aboutsummaryrefslogtreecommitdiffstats
path: root/python_moondb/python_moondb/backends
diff options
context:
space:
mode:
Diffstat (limited to 'python_moondb/python_moondb/backends')
-rw-r--r--python_moondb/python_moondb/backends/sql.py847
1 files changed, 362 insertions, 485 deletions
diff --git a/python_moondb/python_moondb/backends/sql.py b/python_moondb/python_moondb/backends/sql.py
index 1ce8d016..7310e7f3 100644
--- a/python_moondb/python_moondb/backends/sql.py
+++ b/python_moondb/python_moondb/backends/sql.py
@@ -9,13 +9,14 @@ from uuid import uuid4
import sqlalchemy as sql
import logging
from sqlalchemy.orm import sessionmaker
-from sqlalchemy.ext.declarative import declarative_base
+from sqlalchemy.ext.declarative import declarative_base, declared_attr
from sqlalchemy import create_engine
from contextlib import contextmanager
from sqlalchemy import types as sql_types
from python_moonutilities import configuration
-from python_moonutilities.exceptions import *
+from python_moonutilities import exceptions
from python_moondb.core import PDPDriver, PolicyDriver, ModelDriver
+import sqlalchemy
logger = logging.getLogger("moon.db.driver.sql")
Base = declarative_base()
@@ -61,13 +62,14 @@ class JsonBlob(sql_types.TypeDecorator):
class Model(Base, DictBase):
__tablename__ = 'models'
- attributes = ['id', 'value']
+ attributes = ['id', 'name', 'value']
id = sql.Column(sql.String(64), primary_key=True)
+ name = sql.Column(sql.String(256), nullable=False)
value = sql.Column(JsonBlob(), nullable=True)
def to_dict(self):
return {
- "name": self.value.get("name"),
+ "name": self.name,
"description": self.value.get("description", ""),
"meta_rules": self.value.get("meta_rules", list()),
}
@@ -75,240 +77,198 @@ class Model(Base, DictBase):
class Policy(Base, DictBase):
__tablename__ = 'policies'
- attributes = ['id', 'value']
+ attributes = ['id', 'name', 'model_id', 'value']
id = sql.Column(sql.String(64), primary_key=True)
+ name = sql.Column(sql.String(256), nullable=False)
+ model_id = sql.Column(sql.String(64), nullable=True, default="")
value = sql.Column(JsonBlob(), nullable=True)
def to_dict(self):
return {
- "name": self.value.get("name"),
"description": self.value.get("description", ""),
- "model_id": self.value.get("model_id", ""),
"genre": self.value.get("genre", ""),
+ "model_id": self.model_id,
+ "name": self.name
}
class PDP(Base, DictBase):
__tablename__ = 'pdp'
- attributes = ['id', 'value']
+ attributes = ['id', 'name', 'keystone_project_id', 'value']
id = sql.Column(sql.String(64), primary_key=True)
+ name = sql.Column(sql.String(256), nullable=False)
+ keystone_project_id = sql.Column(sql.String(64), nullable=True, default="")
value = sql.Column(JsonBlob(), nullable=True)
def to_dict(self):
return {
- "name": self.value.get("name"),
+ "name": self.name,
"description": self.value.get("description", ""),
- "keystone_project_id": self.value.get("keystone_project_id", ""),
+ "keystone_project_id": self.keystone_project_id,
"security_pipeline": self.value.get("security_pipeline", []),
}
-class SubjectCategory(Base, DictBase):
- __tablename__ = 'subject_categories'
+class PerimeterCategoryBase(DictBase):
attributes = ['id', 'name', 'description']
id = sql.Column(sql.String(64), primary_key=True)
name = sql.Column(sql.String(256), nullable=False)
description = sql.Column(sql.String(256), nullable=True)
-class ObjectCategory(Base, DictBase):
+class SubjectCategory(Base, PerimeterCategoryBase):
+ __tablename__ = 'subject_categories'
+
+
+class ObjectCategory(Base, PerimeterCategoryBase):
__tablename__ = 'object_categories'
- attributes = ['id', 'name', 'description']
- id = sql.Column(sql.String(64), primary_key=True)
- name = sql.Column(sql.String(256), nullable=False)
- description = sql.Column(sql.String(256), nullable=True)
-class ActionCategory(Base, DictBase):
+class ActionCategory(Base, PerimeterCategoryBase):
__tablename__ = 'action_categories'
- attributes = ['id', 'name', 'description']
- id = sql.Column(sql.String(64), primary_key=True)
- name = sql.Column(sql.String(256), nullable=False)
- description = sql.Column(sql.String(256), nullable=True)
-class Subject(Base, DictBase):
- __tablename__ = 'subjects'
- attributes = ['id', 'value']
+class PerimeterBase(DictBase):
+ attributes = ['id', 'name', 'value']
id = sql.Column(sql.String(64), primary_key=True)
+ name = sql.Column(sql.String(256), nullable=False)
value = sql.Column(JsonBlob(), nullable=True)
+ __mapper_args__ = {'concrete': True}
def __repr__(self):
- return "{}: {}".format(self.id, json.dumps(self.value))
+ return "{} with name {} : {}".format(self.id, self.name, json.dumps(self.value))
def to_return(self):
return {
'id': self.id,
- 'name': self.value.get("name", ""),
+ 'name': self.name,
'description': self.value.get("description", ""),
'email': self.value.get("email", ""),
- 'partner_id': self.value.get("partner_id", ""),
+ 'extra': self.value.get("extra", dict()),
'policy_list': self.value.get("policy_list", [])
}
def to_dict(self):
+ dict_value = copy.deepcopy(self.value)
+ dict_value["name"] = self.name
return {
'id': self.id,
- 'value': self.value
+ 'value': dict_value
}
-class Object(Base, DictBase):
- __tablename__ = 'objects'
- attributes = ['id', 'value']
- id = sql.Column(sql.String(64), primary_key=True)
- value = sql.Column(JsonBlob(), nullable=True)
-
- def __repr__(self):
- return "{}: {}".format(self.id, json.dumps(self.value))
+class Subject(Base, PerimeterBase):
+ __tablename__ = 'subjects'
- def to_dict(self):
- return {
- 'id': self.id,
- 'value': self.value
- }
- def to_return(self):
- return {
- 'id': self.id,
- 'name': self.value.get("name", ""),
- 'description': self.value.get("description", ""),
- 'partner_id': self.value.get("partner_id", ""),
- 'policy_list': self.value.get("policy_list", [])
- }
+class Object(Base, PerimeterBase):
+ __tablename__ = 'objects'
-class Action(Base, DictBase):
+class Action(Base, PerimeterBase):
__tablename__ = 'actions'
- attributes = ['id', 'value']
- id = sql.Column(sql.String(64), primary_key=True)
- value = sql.Column(JsonBlob(), nullable=True)
- def __repr__(self):
- return "{}: {}".format(self.id, json.dumps(self.value))
- def to_dict(self):
- return {
- 'id': self.id,
- 'value': self.value
- }
-
- def to_return(self):
- return {
- 'id': self.id,
- 'name': self.value.get("name", ""),
- 'description': self.value.get("description", ""),
- 'partner_id': self.value.get("partner_id", ""),
- 'policy_list': self.value.get("policy_list", [])
- }
-
-
-class SubjectData(Base, DictBase):
- __tablename__ = 'subject_data'
- attributes = ['id', 'value', 'category_id', 'policy_id']
+class PerimeterDataBase(DictBase):
+ attributes = ['id', 'name', 'value', 'category_id', 'policy_id']
id = sql.Column(sql.String(64), primary_key=True)
+ name = sql.Column(sql.String(256), nullable=False)
value = sql.Column(JsonBlob(), nullable=True)
- category_id = sql.Column(sql.ForeignKey("subject_categories.id"), nullable=False)
- policy_id = sql.Column(sql.ForeignKey("policies.id"), nullable=False)
+ @declared_attr
+ def policy_id(cls):
+ return sql.Column(sql.ForeignKey("policies.id"), nullable=False)
def to_dict(self):
return {
'id': self.id,
- 'name': self.value.get("name", ""),
+ 'name': self.name,
'description': self.value.get("description", ""),
'category_id': self.category_id,
'policy_id': self.policy_id
}
-class ObjectData(Base, DictBase):
+class SubjectData(Base, PerimeterDataBase):
+ __tablename__ = 'subject_data'
+ category_id = sql.Column(sql.ForeignKey("subject_categories.id"), nullable=False)
+
+
+class ObjectData(Base, PerimeterDataBase):
__tablename__ = 'object_data'
- attributes = ['id', 'value', 'category_id', 'policy_id']
- id = sql.Column(sql.String(64), primary_key=True)
- value = sql.Column(JsonBlob(), nullable=True)
category_id = sql.Column(sql.ForeignKey("object_categories.id"), nullable=False)
- policy_id = sql.Column(sql.ForeignKey("policies.id"), nullable=False)
-class ActionData(Base, DictBase):
+class ActionData(Base, PerimeterDataBase):
__tablename__ = 'action_data'
- attributes = ['id', 'value', 'category_id', 'policy_id']
- id = sql.Column(sql.String(64), primary_key=True)
- value = sql.Column(JsonBlob(), nullable=True)
category_id = sql.Column(sql.ForeignKey("action_categories.id"), nullable=False)
- policy_id = sql.Column(sql.ForeignKey("policies.id"), nullable=False)
-class SubjectAssignment(Base, DictBase):
- __tablename__ = 'subject_assignments'
+class PerimeterAssignmentBase(DictBase):
attributes = ['id', 'assignments', 'policy_id', 'subject_id', 'category_id']
id = sql.Column(sql.String(64), primary_key=True)
assignments = sql.Column(JsonBlob(), nullable=True)
- policy_id = sql.Column(sql.ForeignKey("policies.id"), nullable=False)
- subject_id = sql.Column(sql.ForeignKey("subjects.id"), nullable=False)
- category_id = sql.Column(sql.ForeignKey("subject_categories.id"), nullable=False)
+ category_id = None
- def to_dict(self):
+ @declared_attr
+ def policy_id(cls):
+ return sql.Column(sql.ForeignKey("policies.id"), nullable=False)
+
+ def _to_dict(self, element_key, element_value):
return {
"id": self.id,
"policy_id": self.policy_id,
- "subject_id": self.subject_id,
+ element_key: element_value,
"category_id": self.category_id,
"assignments": self.assignments,
}
-class ObjectAssignment(Base, DictBase):
+class SubjectAssignment(Base, PerimeterAssignmentBase):
+ __tablename__ = 'subject_assignments'
+ subject_id = sql.Column(sql.ForeignKey("subjects.id"), nullable=False)
+ category_id = sql.Column(sql.ForeignKey("subject_categories.id"), nullable=False)
+
+ def to_dict(self):
+ return self._to_dict("subject_id", self.subject_id)
+
+
+class ObjectAssignment(Base, PerimeterAssignmentBase):
__tablename__ = 'object_assignments'
attributes = ['id', 'assignments', 'policy_id', 'object_id', 'category_id']
- id = sql.Column(sql.String(64), primary_key=True)
- assignments = sql.Column(JsonBlob(), nullable=True)
- policy_id = sql.Column(sql.ForeignKey("policies.id"), nullable=False)
object_id = sql.Column(sql.ForeignKey("objects.id"), nullable=False)
category_id = sql.Column(sql.ForeignKey("object_categories.id"), nullable=False)
def to_dict(self):
- return {
- "id": self.id,
- "policy_id": self.policy_id,
- "object_id": self.object_id,
- "category_id": self.category_id,
- "assignments": self.assignments,
- }
+ return self._to_dict("object_id", self.object_id)
-class ActionAssignment(Base, DictBase):
+class ActionAssignment(Base, PerimeterAssignmentBase):
__tablename__ = 'action_assignments'
attributes = ['id', 'assignments', 'policy_id', 'action_id', 'category_id']
- id = sql.Column(sql.String(64), primary_key=True)
- assignments = sql.Column(JsonBlob(), nullable=True)
- policy_id = sql.Column(sql.ForeignKey("policies.id"), nullable=False)
action_id = sql.Column(sql.ForeignKey("actions.id"), nullable=False)
category_id = sql.Column(sql.ForeignKey("action_categories.id"), nullable=False)
def to_dict(self):
- return {
- "id": self.id,
- "policy_id": self.policy_id,
- "action_id": self.action_id,
- "category_id": self.category_id,
- "assignments": self.assignments,
- }
+ return self._to_dict("action_id", self.action_id)
class MetaRule(Base, DictBase):
__tablename__ = 'meta_rules'
- attributes = ['id', 'value']
+ attributes = ['id', 'name', 'subject_categories', 'object_categories', 'action_categories', 'value']
id = sql.Column(sql.String(64), primary_key=True)
+ name = sql.Column(sql.String(256), nullable=False)
+ subject_categories = sql.Column(JsonBlob(), nullable=True)
+ object_categories = sql.Column(JsonBlob(), nullable=True)
+ action_categories = sql.Column(JsonBlob(), nullable=True)
value = sql.Column(JsonBlob(), nullable=True)
def to_dict(self):
return {
- "name": self.value["name"],
+ "name": self.name,
"description": self.value.get("description", ""),
- "subject_categories": self.value.get("subject_categories", list()),
- "object_categories": self.value.get("object_categories", list()),
- "action_categories": self.value.get("action_categories", list()),
+ "subject_categories": self.subject_categories,
+ "object_categories": self.object_categories,
+ "action_categories": self.action_categories,
}
@@ -378,15 +338,23 @@ class BaseConnector(object):
class PDPConnector(BaseConnector, PDPDriver):
def update_pdp(self, pdp_id, value):
- with self.get_session_for_write() as session:
- query = session.query(PDP)
- query = query.filter_by(id=pdp_id)
- ref = query.first()
- if ref:
- d = dict(ref.value)
- d.update(value)
- setattr(ref, "value", d)
- return {ref.id: ref.to_dict()}
+ try:
+ with self.get_session_for_write() as session:
+ query = session.query(PDP)
+ query = query.filter_by(id=pdp_id)
+ ref = query.first()
+ if ref:
+ value_wo_name = copy.deepcopy(value)
+ value_wo_name.pop("name", None)
+ value_wo_name.pop("keystone_project_id", None)
+ ref.name = value["name"]
+ ref.keystone_project_id = value["keystone_project_id"]
+ d = dict(ref.value)
+ d.update(value_wo_name)
+ setattr(ref, "value", d)
+ return {ref.id: ref.to_dict()}
+ except sqlalchemy.exc.IntegrityError:
+ raise exceptions.PdpExisting
def delete_pdp(self, pdp_id):
with self.get_session_for_write() as session:
@@ -394,13 +362,21 @@ class PDPConnector(BaseConnector, PDPDriver):
session.delete(ref)
def add_pdp(self, pdp_id=None, value=None):
- with self.get_session_for_write() as session:
- new = PDP.from_dict({
- "id": pdp_id if pdp_id else uuid4().hex,
- "value": value
- })
- session.add(new)
- return {new.id: new.to_dict()}
+ try:
+ with self.get_session_for_write() as session:
+ value_wo_name = copy.deepcopy(value)
+ value_wo_name.pop("name", None)
+ value_wo_name.pop("keystone_project_id", None)
+ new = PDP.from_dict({
+ "id": pdp_id if pdp_id else uuid4().hex,
+ "name": value["name"],
+ "keystone_project_id": value["keystone_project_id"],
+ "value": value_wo_name
+ })
+ session.add(new)
+ return {new.id: new.to_dict()}
+ except sqlalchemy.exc.IntegrityError:
+ raise exceptions.PdpExisting
def get_pdp(self, pdp_id=None):
with self.get_session_for_read() as session:
@@ -419,8 +395,13 @@ class PolicyConnector(BaseConnector, PolicyDriver):
query = query.filter_by(id=policy_id)
ref = query.first()
if ref:
+ value_wo_other_info = copy.deepcopy(value)
+ value_wo_other_info.pop("name", None)
+ value_wo_other_info.pop("model_id", None)
+ ref.name = value["name"]
+ ref.model_id= value["model_id"]
d = dict(ref.value)
- d.update(value)
+ d.update(value_wo_other_info)
setattr(ref, "value", d)
return {ref.id: ref.to_dict()}
@@ -431,9 +412,14 @@ class PolicyConnector(BaseConnector, PolicyDriver):
def add_policy(self, policy_id=None, value=None):
with self.get_session_for_write() as session:
+ value_wo_other_info = copy.deepcopy(value)
+ value_wo_other_info.pop("name", None)
+ value_wo_other_info.pop("model_id", None)
new = Policy.from_dict({
"id": policy_id if policy_id else uuid4().hex,
- "value": value
+ "name": value["name"],
+ "model_id": value.get("model_id", ""),
+ "value": value_wo_other_info
})
session.add(new)
return {new.id: new.to_dict()}
@@ -446,9 +432,9 @@ class PolicyConnector(BaseConnector, PolicyDriver):
ref_list = query.all()
return {_ref.id: _ref.to_dict() for _ref in ref_list}
- def get_subjects(self, policy_id, perimeter_id=None):
+ def __get_perimeters(self, ClassType, policy_id, perimeter_id=None):
with self.get_session_for_read() as session:
- query = session.query(Subject)
+ query = session.query(ClassType)
ref_list = copy.deepcopy(query.all())
if perimeter_id:
for _ref in ref_list:
@@ -467,212 +453,148 @@ class PolicyConnector(BaseConnector, PolicyDriver):
return {_ref.id: _ref.to_return() for _ref in results}
return {_ref.id: _ref.to_return() for _ref in ref_list}
- def set_subject(self, policy_id, perimeter_id=None, value=None):
- _subject = None
+ def __set_perimeter(self, ClassType, ClassTypeException, policy_id, perimeter_id=None, value=None):
+ if not value or "name" not in value or not value["name"].strip():
+ raise exceptions.PerimeterNameInvalid
with self.get_session_for_write() as session:
+ _perimeter = None
if perimeter_id:
- query = session.query(Subject)
+ query = session.query(ClassType)
query = query.filter_by(id=perimeter_id)
- _subject = query.first()
- if not _subject:
+ _perimeter = query.first()
+ if not perimeter_id and not _perimeter:
+ query = session.query(ClassType)
+ query = query.filter_by(name=value['name'])
+ _perimeter = query.first()
+ if _perimeter:
+ raise ClassTypeException
+ if not _perimeter:
if "policy_list" not in value or type(value["policy_list"]) is not list:
value["policy_list"] = []
if policy_id and policy_id not in value["policy_list"]:
value["policy_list"] = [policy_id, ]
- new = Subject.from_dict({
+
+ value_wo_name = copy.deepcopy(value)
+ value_wo_name.pop("name", None)
+ new = ClassType.from_dict({
"id": perimeter_id if perimeter_id else uuid4().hex,
- "value": value
+ "name": value["name"],
+ "value": value_wo_name
})
session.add(new)
return {new.id: new.to_return()}
else:
- _value = copy.deepcopy(_subject.to_dict())
+ _value = copy.deepcopy(_perimeter.to_dict())
if "policy_list" not in _value["value"] or type(_value["value"]["policy_list"]) is not list:
_value["value"]["policy_list"] = []
if policy_id and policy_id not in _value["value"]["policy_list"]:
_value["value"]["policy_list"].append(policy_id)
- new_subject = Subject.from_dict(_value)
- # setattr(_subject, "value", _value["value"])
- setattr(_subject, "value", getattr(new_subject, "value"))
- return {_subject.id: _subject.to_return()}
+ _value["value"].update(value)
+
+ name = _value["value"]["name"]
+ _value["value"].pop("name")
+ new_perimeter = ClassType.from_dict({
+ "id": _value["id"],
+ "name": name,
+ "value": _value["value"]
+ })
+ _perimeter.value = new_perimeter.value
+ _perimeter.name = new_perimeter.name
+ return {_perimeter.id: _perimeter.to_return()}
- def delete_subject(self, policy_id, perimeter_id):
+ def __delete_perimeter(self, ClassType, ClassUnknownException, policy_id, perimeter_id):
with self.get_session_for_write() as session:
- query = session.query(Subject)
+ query = session.query(ClassType)
query = query.filter_by(id=perimeter_id)
- _subject = query.first()
- if not _subject:
- raise SubjectUnknown
- old_subject = copy.deepcopy(_subject.to_dict())
- # value = _subject.to_dict()
+ _perimeter = query.first()
+ if not _perimeter:
+ raise ClassUnknownException
+ old_perimeter = copy.deepcopy(_perimeter.to_dict())
try:
- old_subject["value"]["policy_list"].remove(policy_id)
- new_user = Subject.from_dict(old_subject)
- setattr(_subject, "value", getattr(new_user, "value"))
+ old_perimeter["value"]["policy_list"].remove(policy_id)
+ new_perimeter = ClassType.from_dict(old_perimeter)
+ setattr(_perimeter, "value", getattr(new_perimeter, "value"))
except ValueError:
- if not _subject.value["policy_list"]:
- session.delete(_subject)
+ if not _perimeter.value["policy_list"]:
+ session.delete(_perimeter)
+
+ def get_subjects(self, policy_id, perimeter_id=None):
+ return self.__get_perimeters(Subject, policy_id, perimeter_id)
+
+ def set_subject(self, policy_id, perimeter_id=None, value=None):
+ try:
+ return self.__set_perimeter(Subject, exceptions.SubjectExisting, policy_id, perimeter_id=perimeter_id, value=value)
+ except sqlalchemy.exc.IntegrityError:
+ raise exceptions.SubjectExisting
+
+ def delete_subject(self, policy_id, perimeter_id):
+ self.__delete_perimeter(Subject, exceptions.SubjectUnknown, policy_id, perimeter_id)
def get_objects(self, policy_id, perimeter_id=None):
- with self.get_session_for_read() as session:
- query = session.query(Object)
- ref_list = copy.deepcopy(query.all())
- if perimeter_id:
- for _ref in ref_list:
- _ref_value = _ref.to_return()
- if perimeter_id == _ref.id:
- if policy_id and policy_id in _ref_value["policy_list"]:
- return {_ref.id: _ref_value}
- else:
- return {}
- elif policy_id:
- results = []
- for _ref in ref_list:
- _ref_value = _ref.to_return()
- if policy_id in _ref_value["policy_list"]:
- results.append(_ref)
- return {_ref.id: _ref.to_return() for _ref in results}
- return {_ref.id: _ref.to_return() for _ref in ref_list}
+ return self.__get_perimeters(Object, policy_id, perimeter_id)
def set_object(self, policy_id, perimeter_id=None, value=None):
- _object = None
- with self.get_session_for_write() as session:
- if perimeter_id:
- query = session.query(Object)
- query = query.filter_by(id=perimeter_id)
- _object = query.first()
- if not _object:
- if "policy_list" not in value or type(value["policy_list"]) is not list:
- value["policy_list"] = []
- if policy_id and policy_id not in value["policy_list"]:
- value["policy_list"] = [policy_id, ]
- new = Object.from_dict({
- "id": perimeter_id if perimeter_id else uuid4().hex,
- "value": value
- })
- session.add(new)
- return {new.id: new.to_return()}
- else:
- _value = copy.deepcopy(_object.to_dict())
- if "policy_list" not in _value["value"] or type(_value["value"]["policy_list"]) is not list:
- _value["value"]["policy_list"] = []
- if policy_id and policy_id not in _value["value"]["policy_list"]:
- _value["value"]["policy_list"].append(policy_id)
- new_object = Object.from_dict(_value)
- # setattr(_object, "value", _value["value"])
- setattr(_object, "value", getattr(new_object, "value"))
- return {_object.id: _object.to_return()}
+ try:
+ return self.__set_perimeter(Object, exceptions.ObjectExisting, policy_id, perimeter_id=perimeter_id, value=value)
+ except sqlalchemy.exc.IntegrityError as e:
+ logger.exception("IntegrityError {}".format(e))
+ raise exceptions.ObjectExisting
def delete_object(self, policy_id, perimeter_id):
- with self.get_session_for_write() as session:
- query = session.query(Object)
- query = query.filter_by(id=perimeter_id)
- _object = query.first()
- if not _object:
- raise ObjectUnknown
- old_object = copy.deepcopy(_object.to_dict())
- # value = _object.to_dict()
- try:
- old_object["value"]["policy_list"].remove(policy_id)
- new_user = Object.from_dict(old_object)
- setattr(_object, "value", getattr(new_user, "value"))
- except ValueError:
- if not _object.value["policy_list"]:
- session.delete(_object)
+ self.__delete_perimeter(Object, exceptions.ObjectUnknown, policy_id, perimeter_id)
def get_actions(self, policy_id, perimeter_id=None):
- with self.get_session_for_read() as session:
- query = session.query(Action)
- ref_list = copy.deepcopy(query.all())
- if perimeter_id:
- for _ref in ref_list:
- _ref_value = _ref.to_return()
- if perimeter_id == _ref.id:
- if policy_id and policy_id in _ref_value["policy_list"]:
- return {_ref.id: _ref_value}
- else:
- return {}
- elif policy_id:
- results = []
- for _ref in ref_list:
- _ref_value = _ref.to_return()
- if policy_id in _ref_value["policy_list"]:
- results.append(_ref)
- return {_ref.id: _ref.to_return() for _ref in results}
- return {_ref.id: _ref.to_return() for _ref in ref_list}
+ return self.__get_perimeters(Action, policy_id, perimeter_id)
def set_action(self, policy_id, perimeter_id=None, value=None):
- _action = None
- with self.get_session_for_write() as session:
- if perimeter_id:
- query = session.query(Action)
- query = query.filter_by(id=perimeter_id)
- _action = query.first()
- if not _action:
- if "policy_list" not in value or type(value["policy_list"]) is not list:
- value["policy_list"] = []
- if policy_id and policy_id not in value["policy_list"]:
- value["policy_list"] = [policy_id, ]
- new = Action.from_dict({
- "id": perimeter_id if perimeter_id else uuid4().hex,
- "value": value
- })
- session.add(new)
- return {new.id: new.to_return()}
- else:
- _value = copy.deepcopy(_action.to_dict())
- if "policy_list" not in _value["value"] or type(_value["value"]["policy_list"]) is not list:
- _value["value"]["policy_list"] = []
- if policy_id and policy_id not in _value["value"]["policy_list"]:
- _value["value"]["policy_list"].append(policy_id)
- new_action = Action.from_dict(_value)
- # setattr(_action, "value", _value["value"])
- setattr(_action, "value", getattr(new_action, "value"))
- return {_action.id: _action.to_return()}
+ try:
+ return self.__set_perimeter(Action, exceptions.ActionExisting, policy_id, perimeter_id=perimeter_id, value=value)
+ except sqlalchemy.exc.IntegrityError:
+ raise exceptions.ActionExisting
def delete_action(self, policy_id, perimeter_id):
- with self.get_session_for_write() as session:
- query = session.query(Action)
- query = query.filter_by(id=perimeter_id)
- _action = query.first()
- if not _action:
- raise ActionUnknown
- old_action = copy.deepcopy(_action.to_dict())
- # value = _action.to_dict()
- try:
- old_action["value"]["policy_list"].remove(policy_id)
- new_user = Action.from_dict(old_action)
- setattr(_action, "value", getattr(new_user, "value"))
- except ValueError:
- if not _action.value["policy_list"]:
- session.delete(_action)
+ self.__delete_perimeter(Action, exceptions.ActionUnknown, policy_id, perimeter_id)
- def get_subject_data(self, policy_id, data_id=None, category_id=None):
- logger.info("driver {} {} {}".format(policy_id, data_id, category_id))
+ def __is_data_exist(self, ClassType, data_id=None, category_id=None):
+ if not data_id:
+ return False
with self.get_session_for_read() as session:
- query = session.query(SubjectData)
- if data_id:
+ query = session.query(ClassType)
+ query = query.filter_by(category_id=category_id)
+ ref_list = query.all()
+ if ref_list:
+ return True
+ return False
+
+ def __get_data(self, ClassType, policy_id, data_id=None, category_id=None):
+ with self.get_session_for_read() as session:
+ query = session.query(ClassType)
+ if policy_id and data_id and category_id:
query = query.filter_by(policy_id=policy_id, id=data_id, category_id=category_id)
- else:
+ elif policy_id and category_id:
query = query.filter_by(policy_id=policy_id, category_id=category_id)
+ else:
+ query = query.filter_by(category_id=category_id)
ref_list = query.all()
- logger.info("ref_list={}".format(ref_list))
return {
"policy_id": policy_id,
"category_id": category_id,
"data": {_ref.id: _ref.to_dict() for _ref in ref_list}
}
- def set_subject_data(self, policy_id, data_id=None, category_id=None, value=None):
+ def __set_data(self, ClassType, ClassTypeData, policy_id, data_id=None, category_id=None, value=None):
with self.get_session_for_write() as session:
- query = session.query(SubjectData)
+ query = session.query(ClassTypeData)
query = query.filter_by(policy_id=policy_id, id=data_id, category_id=category_id)
ref = query.first()
if not ref:
- new_ref = SubjectData.from_dict(
+ value_wo_name = copy.deepcopy(value)
+ value_wo_name.pop("name", None)
+ new_ref = ClassTypeData.from_dict(
{
"id": data_id if data_id else uuid4().hex,
- 'value': value,
+ 'name': value["name"],
+ 'value': value_wo_name,
'category_id': category_id,
'policy_id': policy_id,
}
@@ -680,7 +602,7 @@ class PolicyConnector(BaseConnector, PolicyDriver):
session.add(new_ref)
ref = new_ref
else:
- for attr in Subject.attributes:
+ for attr in ClassType.attributes:
if attr != 'id':
setattr(ref, attr, getattr(ref, attr))
# session.flush()
@@ -690,116 +612,64 @@ class PolicyConnector(BaseConnector, PolicyDriver):
"data": {ref.id: ref.to_dict()}
}
- def delete_subject_data(self, policy_id, data_id):
+ def __delete_data(self, ClassType, policy_id, data_id):
with self.get_session_for_write() as session:
- query = session.query(SubjectData)
+ query = session.query(ClassType)
query = query.filter_by(policy_id=policy_id, id=data_id)
ref = query.first()
if ref:
session.delete(ref)
+ def is_subject_data_exist(self, data_id=None, category_id=None):
+ return self.__is_data_exist(SubjectData, data_id=data_id, category_id=category_id)
+
+ def get_subject_data(self, policy_id, data_id=None, category_id=None):
+ return self.__get_data(SubjectData, policy_id, data_id=data_id, category_id=category_id)
+
+ def set_subject_data(self, policy_id, data_id=None, category_id=None, value=None):
+ try:
+ return self.__set_data(Subject, SubjectData, policy_id, data_id=data_id, category_id=category_id, value=value)
+ except sqlalchemy.exc.IntegrityError:
+ raise exceptions.SubjectScopeExisting
+
+ def delete_subject_data(self, policy_id, data_id):
+ return self.__delete_data(SubjectData, policy_id, data_id)
+
+ def is_object_data_exist(self, data_id=None, category_id=None):
+ return self.__is_data_exist(ObjectData, data_id=data_id, category_id=category_id)
+
def get_object_data(self, policy_id, data_id=None, category_id=None):
- with self.get_session_for_read() as session:
- query = session.query(ObjectData)
- if data_id:
- query = query.filter_by(policy_id=policy_id, id=data_id, category_id=category_id)
- else:
- query = query.filter_by(policy_id=policy_id, category_id=category_id)
- ref_list = query.all()
- return {
- "policy_id": policy_id,
- "category_id": category_id,
- "data": {_ref.id: _ref.to_dict() for _ref in ref_list}
- }
+ return self.__get_data(ObjectData, policy_id, data_id=data_id, category_id=category_id)
def set_object_data(self, policy_id, data_id=None, category_id=None, value=None):
- with self.get_session_for_write() as session:
- query = session.query(ObjectData)
- query = query.filter_by(policy_id=policy_id, id=data_id, category_id=category_id)
- ref = query.first()
- if not ref:
- new_ref = ObjectData.from_dict(
- {
- "id": data_id if data_id else uuid4().hex,
- 'value': value,
- 'category_id': category_id,
- 'policy_id': policy_id,
- }
- )
- session.add(new_ref)
- ref = new_ref
- else:
- for attr in Object.attributes:
- if attr != 'id':
- setattr(ref, attr, getattr(ref, attr))
- # session.flush()
- return {
- "policy_id": policy_id,
- "category_id": category_id,
- "data": {ref.id: ref.to_dict()}
- }
+ try:
+ return self.__set_data(Object, ObjectData, policy_id, data_id=data_id, category_id=category_id, value=value)
+ except sqlalchemy.exc.IntegrityError:
+ raise exceptions.ObjectScopeExisting
def delete_object_data(self, policy_id, data_id):
- with self.get_session_for_write() as session:
- query = session.query(ObjectData)
- query = query.filter_by(policy_id=policy_id, id=data_id)
- ref = query.first()
- if ref:
- session.delete(ref)
+ return self.__delete_data(ObjectData, policy_id, data_id)
+
+ def is_action_data_exist(self, data_id=None,category_id=None):
+ return self.__is_data_exist(ActionData, data_id=data_id, category_id=category_id)
def get_action_data(self, policy_id, data_id=None, category_id=None):
- with self.get_session_for_read() as session:
- query = session.query(ActionData)
- if data_id:
- query = query.filter_by(policy_id=policy_id, id=data_id, category_id=category_id)
- else:
- query = query.filter_by(policy_id=policy_id, category_id=category_id)
- ref_list = query.all()
- return {
- "policy_id": policy_id,
- "category_id": category_id,
- "data": {_ref.id: _ref.to_dict() for _ref in ref_list}
- }
+ return self.__get_data(ActionData, policy_id, data_id=data_id, category_id=category_id)
def set_action_data(self, policy_id, data_id=None, category_id=None, value=None):
- with self.get_session_for_write() as session:
- query = session.query(ActionData)
- query = query.filter_by(policy_id=policy_id, id=data_id, category_id=category_id)
- ref = query.first()
- if not ref:
- new_ref = ActionData.from_dict(
- {
- "id": data_id if data_id else uuid4().hex,
- 'value': value,
- 'category_id': category_id,
- 'policy_id': policy_id,
- }
- )
- session.add(new_ref)
- ref = new_ref
- else:
- for attr in Action.attributes:
- if attr != 'id':
- setattr(ref, attr, getattr(ref, attr))
- # session.flush()
- return {
- "policy_id": policy_id,
- "category_id": category_id,
- "data": {ref.id: ref.to_dict()}
- }
+ try:
+ return self.__set_data(Action, ActionData, policy_id, data_id=data_id, category_id=category_id, value=value)
+ except sqlalchemy.exc.IntegrityError:
+ raise exceptions.ActionScopeExisting
def delete_action_data(self, policy_id, data_id):
- with self.get_session_for_write() as session:
- query = session.query(ActionData)
- query = query.filter_by(policy_id=policy_id, id=data_id)
- ref = query.first()
- if ref:
- session.delete(ref)
+ return self.__delete_data(ActionData, policy_id, data_id)
def get_subject_assignments(self, policy_id, subject_id=None, category_id=None):
with self.get_session_for_write() as session:
query = session.query(SubjectAssignment)
if subject_id and category_id:
+ #TODO change the subject_id to perimeter_id to allow code refactoring
query = query.filter_by(policy_id=policy_id, subject_id=subject_id, category_id=category_id)
elif subject_id:
query = query.filter_by(policy_id=policy_id, subject_id=subject_id)
@@ -819,6 +689,8 @@ class PolicyConnector(BaseConnector, PolicyDriver):
if data_id not in assignments:
assignments.append(data_id)
setattr(ref, "assignments", assignments)
+ else:
+ raise exceptions.SubjectAssignmentExisting
else:
ref = SubjectAssignment.from_dict(
{
@@ -852,6 +724,7 @@ class PolicyConnector(BaseConnector, PolicyDriver):
with self.get_session_for_write() as session:
query = session.query(ObjectAssignment)
if object_id and category_id:
+ #TODO change the object_id to perimeter_id to allow code refactoring
query = query.filter_by(policy_id=policy_id, object_id=object_id, category_id=category_id)
elif object_id:
query = query.filter_by(policy_id=policy_id, object_id=object_id)
@@ -871,6 +744,8 @@ class PolicyConnector(BaseConnector, PolicyDriver):
if data_id not in assignments:
assignments.append(data_id)
setattr(ref, "assignments", assignments)
+ else:
+ raise exceptions.ObjectAssignmentExisting
else:
ref = ObjectAssignment.from_dict(
{
@@ -904,6 +779,7 @@ class PolicyConnector(BaseConnector, PolicyDriver):
with self.get_session_for_write() as session:
query = session.query(ActionAssignment)
if action_id and category_id:
+ # TODO change the action_id to perimeter_id to allow code refactoring
query = query.filter_by(policy_id=policy_id, action_id=action_id, category_id=category_id)
elif action_id:
query = query.filter_by(policy_id=policy_id, action_id=action_id)
@@ -923,6 +799,8 @@ class PolicyConnector(BaseConnector, PolicyDriver):
if data_id not in assignments:
assignments.append(data_id)
setattr(ref, "assignments", assignments)
+ else:
+ raise exceptions.ActionAssignmentExisting
else:
ref = ActionAssignment.from_dict(
{
@@ -976,13 +854,12 @@ class PolicyConnector(BaseConnector, PolicyDriver):
}
def add_rule(self, policy_id, meta_rule_id, value):
- with self.get_session_for_write() as session:
- query = session.query(Rule)
- query = query.filter_by(policy_id=policy_id, meta_rule_id=meta_rule_id)
- ref_list = query.all()
- rules = list(map(lambda x: x.rule, ref_list))
- if not rules or value not in rules:
- logger.info("add_rule IN IF")
+ try:
+ rules = self.get_rules(policy_id, meta_rule_id=meta_rule_id)
+ for _rule in map(lambda x: x["rule"], rules["rules"]):
+ if list(value.get('rule')) == list(_rule):
+ raise exceptions.RuleExisting
+ with self.get_session_for_write() as session:
ref = Rule.from_dict(
{
"id": uuid4().hex,
@@ -993,7 +870,8 @@ class PolicyConnector(BaseConnector, PolicyDriver):
)
session.add(ref)
return {ref.id: ref.to_dict()}
- return {}
+ except sqlalchemy.exc.IntegrityError:
+ raise exceptions.RuleExisting
def delete_rule(self, policy_id, rule_id):
with self.get_session_for_write() as session:
@@ -1013,8 +891,11 @@ class ModelConnector(BaseConnector, ModelDriver):
query = query.filter_by(id=model_id)
ref = query.first()
if ref:
+ value_wo_name = copy.deepcopy(value)
+ value_wo_name.pop("name", None)
+ setattr(ref, "name", value["name"])
d = dict(ref.value)
- d.update(value)
+ d.update(value_wo_name)
setattr(ref, "value", d)
return {ref.id: ref.to_dict()}
@@ -1024,13 +905,19 @@ class ModelConnector(BaseConnector, ModelDriver):
session.delete(ref)
def add_model(self, model_id=None, value=None):
- with self.get_session_for_write() as session:
- new = Model.from_dict({
- "id": model_id if model_id else uuid4().hex,
- "value": value
- })
- session.add(new)
- return {new.id: new.to_dict()}
+ try:
+ with self.get_session_for_write() as session:
+ value_wo_name = copy.deepcopy(value)
+ value_wo_name.pop("name", None)
+ new = Model.from_dict({
+ "id": model_id if model_id else uuid4().hex,
+ "name": value["name"],
+ "value": value_wo_name
+ })
+ session.add(new)
+ return {new.id: new.to_dict()}
+ except sqlalchemy.exc.IntegrityError as e:
+ raise exceptions.ModelExisting
def get_models(self, model_id=None):
with self.get_session_for_read() as session:
@@ -1039,23 +926,41 @@ class ModelConnector(BaseConnector, ModelDriver):
ref_list = query.filter(Model.id == model_id)
else:
ref_list = query.all()
- return {_ref.id: _ref.to_dict() for _ref in ref_list}
+
+ r = {_ref.id: _ref.to_dict() for _ref in ref_list}
+ return r
def set_meta_rule(self, meta_rule_id, value):
with self.get_session_for_write() as session:
- query = session.query(MetaRule)
- query = query.filter_by(id=meta_rule_id)
- ref = query.first()
- if not ref:
- ref = MetaRule.from_dict(
- {
- "id": meta_rule_id if meta_rule_id else uuid4().hex,
- "value": value
- }
- )
- session.add(ref)
+ value_wo_other_data = copy.deepcopy(value)
+ value_wo_other_data.pop("name", None)
+ value_wo_other_data.pop("subject_categories", None)
+ value_wo_other_data.pop("object_categories", None)
+ value_wo_other_data.pop("action_categories", None)
+ if meta_rule_id is None:
+ try:
+ ref = MetaRule.from_dict(
+ {
+ "id": uuid4().hex,
+ "name": value["name"],
+ "subject_categories": value["subject_categories"],
+ "object_categories": value["object_categories"],
+ "action_categories": value["action_categories"],
+ "value": value_wo_other_data
+ }
+ )
+ session.add(ref)
+ except sqlalchemy.exc.IntegrityError as e:
+ raise exceptions.MetaRuleExisting
else:
- setattr(ref, "value", value)
+ query = session.query(MetaRule)
+ query = query.filter_by(id=meta_rule_id)
+ ref = query.first()
+ setattr(ref, "name", value["name"])
+ setattr(ref, "subject_categories", value["subject_categories"])
+ setattr(ref, "object_categories", value["object_categories"])
+ setattr(ref, "action_categories", value["action_categories"])
+ setattr(ref, "value", value_wo_other_data)
return {ref.id: ref.to_dict()}
def get_meta_rules(self, meta_rule_id=None):
@@ -1074,101 +979,73 @@ class ModelConnector(BaseConnector, ModelDriver):
if ref:
session.delete(ref)
- def get_subject_categories(self, category_id=None):
+ def __get_perimeter_categories(self, ClassType, category_id=None):
with self.get_session_for_read() as session:
- query = session.query(SubjectCategory)
+ query = session.query(ClassType)
if category_id:
query = query.filter_by(id=category_id)
ref_list = query.all()
return {_ref.id: _ref.to_dict() for _ref in ref_list}
- def add_subject_category(self, name, description, uuid=None):
+ def __add_perimeter_category(self, ClassType, name, description, uuid=None):
+ if not name.strip():
+ raise exceptions.CategoryNameInvalid
with self.get_session_for_write() as session:
- query = session.query(SubjectCategory)
- query = query.filter_by(name=name)
- ref = query.first()
- if not ref:
- ref = SubjectCategory.from_dict(
- {
- "id": uuid if uuid else uuid4().hex,
- "name": name,
- "description": description
- }
- )
- session.add(ref)
+ ref = ClassType.from_dict(
+ {
+ "id": uuid if uuid else uuid4().hex,
+ "name": name,
+ "description": description
+ }
+ )
+ session.add(ref)
return {ref.id: ref.to_dict()}
- def delete_subject_category(self, category_id):
+ def __delete_perimeter_category(self, ClassType, category_id):
with self.get_session_for_write() as session:
- query = session.query(SubjectCategory)
+ query = session.query(ClassType)
query = query.filter_by(id=category_id)
ref = query.first()
if ref:
session.delete(ref)
+ def get_subject_categories(self, category_id=None):
+ return self.__get_perimeter_categories(SubjectCategory, category_id=category_id)
+
+ def add_subject_category(self, name, description, uuid=None):
+ try:
+ return self.__add_perimeter_category(SubjectCategory, name, description, uuid=uuid)
+ except sql.exc.IntegrityError as e:
+ raise exceptions.SubjectCategoryExisting()
+
+ def delete_subject_category(self, category_id):
+ self.__delete_perimeter_category(SubjectCategory, category_id)
+
def get_object_categories(self, category_id=None):
- with self.get_session_for_read() as session:
- query = session.query(ObjectCategory)
- if category_id:
- query = query.filter_by(id=category_id)
- ref_list = query.all()
- return {_ref.id: _ref.to_dict() for _ref in ref_list}
+ return self.__get_perimeter_categories(ObjectCategory, category_id=category_id)
def add_object_category(self, name, description, uuid=None):
- with self.get_session_for_write() as session:
- query = session.query(ObjectCategory)
- query = query.filter_by(name=name)
- ref = query.first()
- if not ref:
- ref = ObjectCategory.from_dict(
- {
- "id": uuid if uuid else uuid4().hex,
- "name": name,
- "description": description
- }
- )
- session.add(ref)
- return {ref.id: ref.to_dict()}
+ try:
+ return self.__add_perimeter_category(ObjectCategory, name, description, uuid=uuid)
+ except sql.exc.IntegrityError as e:
+ raise exceptions.ObjectCategoryExisting()
def delete_object_category(self, category_id):
- with self.get_session_for_write() as session:
- query = session.query(ObjectCategory)
- query = query.filter_by(id=category_id)
- ref = query.first()
- if ref:
- session.delete(ref)
+ self.__delete_perimeter_category(ObjectCategory, category_id)
def get_action_categories(self, category_id=None):
- with self.get_session_for_read() as session:
- query = session.query(ActionCategory)
- if category_id:
- query = query.filter_by(id=category_id)
- ref_list = query.all()
- return {_ref.id: _ref.to_dict() for _ref in ref_list}
+
+ return self.__get_perimeter_categories(ActionCategory, category_id=category_id)
def add_action_category(self, name, description, uuid=None):
- with self.get_session_for_write() as session:
- query = session.query(ActionCategory)
- query = query.filter_by(name=name)
- ref = query.first()
- if not ref:
- ref = ActionCategory.from_dict(
- {
- "id": uuid if uuid else uuid4().hex,
- "name": name,
- "description": description
- }
- )
- session.add(ref)
- return {ref.id: ref.to_dict()}
+ try:
+ return self.__add_perimeter_category(ActionCategory, name, description, uuid=uuid)
+ except sql.exc.IntegrityError as e:
+ raise exceptions.ActionCategoryExisting()
def delete_action_category(self, category_id):
- with self.get_session_for_write() as session:
- query = session.query(ActionCategory)
- query = query.filter_by(id=category_id)
- ref = query.first()
- if ref:
- session.delete(ref)
+ self.__delete_perimeter_category(ActionCategory, category_id)
+
# Getter and Setter for subject_category
# def get_subject_categories_dict(self, intra_extension_id):