hex)
- except IndexError:
- k_user = Managers.KeystoneManager.get_user_by_name(
- value.get('name'))
- perimeter_id = uuid4().hex
- except KeyError:
- k_user = Managers.KeystoneManager.get_user_by_name(
- value.get('name'))
- perimeter_id = uuid4().hex
-
- value.update(k_user['users'][0])
-
- return self.driver.set_subject(policy_id=policy_id, perimeter_id=perimeter_id, value=value)
-
- @enforce(("read", "write"), "perimeter")
- def update_subject(self, user_id, perimeter_id, value):
- logger.debug("update_subject perimeter_id = {}".format(perimeter_id))
-
- if not perimeter_id:
- raise exceptions.SubjectUnknown
-
- subjects = self.driver.get_subjects(policy_id=None, perimeter_id=perimeter_id)
- if not subjects or not (perimeter_id in subjects):
- raise exceptions.PerimeterContentError
-
- if 'policy_list' in value or ('name' in value and not value['name']):
- raise exceptions.PerimeterContentError
-
- return self.driver.update_subject(perimeter_id=perimeter_id, value=value)
-
- @enforce(("read", "write"), "perimeter")
- def delete_subject(self, user_id, policy_id, perimeter_id):
-
- if not perimeter_id:
- raise exceptions.SubjectUnknown
-
- if not policy_id:
- raise exceptions.PolicyUnknown
-
- if not self.get_subjects(user_id=user_id, policy_id=policy_id, perimeter_id=perimeter_id):
- raise exceptions.SubjectUnknown
-
- if not self.get_policies(user_id=user_id, policy_id=policy_id):
- raise exceptions.PolicyUnknown
-
- subj_assig = self.driver.get_subject_assignments(policy_id=policy_id,
- subject_id=perimeter_id)
- if subj_assig:
- raise exceptions.DeletePerimeterWithAssignment
-
- return self.driver.delete_subject(policy_id=policy_id, perimeter_id=perimeter_id)
-
- @enforce("read", "perimeter")
- def get_objects(self, user_id, policy_id, perimeter_id=None):
- # if not policy_id:
- # pass
- if policy_id and (not self.get_policies(user_id=user_id, policy_id=policy_id)):
- raise exceptions.PolicyUnknown
- return self.driver.get_objects(policy_id=policy_id, perimeter_id=perimeter_id)
-
- @enforce(("read", "write"), "perimeter")
- def add_object(self, user_id, policy_id, perimeter_id=None, value=None):
- if not value or "name" not in value or not value["name"].strip():
- raise exceptions.PerimeterContentError('invalid name')
-
- if not policy_id or (not self.get_policies(user_id=user_id, policy_id=policy_id)):
- raise exceptions.PolicyUnknown
-
- if perimeter_id:
- object_perimeter = self.driver.get_objects(policy_id=None, perimeter_id=perimeter_id)
- if not object_perimeter:
- raise exceptions.PerimeterContentError
-
- if not perimeter_id:
- object_perimeter = self.driver.get_object_by_name(value['name'])
- if len(object_perimeter):
- perimeter_id = next(iter(object_perimeter))
-
- if perimeter_id and object_perimeter[perimeter_id]['name'] != value['name']:
- raise exceptions.PerimeterContentError
-
- if not perimeter_id:
- perimeter_id = uuid4().hex
- return self.driver.set_object(policy_id=policy_id, perimeter_id=perimeter_id, value=value)
-
- @enforce(("read", "write"), "perimeter")
- def update_object(self, user_id, perimeter_id, value):
- logger.debug("update_object perimeter_id = {}".format(perimeter_id))
-
- if not perimeter_id:
- raise exceptions.ObjectUnknown
-
- objects = self.driver.get_objects(policy_id=None, perimeter_id=perimeter_id)
- if not objects or not (perimeter_id in objects):
- raise exceptions.PerimeterContentError
-
- if 'policy_list' in value or ('name' in value and not value['name']):
- raise exceptions.PerimeterContentError
-
- return self.driver.update_object(perimeter_id=perimeter_id, value=value)
-
- @enforce(("read", "write"), "perimeter")
- def delete_object(self, user_id, policy_id, perimeter_id):
-
- if not perimeter_id:
- raise exceptions.ObjectUnknown
-
- if not policy_id:
- raise exceptions.PolicyUnknown
-
- if not self.get_objects(user_id=user_id, policy_id=policy_id, perimeter_id=perimeter_id):
- raise exceptions.ObjectUnknown
-
- if not self.get_policies(user_id=user_id, policy_id=policy_id):
- raise exceptions.PolicyUnknown
-
- obj_assig = self.driver.get_object_assignments(policy_id=policy_id, object_id=perimeter_id)
- if obj_assig:
- raise exceptions.DeletePerimeterWithAssignment
-
- return self.driver.delete_object(policy_id=policy_id, perimeter_id=perimeter_id)
-
- @enforce("read", "perimeter")
- def get_actions(self, user_id, policy_id, perimeter_id=None):
- # if not policy_id:
- # pass
- if policy_id and (not self.get_policies(user_id=user_id, policy_id=policy_id)):
- raise exceptions.PolicyUnknown
- return self.driver.get_actions(policy_id=policy_id, perimeter_id=perimeter_id)
-
- @enforce(("read", "write"), "perimeter")
- def add_action(self, user_id, policy_id, perimeter_id=None, value=None):
- logger.debug("add_action {}".format(policy_id))
-
- if not value or "name" not in value or not value["name"].strip():
- raise exceptions.PerimeterContentError('invalid name')
-
- if not policy_id or (not self.get_policies(user_id=user_id, policy_id=policy_id)):
- raise exceptions.PolicyUnknown
-
- if perimeter_id:
- action_perimeter = self.driver.get_actions(policy_id=None, perimeter_id=perimeter_id)
- if not action_perimeter:
- raise exceptions.PerimeterContentError
-
- if not perimeter_id:
- action_perimeter = self.driver.get_action_by_name(value['name'])
- if len(action_perimeter):
- perimeter_id = next(iter(action_perimeter))
-
- if perimeter_id and action_perimeter[perimeter_id]['name'] != value['name']:
- raise exceptions.PerimeterContentError
-
- if not perimeter_id:
- perimeter_id = uuid4().hex
-
- return self.driver.set_action(policy_id=policy_id, perimeter_id=perimeter_id, value=value)
-
- @enforce(("read", "write"), "perimeter")
- def update_action(self, user_id, perimeter_id, value):
- logger.debug("update_action perimeter_id = {}".format(perimeter_id))
-
- if not perimeter_id:
- raise exceptions.ActionUnknown
-
- actions = self.driver.get_actions(policy_id=None, perimeter_id=perimeter_id)
- if not actions or not (perimeter_id in actions):
- raise exceptions.PerimeterContentError
-
- if 'policy_list' in value or ('name' in value and not value['name']):
- raise exceptions.PerimeterContentError
-
- return self.driver.update_action(perimeter_id=perimeter_id, value=value)
-
- @enforce(("read", "write"), "perimeter")
- def delete_action(self, user_id, policy_id, perimeter_id):
-
- if not perimeter_id:
- raise exceptions.ActionUnknown
-
- if not policy_id:
- raise exceptions.PolicyUnknown
-
- if not self.get_actions(user_id=user_id, policy_id=policy_id, perimeter_id=perimeter_id):
- raise exceptions.ActionUnknown
-
- logger.debug("delete_action {} {} {}".format(policy_id, perimeter_id,
- self.get_policies(user_id=user_id,
- policy_id=policy_id)))
- if not self.get_policies(user_id=user_id, policy_id=policy_id):
- raise exceptions.PolicyUnknown
-
- act_assig = self.driver.get_action_assignments(policy_id=policy_id, action_id=perimeter_id)
- if act_assig:
- raise exceptions.DeletePerimeterWithAssignment
- return self.driver.delete_action(policy_id=policy_id, perimeter_id=perimeter_id)
-
- @enforce("read", "data")
- def get_subject_data(self, user_id, policy_id, data_id=None, category_id=None):
- available_metadata = self.get_available_metadata(user_id, policy_id)
- results = []
- if not category_id:
- for cat in available_metadata["subject"]:
- results.append(self.driver.get_subject_data(policy_id=policy_id, data_id=data_id,
- category_id=cat))
- if category_id and category_id in available_metadata["subject"]:
- results.append(self.driver.get_subject_data(policy_id=policy_id, data_id=data_id,
- category_id=category_id))
- return results
-
- @enforce(("read", "write"), "data")
- def set_subject_data(self, user_id, policy_id, data_id=None, category_id=None, value=None):
- if not category_id or (
- not Managers.ModelManager.get_subject_categories(user_id=user_id,
- category_id=category_id)):
- raise exceptions.SubjectCategoryUnknown
-
- self.__category_dependency_validation(user_id, policy_id, category_id, 'subject_categories')
-
- if not data_id:
- data_id = uuid4().hex
- return self.driver.set_subject_data(policy_id=policy_id, data_id=data_id,
- category_id=category_id, value=value)
-
- @enforce(("read", "write"), "data")
- def delete_subject_data(self, user_id, policy_id, data_id, category_id=None):
- # TODO (asteroide): check and/or delete assignments linked to that data
- subject_assignments = self.get_subject_assignments(user_id=user_id, policy_id=policy_id,
- category_id=category_id)
- if subject_assignments:
- raise exceptions.DeleteData
- return self.driver.delete_subject_data(policy_id=policy_id, category_id=category_id,
- data_id=data_id)
-
- @enforce("read", "data")
- def get_object_data(self, user_id, policy_id, data_id=None, category_id=None):
- available_metadata = self.get_available_metadata(user_id, policy_id)
- results = []
- if not category_id:
- for cat in available_metadata["object"]:
- results.append(self.driver.get_object_data(policy_id=policy_id, data_id=data_id,
- category_id=cat))
- if category_id and category_id in available_metadata["object"]:
- results.append(self.driver.get_object_data(policy_id=policy_id, data_id=data_id,
- category_id=category_id))
- return results
-
- @enforce(("read", "write"), "data")
- def add_object_data(self, user_id, policy_id, data_id=None, category_id=None, value=None):
-
- if not category_id or (
- not Managers.ModelManager.get_object_categories(user_id=user_id,
- category_id=category_id)):
- raise exceptions.ObjectCategoryUnknown
-
- self.__category_dependency_validation(user_id, policy_id, category_id, 'object_categories')
-
- if not data_id:
- data_id = uuid4().hex
- return self.driver.set_object_data(policy_id=policy_id, data_id=data_id,
- category_id=category_id, value=value)
-
- @enforce(("read", "write"), "data")
- def delete_object_data(self, user_id, policy_id, data_id, category_id=None):
- # TODO (asteroide): check and/or delete assignments linked to that data
- object_assignments = self.get_object_assignments(user_id=user_id, policy_id=policy_id,
- category_id=category_id)
- if object_assignments:
- raise exceptions.DeleteData
- return self.driver.delete_object_data(policy_id=policy_id, category_id=category_id,
- data_id=data_id)
-
- @enforce("read", "data")
- def get_action_data(self, user_id, policy_id, data_id=None, category_id=None):
- available_metadata = self.get_available_metadata(user_id, policy_id)
- results = []
- if not category_id:
- for cat in available_metadata["action"]:
- results.append(self.driver.get_action_data(policy_id=policy_id, data_id=data_id,
- category_id=cat))
- if category_id and category_id in available_metadata["action"]:
- results.append(self.driver.get_action_data(policy_id=policy_id, data_id=data_id,
- category_id=category_id))
- return results
-
- @enforce(("read", "write"), "data")
- def add_action_data(self, user_id, policy_id, data_id=None, category_id=None, value=None):
- if not category_id or (
- not Managers.ModelManager.get_action_categories(user_id=user_id,
- category_id=category_id)):
- raise exceptions.ActionCategoryUnknown
-
- self.__category_dependency_validation(user_id, policy_id, category_id, 'action_categories')
-
- if not data_id:
- data_id = uuid4().hex
- return self.driver.set_action_data(policy_id=policy_id, data_id=data_id,
- category_id=category_id, value=value)
-
- @enforce(("read", "write"), "data")
- def delete_action_data(self, user_id, policy_id, data_id, category_id=None):
- # TODO (asteroide): check and/or delete assignments linked to that data
- action_assignments = self.get_action_assignments(user_id=user_id, policy_id=policy_id,
- category_id=category_id)
- if action_assignments:
- raise exceptions.DeleteData
- return self.driver.delete_action_data(policy_id=policy_id, category_id=category_id,
- data_id=data_id)
-
- @enforce("read", "assignments")
- def get_subject_assignments(self, user_id, policy_id, subject_id=None, category_id=None):
- return self.driver.get_subject_assignments(policy_id=policy_id, subject_id=subject_id,
- category_id=category_id)
-
- @enforce(("read", "write"), "assignments")
- def add_subject_assignment(self, user_id, policy_id, subject_id, category_id, data_id):
-
- if not category_id or (
- not Managers.ModelManager.get_subject_categories(user_id=user_id,
- category_id=category_id)):
- raise exceptions.SubjectCategoryUnknown
-
- self.__category_dependency_validation(user_id, policy_id, category_id, 'subject_categories')
-
- if not subject_id or (
- not self.get_subjects(user_id=user_id, policy_id=policy_id,
- perimeter_id=subject_id)):
- raise exceptions.SubjectUnknown
-
- if not data_id or (
- not self.get_subject_data(user_id=user_id, policy_id=policy_id, data_id=data_id,
- category_id=category_id)):
- raise exceptions.DataUnknown
-
- return self.driver.add_subject_assignment(policy_id=policy_id, subject_id=subject_id,
- category_id=category_id, data_id=data_id)
-
- @enforce(("read", "write"), "assignments")
- def delete_subject_assignment(self, user_id, policy_id, subject_id, category_id, data_id):
- return self.driver.delete_subject_assignment(policy_id=policy_id, subject_id=subject_id,
- category_id=category_id, data_id=data_id)
-
- @enforce("read", "assignments")
- def get_object_assignments(self, user_id, policy_id, object_id=None, category_id=None):
- return self.driver.get_object_assignments(policy_id=policy_id, object_id=object_id,
- category_id=category_id)
-
- @enforce(("read", "write"), "assignments")
- def add_object_assignment(self, user_id, policy_id, object_id, category_id, data_id):
-
- if not category_id or (
- not Managers.ModelManager.get_object_categories(user_id=user_id,
- category_id=category_id)):
- raise exceptions.ObjectCategoryUnknown
-
- self.__category_dependency_validation(user_id, policy_id, category_id, 'object_categories')
-
- if not object_id or (
- not self.get_objects(user_id=user_id, policy_id=policy_id, perimeter_id=object_id)):
- raise exceptions.ObjectUnknown
-
- if not data_id or (
- not self.get_object_data(user_id=user_id, policy_id=policy_id, data_id=data_id,
- category_id=category_id)):
- raise exceptions.DataUnknown
-
- return self.driver.add_object_assignment(policy_id=policy_id, object_id=object_id,
- category_id=category_id, data_id=data_id)
-
- @enforce(("read", "write"), "assignments")
- def delete_object_assignment(self, user_id, policy_id, object_id, category_id, data_id):
- return self.driver.delete_object_assignment(policy_id=policy_id, object_id=object_id,
- category_id=category_id, data_id=data_id)
-
- @enforce("read", "assignments")
- def get_action_assignments(self, user_id, policy_id, action_id=None, category_id=None):
- return self.driver.get_action_assignments(policy_id=policy_id, action_id=action_id,
- category_id=category_id)
-
- @enforce(("read", "write"), "assignments")
- def add_action_assignment(self, user_id, policy_id, action_id, category_id, data_id):
-
- if not category_id or (
- not Managers.ModelManager.get_action_categories(user_id=user_id,
- category_id=category_id)):
- raise exceptions.ActionCategoryUnknown
-
- self.__category_dependency_validation(user_id, policy_id, category_id, 'action_categories')
-
- if not action_id or (
- not self.get_actions(user_id=user_id, policy_id=policy_id, perimeter_id=action_id)):
- raise exceptions.ActionUnknown
-
- if not data_id or (
- not self.get_action_data(user_id=user_id, policy_id=policy_id, data_id=data_id,
- category_id=category_id)):
- raise exceptions.DataUnknown
-
- return self.driver.add_action_assignment(policy_id=policy_id, action_id=action_id,
- category_id=category_id, data_id=data_id)
-
- @enforce(("read", "write"), "assignments")
- def delete_action_assignment(self, user_id, policy_id, action_id, category_id, data_id):
- return self.driver.delete_action_assignment(policy_id=policy_id, action_id=action_id,
- category_id=category_id, data_id=data_id)
-
- @enforce("read", "rules")
- def get_rules(self, user_id, policy_id, meta_rule_id=None, rule_id=None):
- return self.driver.get_rules(policy_id=policy_id, meta_rule_id=meta_rule_id,
- rule_id=rule_id)
-
- @enforce(("read", "write"), "rules")
- def add_rule(self, user_id, policy_id, meta_rule_id, value):
- if not meta_rule_id or (
- not self.ModelManager.get_meta_rules(user_id=user_id, meta_rule_id=meta_rule_id)):
- raise exceptions.MetaRuleUnknown
-
- self.__check_existing_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, user_id=user_id,
- rule_value=value)
- self.__dependencies_validation(user_id, policy_id, meta_rule_id)
-
- return self.driver.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value)
-
- def __check_existing_rule(self, user_id, policy_id, meta_rule_id, rule_value):
-
- if not meta_rule_id:
- raise exceptions.MetaRuleUnknown
-
- meta_rule = self.ModelManager.get_meta_rules(user_id=user_id, meta_rule_id=meta_rule_id)
- if not meta_rule:
- raise exceptions.MetaRuleUnknown
-
- if len(meta_rule[meta_rule_id]['subject_categories']) + len(
- meta_rule[meta_rule_id]['object_categories']) \
- + len(meta_rule[meta_rule_id]['action_categories']) > len(rule_value['rule']):
- raise exceptions.RuleContentError(message="Missing Data")
-
- if len(meta_rule[meta_rule_id]['subject_categories']) + len(
- meta_rule[meta_rule_id]['object_categories']) \
- + len(meta_rule[meta_rule_id]['action_categories']) < len(rule_value['rule']):
- raise exceptions.MetaRuleContentError(message="Missing Data")
-
- temp_rule_data = list(
- rule_value['rule'][0:len(meta_rule[meta_rule_id]['subject_categories'])])
- found_data_counter = 0
- start_sub = len(meta_rule[meta_rule_id]['subject_categories'])
-
- for sub_cat_id in meta_rule[meta_rule_id]['subject_categories']:
- subjects_data = self.get_subject_data(user_id=user_id,
- category_id=sub_cat_id, policy_id=policy_id)
- found_data_counter = self.__validate_data_id(sub_cat_id, subjects_data[0]['data'],
- temp_rule_data,
- "Missing Subject_category "
- , found_data_counter)
-
- if found_data_counter != len(meta_rule[meta_rule_id]['subject_categories']):
- raise exceptions.RuleContentError(message="Missing Data")
-
- temp_rule_data = list(
- rule_value['rule'][
- start_sub:start_sub + len(meta_rule[meta_rule_id]['object_categories'])])
- found_data_counter = 0
- start_sub = start_sub + len(meta_rule[meta_rule_id]['object_categories'])
-
- for ob_cat_id in meta_rule[meta_rule_id]['object_categories']:
- object_data = self.get_object_data(user_id=user_id,
- category_id=ob_cat_id, policy_id=policy_id)
-
- found_data_counter = self.__validate_data_id(ob_cat_id, object_data[0]['data'],
- temp_rule_data,
- "Missing Object_category ",
- found_data_counter)
-
- if found_data_counter != len(meta_rule[meta_rule_id]['object_categories']):
- raise exceptions.RuleContentError(message="Missing Data")
-
- temp_rule_data = list(
- rule_value['rule'][
- start_sub:start_sub + len(meta_rule[meta_rule_id]['action_categories'])])
- found_data_counter = 0
-
- for act_cat_id in meta_rule[meta_rule_id]['action_categories']:
- action_data = self.get_action_data(user_id=user_id, category_id=act_cat_id,
- policy_id=policy_id)
- found_data_counter = self.__validate_data_id(act_cat_id, action_data[0]['data'],
- temp_rule_data,
- "Missing Action_category ",
- found_data_counter)
-
- if found_data_counter != len(meta_rule[meta_rule_id]['action_categories']):
- raise exceptions.RuleContentError(message="Missing Data")
-
- def __validate_data_id(self, cat_id, data_ids, temp_rule_data, error_msg, found_data_counter):
- for ID in data_ids:
- if ID in temp_rule_data:
- temp_rule_data.remove(ID)
- found_data_counter += 1
- # if no data id found in the rule, so rule not valid
- if found_data_counter < 1:
- raise exceptions.RuleContentError(message=error_msg + cat_id)
- return found_data_counter
-
- @enforce(("read", "write"), "rules")
- def delete_rule(self, user_id, policy_id, rule_id):
- return self.driver.delete_rule(policy_id=policy_id, rule_id=rule_id)
-
- @enforce("read", "meta_data")
- def get_available_metadata(self, user_id, policy_id):
- categories = {
- "subject": [],
- "object": [],
- "action": []
- }
- policy = self.driver.get_policies(policy_id=policy_id)
- if not policy:
- raise exceptions.PolicyUnknown
- model_id = policy[policy_id]["model_id"]
- model = Managers.ModelManager.get_models(user_id=user_id, model_id=model_id)
- try:
- meta_rule_list = model[model_id]["meta_rules"]
- for meta_rule_id in meta_rule_list:
- meta_rule = Managers.ModelManager.get_meta_rules(user_id=user_id,
- meta_rule_id=meta_rule_id)
- categories["subject"].extend(meta_rule[meta_rule_id]["subject_categories"])
- categories["object"].extend(meta_rule[meta_rule_id]["object_categories"])
- categories["action"].extend(meta_rule[meta_rule_id]["action_categories"])
- finally:
- return categories
-
- def __dependencies_validation(self, user_id, policy_id, meta_rule_id=None):
-
- policies = self.get_policies(user_id=user_id, policy_id=policy_id)
- if not policy_id or (not policies):
- raise exceptions.PolicyUnknown
-
- policy_content = policies[next(iter(policies))]
- model_id = policy_content['model_id']
- models = Managers.ModelManager.get_models(user_id=user_id, model_id=model_id)
- if not model_id or not models:
- raise exceptions.ModelUnknown
-
- model_content = models[next(iter(models))]
- if meta_rule_id:
- meta_rule_exists = False
-
- for model_meta_rule_id in model_content['meta_rules']:
- if model_meta_rule_id == meta_rule_id:
- meta_rule_exists = True
- break
-
- if not meta_rule_exists:
- raise exceptions.MetaRuleNotLinkedWithPolicyModel
-
- meta_rule = self.ModelManager.get_meta_rules(user_id=user_id, meta_rule_id=meta_rule_id)
- meta_rule_content = meta_rule[next(iter(meta_rule))]
- if (not meta_rule_content['subject_categories']) or (
- not meta_rule_content['object_categories']) or (
- not meta_rule_content['action_categories']):
- raise exceptions.MetaRuleContentError
- return model_content
-
- def __category_dependency_validation(self, user_id, policy_id, category_id, category_key):
- model = self.__dependencies_validation(user_id=user_id, policy_id=policy_id)
- category_found = False
- for model_meta_rule_id in model['meta_rules']:
- meta_rule = self.ModelManager.get_meta_rules(user_id=user_id,
- meta_rule_id=model_meta_rule_id)
- meta_rule_content = meta_rule[next(iter(meta_rule))]
- if meta_rule_content[category_key] and category_id in meta_rule_content[category_key]:
- category_found = True
- break
-
- if not category_found:
- raise exceptions.CategoryNotAssignedMetaRule