aboutsummaryrefslogtreecommitdiffstats
path: root/python_moondb/python_moondb
diff options
context:
space:
mode:
Diffstat (limited to 'python_moondb/python_moondb')
-rw-r--r--python_moondb/python_moondb/__init__.py3
-rw-r--r--python_moondb/python_moondb/api/model.py43
-rw-r--r--python_moondb/python_moondb/api/pdp.py8
-rw-r--r--python_moondb/python_moondb/api/policy.py59
-rw-r--r--python_moondb/python_moondb/backends/sql.py126
-rw-r--r--python_moondb/python_moondb/migrate_repo/versions/001_moon.py49
6 files changed, 207 insertions, 81 deletions
diff --git a/python_moondb/python_moondb/__init__.py b/python_moondb/python_moondb/__init__.py
index 287558f7..e2e16287 100644
--- a/python_moondb/python_moondb/__init__.py
+++ b/python_moondb/python_moondb/__init__.py
@@ -3,5 +3,4 @@
# license which can be found in the file 'LICENSE' in this package distribution
# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-__version__ = "1.2.9"
-
+__version__ = "1.2.16"
diff --git a/python_moondb/python_moondb/api/model.py b/python_moondb/python_moondb/api/model.py
index f5858662..c1603b83 100644
--- a/python_moondb/python_moondb/api/model.py
+++ b/python_moondb/python_moondb/api/model.py
@@ -22,6 +22,10 @@ class ModelManager(Managers):
def update_model(self, user_id, model_id, value):
if model_id not in self.driver.get_models(model_id=model_id):
raise exceptions.ModelUnknown
+ if value and 'meta_rules' in value:
+ for meta_rule_id in value['meta_rules']:
+ if not self.driver.get_meta_rules(meta_rule_id=meta_rule_id):
+ raise exceptions.MetaRuleUnknown
return self.driver.update_model(model_id=model_id, value=value)
@enforce(("read", "write"), "models")
@@ -41,6 +45,10 @@ class ModelManager(Managers):
raise exceptions.ModelExisting
if not model_id:
model_id = uuid4().hex
+ if value and 'meta_rules' in value:
+ for meta_rule_id in value['meta_rules']:
+ if not self.driver.get_meta_rules(meta_rule_id=meta_rule_id):
+ raise exceptions.MetaRuleUnknown
return self.driver.add_model(model_id=model_id, value=value)
@enforce("read", "models")
@@ -51,6 +59,19 @@ class ModelManager(Managers):
def set_meta_rule(self, user_id, meta_rule_id, value):
if meta_rule_id not in self.driver.get_meta_rules(meta_rule_id=meta_rule_id):
raise exceptions.MetaRuleUnknown
+ if value:
+ if 'subject_categories' in value:
+ for subject_category_id in value['subject_categories']:
+ if not self.driver.get_subject_categories(category_id=subject_category_id):
+ raise exceptions.SubjectCategoryUnknown
+ if 'object_categories' in value:
+ for object_category_id in value['object_categories']:
+ if not self.driver.get_object_categories(category_id=object_category_id):
+ raise exceptions.ObjectCategoryUnknown
+ if 'action_categories' in value:
+ for action_category_id in value['action_categories']:
+ if not self.driver.get_action_categories(category_id=action_category_id):
+ raise exceptions.ActionCategoryUnknown
return self.driver.set_meta_rule(meta_rule_id=meta_rule_id, value=value)
@enforce("read", "meta_rules")
@@ -61,6 +82,19 @@ class ModelManager(Managers):
def add_meta_rule(self, user_id, meta_rule_id=None, value=None):
if meta_rule_id in self.driver.get_meta_rules(meta_rule_id=meta_rule_id):
raise exceptions.MetaRuleExisting
+ if value:
+ if 'subject_categories' in value:
+ for subject_category_id in value['subject_categories']:
+ if not self.driver.get_subject_categories(category_id=subject_category_id):
+ raise exceptions.SubjectCategoryUnknown
+ if 'object_categories' in value:
+ for object_category_id in value['object_categories']:
+ if not self.driver.get_object_categories(category_id=object_category_id):
+ raise exceptions.ObjectCategoryUnknown
+ if 'action_categories' in value:
+ for action_category_id in value['action_categories']:
+ if not self.driver.get_action_categories(category_id=action_category_id):
+ raise exceptions.ActionCategoryUnknown
return self.driver.set_meta_rule(meta_rule_id=meta_rule_id, value=value)
@enforce(("read", "write"), "meta_rules")
@@ -93,8 +127,11 @@ class ModelManager(Managers):
meta_rules = self.get_meta_rules(user_id=user_id)
for meta_rule_id in meta_rules:
for subject_category_id in meta_rules[meta_rule_id]['subject_categories']:
+ logger.info("delete_subject_category {} {}".format(subject_category_id, meta_rule_id))
+ logger.info("delete_subject_category {}".format(meta_rules[meta_rule_id]))
if subject_category_id == category_id:
- raise exceptions.DeleteCategoryWithMetaRule
+ self.delete_meta_rule(user_id, meta_rule_id)
+ # raise exceptions.DeleteCategoryWithMetaRule
if self.driver.is_subject_data_exist(category_id=category_id):
raise exceptions.DeleteCategoryWithData
return self.driver.delete_subject_category(category_id=category_id)
@@ -119,7 +156,7 @@ class ModelManager(Managers):
for meta_rule_id in meta_rules:
for object_category_id in meta_rules[meta_rule_id]['object_categories']:
if object_category_id == category_id:
- raise exceptions.DeleteCategoryWithMetaRule
+ self.delete_meta_rule(user_id, meta_rule_id)
if self.driver.is_object_data_exist(category_id=category_id):
raise exceptions.DeleteCategoryWithData
return self.driver.delete_object_category(category_id=category_id)
@@ -144,7 +181,7 @@ class ModelManager(Managers):
for meta_rule_id in meta_rules:
for action_category_id in meta_rules[meta_rule_id]['action_categories']:
if action_category_id == category_id:
- raise exceptions.DeleteCategoryWithMetaRule
+ self.delete_meta_rule(user_id, meta_rule_id)
if self.driver.is_action_data_exist(category_id=category_id):
raise exceptions.DeleteCategoryWithData
return self.driver.delete_action_category(category_id=category_id)
diff --git a/python_moondb/python_moondb/api/pdp.py b/python_moondb/python_moondb/api/pdp.py
index 7e852ca8..d0a071c9 100644
--- a/python_moondb/python_moondb/api/pdp.py
+++ b/python_moondb/python_moondb/api/pdp.py
@@ -22,6 +22,10 @@ class PDPManager(Managers):
def update_pdp(self, user_id, pdp_id, value):
if pdp_id not in self.driver.get_pdp(pdp_id=pdp_id):
raise exceptions.PdpUnknown
+ if value and 'security_pipeline' in value:
+ for policy_id in value['security_pipeline']:
+ if not Managers.PolicyManager.get_policies(user_id=user_id, policy_id=policy_id):
+ raise exceptions.PolicyUnknown
return self.driver.update_pdp(pdp_id=pdp_id, value=value)
@enforce(("read", "write"), "pdp")
@@ -36,6 +40,10 @@ class PDPManager(Managers):
raise exceptions.PdpExisting
if not pdp_id:
pdp_id = uuid4().hex
+ if value and 'security_pipeline' in value:
+ for policy_id in value['security_pipeline']:
+ if not Managers.PolicyManager.get_policies(user_id=user_id, policy_id=policy_id):
+ raise exceptions.PolicyUnknown
return self.driver.add_pdp(pdp_id=pdp_id, value=value)
@enforce("read", "pdp")
diff --git a/python_moondb/python_moondb/api/policy.py b/python_moondb/python_moondb/api/policy.py
index 69392e6d..05c2b7d5 100644
--- a/python_moondb/python_moondb/api/policy.py
+++ b/python_moondb/python_moondb/api/policy.py
@@ -40,6 +40,9 @@ class PolicyManager(Managers):
def update_policy(self, user_id, policy_id, value):
if policy_id not in self.driver.get_policies(policy_id=policy_id):
raise exceptions.PolicyUnknown
+ if value and 'model_id' in value and value['model_id'] != "":
+ if not Managers.ModelManager.get_models(user_id, model_id=value['model_id']):
+ raise exceptions.ModelUnknown
return self.driver.update_policy(policy_id=policy_id, value=value)
@enforce(("read", "write"), "policies")
@@ -60,6 +63,9 @@ class PolicyManager(Managers):
raise exceptions.PolicyExisting
if not policy_id:
policy_id = uuid4().hex
+ if value and 'model_id' in value and value['model_id'] != "":
+ if not Managers.ModelManager.get_models(user_id, model_id=value['model_id']):
+ raise exceptions.ModelUnknown
return self.driver.add_policy(policy_id=policy_id, value=value)
@enforce("read", "policies")
@@ -68,10 +74,19 @@ class PolicyManager(Managers):
@enforce("read", "perimeter")
def get_subjects(self, user_id, policy_id, perimeter_id=None):
+ if not policy_id:
+ pass
+ elif not (policy_id and self.get_policies(user_id=user_id, policy_id=policy_id)):
+ raise exceptions.PolicyUnknown
return self.driver.get_subjects(policy_id=policy_id, perimeter_id=perimeter_id)
@enforce(("read", "write"), "perimeter")
def add_subject(self, user_id, policy_id, perimeter_id=None, value=None):
+ if not value or "name" not in value or not value["name"].strip():
+ raise exceptions.PerimeterNameInvalid
+ if value["name"] in map(lambda x: x['name'],
+ self.get_subjects(user_id, policy_id, perimeter_id).values()):
+ raise exceptions.SubjectExisting
k_user = Managers.KeystoneManager.get_user_by_name(value.get('name'))
if not k_user['users']:
k_user = Managers.KeystoneManager.create_user(value)
@@ -94,10 +109,16 @@ class PolicyManager(Managers):
@enforce(("read", "write"), "perimeter")
def delete_subject(self, user_id, policy_id, perimeter_id):
+ if policy_id and not self.get_policies(user_id=user_id, policy_id=policy_id):
+ raise exceptions.PolicyUnknown
return self.driver.delete_subject(policy_id=policy_id, perimeter_id=perimeter_id)
@enforce("read", "perimeter")
def get_objects(self, user_id, policy_id, perimeter_id=None):
+ if not policy_id:
+ pass
+ elif not (policy_id and self.get_policies(user_id=user_id, policy_id=policy_id)):
+ raise exceptions.PolicyUnknown
return self.driver.get_objects(policy_id=policy_id, perimeter_id=perimeter_id)
@enforce(("read", "write"), "perimeter")
@@ -110,21 +131,30 @@ class PolicyManager(Managers):
@enforce(("read", "write"), "perimeter")
def delete_object(self, user_id, policy_id, perimeter_id):
+ if policy_id and not self.get_policies(user_id=user_id, policy_id=policy_id):
+ raise exceptions.PolicyUnknown
return self.driver.delete_object(policy_id=policy_id, perimeter_id=perimeter_id)
@enforce("read", "perimeter")
def get_actions(self, user_id, policy_id, perimeter_id=None):
+ if not policy_id:
+ pass
+ elif not (policy_id and self.get_policies(user_id=user_id, policy_id=policy_id)):
+ raise exceptions.PolicyUnknown
return self.driver.get_actions(policy_id=policy_id, perimeter_id=perimeter_id)
@enforce(("read", "write"), "perimeter")
def add_action(self, user_id, policy_id, perimeter_id=None, value=None):
- logger.info("add_action {}".format(policy_id))
+ logger.debug("add_action {}".format(policy_id))
if not self.get_policies(user_id=user_id, policy_id=policy_id):
raise exceptions.PolicyUnknown
return self.driver.set_action(policy_id=policy_id, perimeter_id=perimeter_id, value=value)
@enforce(("read", "write"), "perimeter")
def delete_action(self, user_id, policy_id, perimeter_id):
+ logger.debug("delete_action {} {} {}".format(policy_id, perimeter_id, self.get_policies(user_id=user_id, policy_id=policy_id)))
+ if policy_id and not self.get_policies(user_id=user_id, policy_id=policy_id):
+ raise exceptions.PolicyUnknown
return self.driver.delete_action(policy_id=policy_id, perimeter_id=perimeter_id)
@enforce("read", "data")
@@ -144,6 +174,8 @@ class PolicyManager(Managers):
def set_subject_data(self, user_id, policy_id, data_id=None, category_id=None, value=None):
if not category_id:
raise Exception('Invalid category id')
+ if not Managers.ModelManager.get_subject_categories(user_id=user_id, category_id=category_id):
+ raise exceptions.MetaDataUnknown
if not self.get_policies(user_id=user_id, policy_id=policy_id):
raise exceptions.PolicyUnknown
if not data_id:
@@ -175,6 +207,8 @@ class PolicyManager(Managers):
def add_object_data(self, user_id, policy_id, data_id=None, category_id=None, value=None):
if not category_id:
raise Exception('Invalid category id')
+ if not Managers.ModelManager.get_object_categories(user_id=user_id, category_id=category_id):
+ raise exceptions.MetaDataUnknown
if not self.get_policies(user_id=user_id, policy_id=policy_id):
raise exceptions.PolicyUnknown
if not data_id:
@@ -206,6 +240,8 @@ class PolicyManager(Managers):
def add_action_data(self, user_id, policy_id, data_id=None, category_id=None, value=None):
if not category_id:
raise Exception('Invalid category id')
+ if not Managers.ModelManager.get_action_categories(user_id=user_id, category_id=category_id):
+ raise exceptions.MetaDataUnknown
if not self.get_policies(user_id=user_id, policy_id=policy_id):
raise exceptions.PolicyUnknown
if not data_id:
@@ -228,6 +264,12 @@ class PolicyManager(Managers):
def add_subject_assignment(self, user_id, policy_id, subject_id, category_id, data_id):
if not self.get_policies(user_id=user_id, policy_id=policy_id):
raise exceptions.PolicyUnknown
+ if not self.get_subjects(user_id=user_id, policy_id=policy_id, perimeter_id=subject_id):
+ raise exceptions.SubjectUnknown
+ if not Managers.ModelManager.get_subject_categories(user_id=user_id, category_id=category_id):
+ raise exceptions.MetaDataUnknown
+ if not self.get_subject_data(user_id=user_id, policy_id=policy_id, data_id=data_id):
+ raise exceptions.DataUnknown
return self.driver.add_subject_assignment(policy_id=policy_id, subject_id=subject_id,
category_id=category_id, data_id=data_id)
@@ -244,6 +286,12 @@ class PolicyManager(Managers):
def add_object_assignment(self, user_id, policy_id, object_id, category_id, data_id):
if not self.get_policies(user_id=user_id, policy_id=policy_id):
raise exceptions.PolicyUnknown
+ if not self.get_objects(user_id=user_id, policy_id=policy_id, perimeter_id=object_id):
+ raise exceptions.ObjectUnknown
+ if not Managers.ModelManager.get_object_categories(user_id=user_id, category_id=category_id):
+ raise exceptions.MetaDataUnknown
+ if not self.get_object_data(user_id=user_id, policy_id=policy_id, data_id=data_id):
+ raise exceptions.DataUnknown
return self.driver.add_object_assignment(policy_id=policy_id, object_id=object_id,
category_id=category_id, data_id=data_id)
@@ -260,6 +308,12 @@ class PolicyManager(Managers):
def add_action_assignment(self, user_id, policy_id, action_id, category_id, data_id):
if not self.get_policies(user_id=user_id, policy_id=policy_id):
raise exceptions.PolicyUnknown
+ if not self.get_actions(user_id=user_id, policy_id=policy_id, perimeter_id=action_id):
+ raise exceptions.ActionUnknown
+ if not Managers.ModelManager.get_action_categories(user_id=user_id, category_id=category_id):
+ raise exceptions.MetaDataUnknown
+ if not self.get_action_data(user_id=user_id, policy_id=policy_id, data_id=data_id):
+ raise exceptions.DataUnknown
return self.driver.add_action_assignment(policy_id=policy_id, action_id=action_id,
category_id=category_id, data_id=data_id)
@@ -271,11 +325,14 @@ class PolicyManager(Managers):
@enforce("read", "rules")
def get_rules(self, user_id, policy_id, meta_rule_id=None, rule_id=None):
return self.driver.get_rules(policy_id=policy_id, meta_rule_id=meta_rule_id, rule_id=rule_id)
+ logger.info("delete_subject_data: {} {}".format(policy_id, data_id))
@enforce(("read", "write"), "rules")
def add_rule(self, user_id, policy_id, meta_rule_id, value):
if not self.get_policies(user_id=user_id, policy_id=policy_id):
raise exceptions.PolicyUnknown
+ if not self.ModelManager.get_meta_rules(user_id=user_id, meta_rule_id=meta_rule_id):
+ raise exceptions.MetaRuleUnknown
return self.driver.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value)
@enforce(("read", "write"), "rules")
diff --git a/python_moondb/python_moondb/backends/sql.py b/python_moondb/python_moondb/backends/sql.py
index 366ed7de..7310e7f3 100644
--- a/python_moondb/python_moondb/backends/sql.py
+++ b/python_moondb/python_moondb/backends/sql.py
@@ -14,7 +14,7 @@ from sqlalchemy import create_engine
from contextlib import contextmanager
from sqlalchemy import types as sql_types
from python_moonutilities import configuration
-from python_moonutilities.exceptions import *
+from python_moonutilities import exceptions
from python_moondb.core import PDPDriver, PolicyDriver, ModelDriver
import sqlalchemy
@@ -134,6 +134,7 @@ class PerimeterBase(DictBase):
name = sql.Column(sql.String(256), nullable=False)
value = sql.Column(JsonBlob(), nullable=True)
__mapper_args__ = {'concrete': True}
+
def __repr__(self):
return "{} with name {} : {}".format(self.id, self.name, json.dumps(self.value))
@@ -155,6 +156,7 @@ class PerimeterBase(DictBase):
'value': dict_value
}
+
class Subject(Base, PerimeterBase):
__tablename__ = 'subjects'
@@ -352,7 +354,7 @@ class PDPConnector(BaseConnector, PDPDriver):
setattr(ref, "value", d)
return {ref.id: ref.to_dict()}
except sqlalchemy.exc.IntegrityError:
- raise PdpExisting
+ raise exceptions.PdpExisting
def delete_pdp(self, pdp_id):
with self.get_session_for_write() as session:
@@ -374,7 +376,7 @@ class PDPConnector(BaseConnector, PDPDriver):
session.add(new)
return {new.id: new.to_dict()}
except sqlalchemy.exc.IntegrityError:
- raise PdpExisting
+ raise exceptions.PdpExisting
def get_pdp(self, pdp_id=None):
with self.get_session_for_read() as session:
@@ -416,7 +418,7 @@ class PolicyConnector(BaseConnector, PolicyDriver):
new = Policy.from_dict({
"id": policy_id if policy_id else uuid4().hex,
"name": value["name"],
- "model_id": value["model_id"],
+ "model_id": value.get("model_id", ""),
"value": value_wo_other_info
})
session.add(new)
@@ -452,13 +454,20 @@ class PolicyConnector(BaseConnector, PolicyDriver):
return {_ref.id: _ref.to_return() for _ref in ref_list}
def __set_perimeter(self, ClassType, ClassTypeException, policy_id, perimeter_id=None, value=None):
- _perimeter = None
+ if not value or "name" not in value or not value["name"].strip():
+ raise exceptions.PerimeterNameInvalid
with self.get_session_for_write() as session:
+ _perimeter = None
if perimeter_id:
query = session.query(ClassType)
query = query.filter_by(id=perimeter_id)
_perimeter = query.first()
- logger.info("+++++++++++++ {}".format(_perimeter))
+ if not perimeter_id and not _perimeter:
+ query = session.query(ClassType)
+ query = query.filter_by(name=value['name'])
+ _perimeter = query.first()
+ if _perimeter:
+ raise ClassTypeException
if not _perimeter:
if "policy_list" not in value or type(value["policy_list"]) is not list:
value["policy_list"] = []
@@ -466,9 +475,9 @@ class PolicyConnector(BaseConnector, PolicyDriver):
value["policy_list"] = [policy_id, ]
value_wo_name = copy.deepcopy(value)
- value_wo_name.pop("name",None)
+ value_wo_name.pop("name", None)
new = ClassType.from_dict({
- "id": uuid4().hex,
+ "id": perimeter_id if perimeter_id else uuid4().hex,
"name": value["name"],
"value": value_wo_name
})
@@ -480,7 +489,7 @@ class PolicyConnector(BaseConnector, PolicyDriver):
_value["value"]["policy_list"] = []
if policy_id and policy_id not in _value["value"]["policy_list"]:
_value["value"]["policy_list"].append(policy_id)
- logger.info("-------------_value- {}".format(_value))
+ _value["value"].update(value)
name = _value["value"]["name"]
_value["value"].pop("name")
@@ -489,13 +498,11 @@ class PolicyConnector(BaseConnector, PolicyDriver):
"name": name,
"value": _value["value"]
})
- logger.info("-------------- new {}".format(new_perimeter))
- logger.info("-------------- old {}".format(_perimeter))
_perimeter.value = new_perimeter.value
_perimeter.name = new_perimeter.name
return {_perimeter.id: _perimeter.to_return()}
- def __delete_perimeter(self,ClassType, ClassUnknownException, policy_id, perimeter_id):
+ def __delete_perimeter(self, ClassType, ClassUnknownException, policy_id, perimeter_id):
with self.get_session_for_write() as session:
query = session.query(ClassType)
query = query.filter_by(id=perimeter_id)
@@ -503,7 +510,6 @@ class PolicyConnector(BaseConnector, PolicyDriver):
if not _perimeter:
raise ClassUnknownException
old_perimeter = copy.deepcopy(_perimeter.to_dict())
- # value = _subject.to_dict()
try:
old_perimeter["value"]["policy_list"].remove(policy_id)
new_perimeter = ClassType.from_dict(old_perimeter)
@@ -517,39 +523,41 @@ class PolicyConnector(BaseConnector, PolicyDriver):
def set_subject(self, policy_id, perimeter_id=None, value=None):
try:
- return self.__set_perimeter(Subject, SubjectExisting, policy_id, perimeter_id=perimeter_id, value=value)
+ return self.__set_perimeter(Subject, exceptions.SubjectExisting, policy_id, perimeter_id=perimeter_id, value=value)
except sqlalchemy.exc.IntegrityError:
- raise SubjectExisting
+ raise exceptions.SubjectExisting
def delete_subject(self, policy_id, perimeter_id):
- self.__delete_perimeter(Subject, SubjectUnknown, policy_id, perimeter_id)
+ self.__delete_perimeter(Subject, exceptions.SubjectUnknown, policy_id, perimeter_id)
def get_objects(self, policy_id, perimeter_id=None):
return self.__get_perimeters(Object, policy_id, perimeter_id)
def set_object(self, policy_id, perimeter_id=None, value=None):
try:
- return self.__set_perimeter(Object, ObjectExisting, policy_id, perimeter_id=perimeter_id, value=value)
- except sqlalchemy.exc.IntegrityError:
- raise ObjectExisting
+ return self.__set_perimeter(Object, exceptions.ObjectExisting, policy_id, perimeter_id=perimeter_id, value=value)
+ except sqlalchemy.exc.IntegrityError as e:
+ logger.exception("IntegrityError {}".format(e))
+ raise exceptions.ObjectExisting
def delete_object(self, policy_id, perimeter_id):
- self.__delete_perimeter(Object, ObjectUnknown, policy_id, perimeter_id)
+ self.__delete_perimeter(Object, exceptions.ObjectUnknown, policy_id, perimeter_id)
def get_actions(self, policy_id, perimeter_id=None):
return self.__get_perimeters(Action, policy_id, perimeter_id)
def set_action(self, policy_id, perimeter_id=None, value=None):
try:
- return self.__set_perimeter(Action, ActionExisting, policy_id, perimeter_id=perimeter_id, value=value)
+ return self.__set_perimeter(Action, exceptions.ActionExisting, policy_id, perimeter_id=perimeter_id, value=value)
except sqlalchemy.exc.IntegrityError:
- raise ActionExisting
+ raise exceptions.ActionExisting
def delete_action(self, policy_id, perimeter_id):
- self.__delete_perimeter(Action, ActionUnknown, policy_id, perimeter_id)
+ self.__delete_perimeter(Action, exceptions.ActionUnknown, policy_id, perimeter_id)
- def __is_perimeter_data_exist(self, ClassType ,data_id=None, category_id=None):
- logger.info("driver {} {}".format( data_id, category_id))
+ def __is_data_exist(self, ClassType, data_id=None, category_id=None):
+ if not data_id:
+ return False
with self.get_session_for_read() as session:
query = session.query(ClassType)
query = query.filter_by(category_id=category_id)
@@ -558,23 +566,23 @@ class PolicyConnector(BaseConnector, PolicyDriver):
return True
return False
- def __get_perimeter_data(self, ClassType, policy_id, data_id=None, category_id=None):
- logger.info("driver {} {} {}".format(policy_id, data_id, category_id))
+ def __get_data(self, ClassType, policy_id, data_id=None, category_id=None):
with self.get_session_for_read() as session:
query = session.query(ClassType)
- if data_id:
+ if policy_id and data_id and category_id:
query = query.filter_by(policy_id=policy_id, id=data_id, category_id=category_id)
- else:
+ elif policy_id and category_id:
query = query.filter_by(policy_id=policy_id, category_id=category_id)
+ else:
+ query = query.filter_by(category_id=category_id)
ref_list = query.all()
- logger.info("ref_list={}".format(ref_list))
return {
"policy_id": policy_id,
"category_id": category_id,
"data": {_ref.id: _ref.to_dict() for _ref in ref_list}
}
- def __set_perimeter_data(self, ClassType, ClassTypeData, policy_id, data_id=None, category_id=None, value=None):
+ def __set_data(self, ClassType, ClassTypeData, policy_id, data_id=None, category_id=None, value=None):
with self.get_session_for_write() as session:
query = session.query(ClassTypeData)
query = query.filter_by(policy_id=policy_id, id=data_id, category_id=category_id)
@@ -604,7 +612,7 @@ class PolicyConnector(BaseConnector, PolicyDriver):
"data": {ref.id: ref.to_dict()}
}
- def __delete_perimeter_data(self, ClassType, policy_id, data_id):
+ def __delete_data(self, ClassType, policy_id, data_id):
with self.get_session_for_write() as session:
query = session.query(ClassType)
query = query.filter_by(policy_id=policy_id, id=data_id)
@@ -613,49 +621,49 @@ class PolicyConnector(BaseConnector, PolicyDriver):
session.delete(ref)
def is_subject_data_exist(self, data_id=None, category_id=None):
- return self.__is_perimeter_data_exist(SubjectData, data_id=data_id, category_id=category_id)
+ return self.__is_data_exist(SubjectData, data_id=data_id, category_id=category_id)
def get_subject_data(self, policy_id, data_id=None, category_id=None):
- return self.__get_perimeter_data(SubjectData, policy_id, data_id=data_id, category_id=category_id)
+ return self.__get_data(SubjectData, policy_id, data_id=data_id, category_id=category_id)
def set_subject_data(self, policy_id, data_id=None, category_id=None, value=None):
try:
- return self.__set_perimeter_data(Subject, SubjectData, policy_id, data_id=data_id, category_id=category_id, value=value)
+ return self.__set_data(Subject, SubjectData, policy_id, data_id=data_id, category_id=category_id, value=value)
except sqlalchemy.exc.IntegrityError:
- raise SubjectScopeExisting
+ raise exceptions.SubjectScopeExisting
def delete_subject_data(self, policy_id, data_id):
- return self.__delete_perimeter_data(SubjectData, policy_id, data_id)
+ return self.__delete_data(SubjectData, policy_id, data_id)
def is_object_data_exist(self, data_id=None, category_id=None):
- return self.__is_perimeter_data_exist(ObjectData, data_id=data_id, category_id=category_id)
+ return self.__is_data_exist(ObjectData, data_id=data_id, category_id=category_id)
def get_object_data(self, policy_id, data_id=None, category_id=None):
- return self.__get_perimeter_data(ObjectData, policy_id, data_id=data_id, category_id=category_id)
+ return self.__get_data(ObjectData, policy_id, data_id=data_id, category_id=category_id)
def set_object_data(self, policy_id, data_id=None, category_id=None, value=None):
try:
- return self.__set_perimeter_data(Object, ObjectData, policy_id, data_id=data_id, category_id=category_id, value=value)
+ return self.__set_data(Object, ObjectData, policy_id, data_id=data_id, category_id=category_id, value=value)
except sqlalchemy.exc.IntegrityError:
- raise ObjectScopeExisting
+ raise exceptions.ObjectScopeExisting
def delete_object_data(self, policy_id, data_id):
- return self.__delete_perimeter_data(ObjectData, policy_id, data_id)
+ return self.__delete_data(ObjectData, policy_id, data_id)
def is_action_data_exist(self, data_id=None,category_id=None):
- return self.__is_perimeter_data_exist(ActionData, data_id=data_id, category_id=category_id)
+ return self.__is_data_exist(ActionData, data_id=data_id, category_id=category_id)
def get_action_data(self, policy_id, data_id=None, category_id=None):
- return self.__get_perimeter_data(ActionData, policy_id, data_id=data_id, category_id=category_id)
+ return self.__get_data(ActionData, policy_id, data_id=data_id, category_id=category_id)
def set_action_data(self, policy_id, data_id=None, category_id=None, value=None):
try:
- return self.__set_perimeter_data(Action, ActionData, policy_id, data_id=data_id, category_id=category_id, value=value)
+ return self.__set_data(Action, ActionData, policy_id, data_id=data_id, category_id=category_id, value=value)
except sqlalchemy.exc.IntegrityError:
- raise ActionScopeExisting
+ raise exceptions.ActionScopeExisting
def delete_action_data(self, policy_id, data_id):
- return self.__delete_perimeter_data(ActionData, policy_id, data_id)
+ return self.__delete_data(ActionData, policy_id, data_id)
def get_subject_assignments(self, policy_id, subject_id=None, category_id=None):
with self.get_session_for_write() as session:
@@ -682,7 +690,7 @@ class PolicyConnector(BaseConnector, PolicyDriver):
assignments.append(data_id)
setattr(ref, "assignments", assignments)
else:
- raise SubjectAssignmentExisting
+ raise exceptions.SubjectAssignmentExisting
else:
ref = SubjectAssignment.from_dict(
{
@@ -737,7 +745,7 @@ class PolicyConnector(BaseConnector, PolicyDriver):
assignments.append(data_id)
setattr(ref, "assignments", assignments)
else:
- raise ObjectAssignmentExisting
+ raise exceptions.ObjectAssignmentExisting
else:
ref = ObjectAssignment.from_dict(
{
@@ -792,7 +800,7 @@ class PolicyConnector(BaseConnector, PolicyDriver):
assignments.append(data_id)
setattr(ref, "assignments", assignments)
else:
- raise ActionAssignmentExisting
+ raise exceptions.ActionAssignmentExisting
else:
ref = ActionAssignment.from_dict(
{
@@ -847,6 +855,10 @@ class PolicyConnector(BaseConnector, PolicyDriver):
def add_rule(self, policy_id, meta_rule_id, value):
try:
+ rules = self.get_rules(policy_id, meta_rule_id=meta_rule_id)
+ for _rule in map(lambda x: x["rule"], rules["rules"]):
+ if list(value.get('rule')) == list(_rule):
+ raise exceptions.RuleExisting
with self.get_session_for_write() as session:
ref = Rule.from_dict(
{
@@ -859,7 +871,7 @@ class PolicyConnector(BaseConnector, PolicyDriver):
session.add(ref)
return {ref.id: ref.to_dict()}
except sqlalchemy.exc.IntegrityError:
- raise RuleExisting
+ raise exceptions.RuleExisting
def delete_rule(self, policy_id, rule_id):
with self.get_session_for_write() as session:
@@ -905,7 +917,7 @@ class ModelConnector(BaseConnector, ModelDriver):
session.add(new)
return {new.id: new.to_dict()}
except sqlalchemy.exc.IntegrityError as e:
- raise ModelExisting
+ raise exceptions.ModelExisting
def get_models(self, model_id=None):
with self.get_session_for_read() as session:
@@ -939,7 +951,7 @@ class ModelConnector(BaseConnector, ModelDriver):
)
session.add(ref)
except sqlalchemy.exc.IntegrityError as e:
- raise MetaRuleExisting
+ raise exceptions.MetaRuleExisting
else:
query = session.query(MetaRule)
query = query.filter_by(id=meta_rule_id)
@@ -976,6 +988,8 @@ class ModelConnector(BaseConnector, ModelDriver):
return {_ref.id: _ref.to_dict() for _ref in ref_list}
def __add_perimeter_category(self, ClassType, name, description, uuid=None):
+ if not name.strip():
+ raise exceptions.CategoryNameInvalid
with self.get_session_for_write() as session:
ref = ClassType.from_dict(
{
@@ -1002,7 +1016,7 @@ class ModelConnector(BaseConnector, ModelDriver):
try:
return self.__add_perimeter_category(SubjectCategory, name, description, uuid=uuid)
except sql.exc.IntegrityError as e:
- raise SubjectCategoryExisting()
+ raise exceptions.SubjectCategoryExisting()
def delete_subject_category(self, category_id):
self.__delete_perimeter_category(SubjectCategory, category_id)
@@ -1014,7 +1028,7 @@ class ModelConnector(BaseConnector, ModelDriver):
try:
return self.__add_perimeter_category(ObjectCategory, name, description, uuid=uuid)
except sql.exc.IntegrityError as e:
- raise ObjectCategoryExisting()
+ raise exceptions.ObjectCategoryExisting()
def delete_object_category(self, category_id):
self.__delete_perimeter_category(ObjectCategory, category_id)
@@ -1027,7 +1041,7 @@ class ModelConnector(BaseConnector, ModelDriver):
try:
return self.__add_perimeter_category(ActionCategory, name, description, uuid=uuid)
except sql.exc.IntegrityError as e:
- raise ActionCategoryExisting()
+ raise exceptions.ActionCategoryExisting()
def delete_action_category(self, category_id):
self.__delete_perimeter_category(ActionCategory, category_id)
diff --git a/python_moondb/python_moondb/migrate_repo/versions/001_moon.py b/python_moondb/python_moondb/migrate_repo/versions/001_moon.py
index f69d708d..1bfb2ffa 100644
--- a/python_moondb/python_moondb/migrate_repo/versions/001_moon.py
+++ b/python_moondb/python_moondb/migrate_repo/versions/001_moon.py
@@ -3,7 +3,19 @@
# license which can be found in the file 'LICENSE' in this package distribution
# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+import json
import sqlalchemy as sql
+from sqlalchemy import types as sql_types
+
+class JsonBlob(sql_types.TypeDecorator):
+
+ impl = sql.Text
+
+ def process_bind_param(self, value, dialect):
+ return json.dumps(value)
+
+ def process_result_value(self, value, dialect):
+ return json.loads(value)
def upgrade(migrate_engine):
@@ -16,7 +28,7 @@ def upgrade(migrate_engine):
sql.Column('id', sql.String(64), primary_key=True),
sql.Column('name', sql.String(256), nullable=False),
sql.Column('keystone_project_id', sql.String(64), nullable=True, default=""),
- sql.Column('value', sql.Text(), nullable=True),
+ sql.Column('value', JsonBlob(), nullable=True),
sql.UniqueConstraint('name', 'keystone_project_id', name='unique_constraint_models'),
mysql_engine='InnoDB',
mysql_charset='utf8')
@@ -28,7 +40,7 @@ def upgrade(migrate_engine):
sql.Column('id', sql.String(64), primary_key=True),
sql.Column('name', sql.String(256), nullable=False),
sql.Column('model_id', sql.String(64), nullable=True, default=""),
- sql.Column('value', sql.Text(), nullable=True),
+ sql.Column('value', JsonBlob(), nullable=True),
sql.UniqueConstraint('name', 'model_id', name='unique_constraint_models'),
mysql_engine='InnoDB',
mysql_charset='utf8')
@@ -39,7 +51,7 @@ def upgrade(migrate_engine):
meta,
sql.Column('id', sql.String(64), primary_key=True),
sql.Column('name', sql.String(256), nullable=False),
- sql.Column('value', sql.Text(), nullable=True),
+ sql.Column('value', JsonBlob(), nullable=True),
sql.UniqueConstraint('name', name='unique_constraint_models'),
mysql_engine='InnoDB',
mysql_charset='utf8')
@@ -86,7 +98,7 @@ def upgrade(migrate_engine):
meta,
sql.Column('id', sql.String(64), primary_key=True),
sql.Column('name', sql.String(256), nullable=False),
- sql.Column('value', sql.Text(), nullable=True),
+ sql.Column('value', JsonBlob(), nullable=True),
sql.UniqueConstraint('name', name='unique_constraint_subjects'),
mysql_engine='InnoDB',
mysql_charset='utf8')
@@ -97,7 +109,7 @@ def upgrade(migrate_engine):
meta,
sql.Column('id', sql.String(64), primary_key=True),
sql.Column('name', sql.String(256), nullable=False),
- sql.Column('value', sql.Text(), nullable=True),
+ sql.Column('value', JsonBlob(), nullable=True),
sql.UniqueConstraint('name', name='unique_constraint_objects'),
mysql_engine='InnoDB',
mysql_charset='utf8')
@@ -108,7 +120,7 @@ def upgrade(migrate_engine):
meta,
sql.Column('id', sql.String(64), primary_key=True),
sql.Column('name', sql.String(256), nullable=False),
- sql.Column('value', sql.Text(), nullable=True),
+ sql.Column('value', JsonBlob(), nullable=True),
sql.UniqueConstraint('name', name='unique_constraint_actions'),
mysql_engine='InnoDB',
mysql_charset='utf8')
@@ -119,7 +131,7 @@ def upgrade(migrate_engine):
meta,
sql.Column('id', sql.String(64), primary_key=True),
sql.Column('name', sql.String(256), nullable=False),
- sql.Column('value', sql.Text(), nullable=True),
+ sql.Column('value', JsonBlob(), nullable=True),
sql.Column('category_id', sql.ForeignKey("subject_categories.id"), nullable=False),
sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False),
sql.UniqueConstraint('name', 'category_id', 'policy_id', name='unique_constraint_subject_data'),
@@ -132,7 +144,7 @@ def upgrade(migrate_engine):
meta,
sql.Column('id', sql.String(64), primary_key=True),
sql.Column('name', sql.String(256), nullable=False),
- sql.Column('value', sql.Text(), nullable=True),
+ sql.Column('value', JsonBlob(), nullable=True),
sql.Column('category_id', sql.ForeignKey("object_categories.id"), nullable=False),
sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False),
sql.UniqueConstraint('name', 'category_id', 'policy_id', name='unique_constraint_object_data'),
@@ -145,7 +157,7 @@ def upgrade(migrate_engine):
meta,
sql.Column('id', sql.String(64), primary_key=True),
sql.Column('name', sql.String(256), nullable=False),
- sql.Column('value', sql.Text(), nullable=True),
+ sql.Column('value', JsonBlob(), nullable=True),
sql.Column('category_id', sql.ForeignKey("action_categories.id"), nullable=False),
sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False),
sql.UniqueConstraint('name', 'category_id', 'policy_id', name='unique_constraint_action_data'),
@@ -157,7 +169,7 @@ def upgrade(migrate_engine):
'subject_assignments',
meta,
sql.Column('id', sql.String(64), primary_key=True),
- sql.Column('assignments', sql.Text(), nullable=True),
+ sql.Column('assignments', sql.String(256), nullable=True),
sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False),
sql.Column('subject_id', sql.ForeignKey("subjects.id"), nullable=False),
sql.Column('category_id', sql.ForeignKey("subject_categories.id"), nullable=False),
@@ -170,7 +182,7 @@ def upgrade(migrate_engine):
'object_assignments',
meta,
sql.Column('id', sql.String(64), primary_key=True),
- sql.Column('assignments', sql.Text(), nullable=True),
+ sql.Column('assignments', sql.String(256), nullable=True),
sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False),
sql.Column('object_id', sql.ForeignKey("objects.id"), nullable=False),
sql.Column('category_id', sql.ForeignKey("object_categories.id"), nullable=False),
@@ -183,7 +195,7 @@ def upgrade(migrate_engine):
'action_assignments',
meta,
sql.Column('id', sql.String(64), primary_key=True),
- sql.Column('assignments', sql.Text(), nullable=True),
+ sql.Column('assignments', sql.String(256), nullable=True),
sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False),
sql.Column('action_id', sql.ForeignKey("actions.id"), nullable=False),
sql.Column('category_id', sql.ForeignKey("action_categories.id"), nullable=False),
@@ -197,12 +209,12 @@ def upgrade(migrate_engine):
meta,
sql.Column('id', sql.String(64), primary_key=True),
sql.Column('name', sql.String(256), nullable=False),
- sql.Column('subject_categories', sql.Text(), nullable=False),
- sql.Column('object_categories', sql.Text(), nullable=False),
- sql.Column('action_categories', sql.Text(), nullable=False),
- sql.Column('value', sql.Text(), nullable=True),
+ sql.Column('subject_categories', JsonBlob(), nullable=False),
+ sql.Column('object_categories', JsonBlob(), nullable=False),
+ sql.Column('action_categories', JsonBlob(), nullable=False),
+ sql.Column('value', JsonBlob(), nullable=True),
sql.UniqueConstraint('name', name='unique_constraint_meta_rule_name'),
- sql.UniqueConstraint('subject_categories', 'object_categories', 'action_categories', name='unique_constraint_meta_rule_def'),
+ # sql.UniqueConstraint('subject_categories', 'object_categories', 'action_categories', name='unique_constraint_meta_rule_def'),
mysql_engine='InnoDB',
mysql_charset='utf8')
meta_rules_table.create(migrate_engine, checkfirst=True)
@@ -211,10 +223,9 @@ def upgrade(migrate_engine):
'rules',
meta,
sql.Column('id', sql.String(64), primary_key=True),
- sql.Column('rule', sql.Text(), nullable=True),
+ sql.Column('rule', JsonBlob(), nullable=True),
sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False),
sql.Column('meta_rule_id', sql.ForeignKey("meta_rules.id"), nullable=False),
- sql.UniqueConstraint('rule', 'policy_id', 'meta_rule_id', name='unique_constraint_rule'),
mysql_engine='InnoDB',
mysql_charset='utf8')
rules_table.create(migrate_engine, checkfirst=True)