aboutsummaryrefslogtreecommitdiffstats
path: root/python_moonutilities/python_moonutilities/context.py
diff options
context:
space:
mode:
Diffstat (limited to 'python_moonutilities/python_moonutilities/context.py')
-rw-r--r--python_moonutilities/python_moonutilities/context.py353
1 files changed, 0 insertions, 353 deletions
diff --git a/python_moonutilities/python_moonutilities/context.py b/python_moonutilities/python_moonutilities/context.py
deleted file mode 100644
index dc140b74..00000000
--- a/python_moonutilities/python_moonutilities/context.py
+++ /dev/null
@@ -1,353 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-
-
-import copy
-import logging
-from python_moonutilities import exceptions
-
-logger = logging.getLogger("moon.utilities." + __name__)
-
-
-class Context:
-
- def __init__(self, init_context, cache):
- if init_context is None:
- raise Exception("Invalid context content object")
-
- self.cache = cache
- self.__keystone_project_id = init_context.get("project_id")
- self.__pdp_id = self.cache.get_pdp_from_keystone_project(self.__keystone_project_id)
-
- if not self.__pdp_id:
- raise exceptions.AuthzException(
- "Cannot create context for authz "
- "with Keystone project ID {}".format(
- self.__keystone_project_id
- ))
- self.__pdp_value = copy.deepcopy(self.cache.pdp[self.__pdp_id])
-
- self.__subject = init_context.get("subject_name")
- self.__object = init_context.get("object_name")
- self.__action = init_context.get("action_name")
- self.__request_id = init_context.get("req_id")
- self.__cookie = init_context.get("cookie")
- self.__manager_url = init_context.get("manager_url")
- self.__interface_name = init_context.get("interface_name")
- self.__current_request = None
-
- self.__index = -1
- # self.__init_initial_request()
- self.__meta_rule_ids = self.cache.get_meta_rule_ids_from_pdp_value(self.__pdp_value)
- self.__meta_rules = self.cache.meta_rules
-
- self.__pdp_set = {}
- # self.__init_pdp_set()
-
- def delete_cache(self):
- self.cache = {}
-
- def set_cache(self, cache):
- self.cache = cache
-
- def increment_index(self):
- self.__index += 1
- self.__init_current_request()
- self.__init_pdp_set()
-
- @property
- def current_state(self):
- self.__validate_meta_rule_content(self.__pdp_set[self.__meta_rule_ids[self.__index]])
- return self.__pdp_set[self.__meta_rule_ids[self.__index]]['effect']
-
- @current_state.setter
- def current_state(self, state):
- if state not in ("grant", "deny", "passed"):
- state = "passed"
- self.__validate_meta_rule_content(self.__pdp_set[self.__meta_rule_ids[self.__index]])
- self.__pdp_set[self.__meta_rule_ids[self.__index]]['effect'] = state
-
- @current_state.deleter
- def current_state(self):
- self.__validate_meta_rule_content(self.__pdp_set[self.__meta_rule_ids[self.__index]])
- self.__pdp_set[self.__meta_rule_ids[self.__index]]['effect'] = "unset"
-
- @property
- def current_policy_id(self):
- if "security_pipeline" not in self.__pdp_value:
- raise exceptions.AuthzException('Cannot find security_pipeline key within pdp.')
- return self.__pdp_value["security_pipeline"][self.__index]
-
- @current_policy_id.setter
- def current_policy_id(self, value):
- pass
-
- @current_policy_id.deleter
- def current_policy_id(self):
- pass
-
- def __init_current_request(self):
- if "security_pipeline" not in self.__pdp_value:
- raise exceptions.PdpContentError
- self.__subject = self.cache.get_subject(
- self.__pdp_value["security_pipeline"][self.__index],
- self.__subject)
- self.__object = self.cache.get_object(
- self.__pdp_value["security_pipeline"][self.__index],
- self.__object)
- self.__action = self.cache.get_action(
- self.__pdp_value["security_pipeline"][self.__index],
- self.__action)
- self.__current_request = dict(self.initial_request)
-
- def __init_pdp_set(self):
- for meta_rule_id in self.__meta_rule_ids:
- self.__pdp_set[meta_rule_id] = dict()
- self.__pdp_set[meta_rule_id]["meta_rules"] = self.__meta_rules[meta_rule_id]
- self.__pdp_set[meta_rule_id]["target"] = self.__add_target(meta_rule_id)
- self.__pdp_set[meta_rule_id]["effect"] = "unset"
- self.__pdp_set["effect"] = "deny"
-
- def update_target(self):
- for meta_rule_id in self.__meta_rule_ids:
- result = dict()
- _subject = self.__current_request["subject"]
- _object = self.__current_request["object"]
- _action = self.__current_request["action"]
-
- meta_rules = self.cache.meta_rules
- policy_id = self.cache.get_policy_from_meta_rules(meta_rule_id)
-
- if 'subject_categories' not in meta_rules[meta_rule_id]:
- raise exceptions.MetaRuleContentError(" 'subject_categories' key not found ")
-
- self.cache.update_assignments(policy_id)
-
- for sub_cat in meta_rules[meta_rule_id]['subject_categories']:
- if sub_cat not in result:
- result[sub_cat] = []
- result[sub_cat].extend(
- self.cache.get_subject_assignments(policy_id, _subject, sub_cat))
-
- if 'object_categories' not in meta_rules[meta_rule_id]:
- raise exceptions.MetaRuleContentError(" 'object_categories' key not found ")
-
- for obj_cat in meta_rules[meta_rule_id]['object_categories']:
- if obj_cat not in result:
- result[obj_cat] = []
- result[obj_cat].extend(
- self.cache.get_object_assignments(policy_id, _object, obj_cat))
-
- if 'action_categories' not in meta_rules[meta_rule_id]:
- raise exceptions.MetaRuleContentError(" 'action_categories' key not found ")
-
- for act_cat in meta_rules[meta_rule_id]['action_categories']:
- if act_cat not in result:
- result[act_cat] = []
- result[act_cat].extend(
- self.cache.get_action_assignments(policy_id, _action, act_cat))
-
- self.__pdp_set[meta_rule_id]["target"] = result
-
- def __add_target(self, meta_rule_id):
- """build target from meta_rule
-
- Target is dict of categories as keys ; and the value of each category
- will be a list of assignments
-
- """
- result = dict()
- _subject = self.__current_request["subject"]
- _object = self.__current_request["object"]
- _action = self.__current_request["action"]
-
- meta_rules = self.cache.meta_rules
- policy_id = self.cache.get_policy_from_meta_rules(meta_rule_id)
-
- if 'subject_categories' not in meta_rules[meta_rule_id]:
- raise exceptions.MetaRuleContentError(" 'subject_categories' key not found ")
-
- for sub_cat in meta_rules[meta_rule_id]['subject_categories']:
- if sub_cat not in result:
- result[sub_cat] = []
- result[sub_cat].extend(
- self.cache.get_subject_assignments(policy_id, _subject, sub_cat))
-
- if 'object_categories' not in meta_rules[meta_rule_id]:
- raise exceptions.MetaRuleContentError(" 'object_categories' key not found ")
-
- for obj_cat in meta_rules[meta_rule_id]['object_categories']:
- if obj_cat not in result:
- result[obj_cat] = []
- result[obj_cat].extend(
- self.cache.get_object_assignments(policy_id, _object, obj_cat))
-
- if 'action_categories' not in meta_rules[meta_rule_id]:
- raise exceptions.MetaRuleContentError(" 'action_categories' key not found ")
-
- for act_cat in meta_rules[meta_rule_id]['action_categories']:
- if act_cat not in result:
- result[act_cat] = []
- result[act_cat].extend(
- self.cache.get_action_assignments(policy_id, _action, act_cat))
-
- return result
-
- def __repr__(self):
- return """PDP ID: {id}
-current_request: {current_request}
-request_id: {request_id}
-index: {index}
-headers: {headers}
-pdp_set: {pdp_set}
- """.format(
- id=self.__pdp_id,
- current_request=self.__current_request,
- request_id=self.__request_id,
- headers=self.__meta_rule_ids,
- pdp_set=self.__pdp_set,
- index=self.__index
- )
-
- def to_dict(self):
- return {
- "initial_request": copy.deepcopy(self.initial_request),
- "current_request": copy.deepcopy(self.__current_request),
- "headers": copy.deepcopy(self.__meta_rule_ids),
- "index": copy.deepcopy(self.__index),
- "pdp_set": copy.deepcopy(self.__pdp_set),
- "request_id": copy.deepcopy(self.__request_id),
- "manager_url": copy.deepcopy(self.__manager_url),
- "interface_name": copy.deepcopy(self.__interface_name),
- }
-
- @property
- def request_id(self):
- return self.__request_id
-
- @request_id.setter
- def request_id(self, value):
- raise Exception("You cannot update the request_id")
-
- @request_id.deleter
- def request_id(self):
- raise Exception("You cannot update the request_id")
-
- @property
- def manager_url(self):
- return self.__manager_url
-
- @manager_url.setter
- def manager_url(self, value):
- raise Exception("You cannot update the manager_url")
-
- @manager_url.deleter
- def manager_url(self):
- raise Exception("You cannot update the manager_url")
-
- @property
- def interface_name(self):
- return self.__interface_name
-
- @interface_name.setter
- def interface_name(self, value):
- raise Exception("You cannot update the interface_name")
-
- @interface_name.deleter
- def interface_name(self):
- raise Exception("You cannot update the interface_name")
-
- @property
- def cookie(self):
- return self.__cookie
-
- @cookie.setter
- def cookie(self, value):
- raise Exception("You cannot update the cookie")
-
- @cookie.deleter
- def cookie(self):
- raise Exception("You cannot delete the cookie")
-
- @property
- def initial_request(self):
- return {
- "subject": self.__subject,
- "object": self.__object,
- "action": self.__action,
- }
-
- @initial_request.setter
- def initial_request(self, value):
- raise Exception("You are not allowed to update the initial_request")
-
- @initial_request.deleter
- def initial_request(self):
- raise Exception("You are not allowed to delete the initial_request")
-
- @property
- def current_request(self):
- if not self.__current_request:
- self.__current_request = dict(self.initial_request)
- return self.__current_request
-
- @current_request.setter
- def current_request(self, value):
-
- self.__current_request = copy.deepcopy(value)
- # Note (asteroide): if the current request is modified,
- # we must update the PDP Set.
- self.__init_pdp_set()
-
- @current_request.deleter
- def current_request(self):
- self.__current_request = {}
- self.__pdp_set = {}
-
- '''
- [Note ] Refactor name of headers to meta_rule_ids done ,
- may need to refactor getter and setter of headers
- '''
-
- @property
- def headers(self):
- return self.__meta_rule_ids
-
- @headers.setter
- def headers(self, meta_rule_ids):
- self.__meta_rule_ids = meta_rule_ids
-
- @headers.deleter
- def headers(self):
- self.__meta_rule_ids = list()
-
- @property
- def index(self):
- return self.__index
-
- @index.setter
- def index(self, index):
- self.__index += 1
-
- @index.deleter
- def index(self):
- self.__index = -1
-
- @property
- def pdp_set(self):
- return self.__pdp_set
-
- @pdp_set.setter
- def pdp_set(self, value):
- raise Exception("You are not allowed to modify the pdp_set")
-
- @pdp_set.deleter
- def pdp_set(self):
- self.__pdp_set = {}
-
- def __validate_meta_rule_content(self, meta_rules):
- if 'effect' not in meta_rules:
- logger.error("meta_rules={}".format(meta_rules))
- raise exceptions.PdpContentError("effect not in meta_rules")