From 73326131f58c5ca208cd54025e12ee9de543d4a7 Mon Sep 17 00:00:00 2001 From: "francois.cellier" Date: Tue, 13 Mar 2018 17:38:59 +0100 Subject: fix a bug on rules : the rules ids are now checked to be consistent with respect to the meta rule Change-Id: I0126ab6b7c1bdcc9babd2c5d7e34782a88394e7c --- moon_manager/moon_manager/__init__.py | 2 +- moon_manager/moon_manager/api/json_export.py | 16 +++++++--- moon_manager/moon_manager/api/json_import.py | 47 +++++++++++++++++++--------- moon_manager/moon_manager/api/rules.py | 4 +-- 4 files changed, 48 insertions(+), 21 deletions(-) diff --git a/moon_manager/moon_manager/__init__.py b/moon_manager/moon_manager/__init__.py index 98a98146..20a70977 100644 --- a/moon_manager/moon_manager/__init__.py +++ b/moon_manager/moon_manager/__init__.py @@ -3,4 +3,4 @@ # license which can be found in the file 'LICENSE' in this package distribution # or at 'http://www.apache.org/licenses/LICENSE-2.0'. -__version__ = "4.5.1" +__version__ = "4.5.2" diff --git a/moon_manager/moon_manager/api/json_export.py b/moon_manager/moon_manager/api/json_export.py index 9ddcfc8d..1d3643e7 100644 --- a/moon_manager/moon_manager/api/json_export.py +++ b/moon_manager/moon_manager/api/json_export.py @@ -39,11 +39,19 @@ class JsonExport(Resource): JsonUtils.convert_id_to_name(policy_key, rule_dict, "policy", "policy", PolicyManager, self._user_id) ids = rule["rule"] rule_description = dict() - JsonUtils.convert_ids_to_names([ids[0]], rule_description, "subject_data", "subject_data", PolicyManager, self._user_id, policy_key) - JsonUtils.convert_ids_to_names([ids[1]], rule_description, "object_data", "object_data", PolicyManager, self._user_id, policy_key) - JsonUtils.convert_ids_to_names([ids[2]], rule_description, "action_data", "action_data", PolicyManager, self._user_id, policy_key) + meta_rule = ModelManager.get_meta_rules(self._user_id, rule["meta_rule_id"]) + meta_rule = [v for v in meta_rule.values()] + meta_rule = meta_rule[0] + index_subject_data = len(meta_rule["subject_categories"])-1 + index_object_data = len(meta_rule["subject_categories"]) + len(meta_rule["object_categories"])-1 + index_action_data = len(meta_rule["subject_categories"]) + len(meta_rule["object_categories"]) + len(meta_rule["action_categories"])-1 + ids_subject_data = [ids[0]] if len(meta_rule["subject_categories"]) == 1 else ids[0:index_subject_data] + ids_object_data = [ids[index_object_data]] if len(meta_rule["object_categories"]) == 1 else ids[index_subject_data+1:index_object_data] + ids_action_date = [ids[index_action_data]] if len(meta_rule["action_categories"]) == 1 else ids[index_object_data+1:index_action_data] + JsonUtils.convert_ids_to_names(ids_subject_data, rule_description, "subject_data", "subject_data", PolicyManager, self._user_id, policy_key) + JsonUtils.convert_ids_to_names(ids_object_data, rule_description, "object_data", "object_data", PolicyManager, self._user_id, policy_key) + JsonUtils.convert_ids_to_names(ids_action_date, rule_description, "action_data", "action_data", PolicyManager, self._user_id, policy_key) rule_dict["rule"] = rule_description - logger.info("Exporting rule {}".format(rule_dict)) rules_array.append(rule_dict) if len(rules_array) > 0: diff --git a/moon_manager/moon_manager/api/json_import.py b/moon_manager/moon_manager/api/json_import.py index 58ee526b..ae9a21d0 100644 --- a/moon_manager/moon_manager/api/json_import.py +++ b/moon_manager/moon_manager/api/json_import.py @@ -79,6 +79,23 @@ class JsonImport(Resource): "/import/", ) + def _reorder_rules_ids(self, rule, ordered_perimeter_categories_ids, json_data_ids, policy_id, get_function): + ordered_json_ids = [None]*len(ordered_perimeter_categories_ids) + logger.info("ordered_json_ids {}".format(ordered_json_ids)) + logger.info("json_data_ids {}".format(json_data_ids)) + for json_id in json_data_ids: + logger.info("json_id {}".format(json_id)) + data = get_function(self._user_id, policy_id, data_id=json_id) + data = data[0] + logger.info("data {}".format(data)) + if data["category_id"] not in ordered_perimeter_categories_ids: + raise InvalidJson("The category id {} of the rule {} does not match the meta rule".format(data["category_id"], rule)) + if ordered_json_ids[ordered_perimeter_categories_ids.index(data["category_id"])] is not None: + raise InvalidJson("The category id {} of the rule {} shall not be used twice in the same rule".format(data["category_id"], rule)) + ordered_json_ids[ordered_perimeter_categories_ids.index(data["category_id"])] = json_id + logger.info(ordered_json_ids) + return ordered_json_ids + def _import_rules(self, json_rules): if not isinstance(json_rules, list): raise InvalidJson("rules shall be a list!") @@ -91,26 +108,28 @@ class JsonImport(Resource): json_ids = dict() JsonUtils.convert_name_to_id(json_rule, json_ids, "policy", "policy_id", "policy", PolicyManager, self._user_id) JsonUtils.convert_name_to_id(json_rule, json_to_use, "meta_rule", "meta_rule_id", "meta_rule", ModelManager, self._user_id) - json_subject_ids = dict() json_object_ids = dict() json_action_ids = dict() - json_rule_to_use = dict() JsonUtils.convert_names_to_ids(json_rule["rule"], json_subject_ids, "subject_data", "subject", "subject_data", PolicyManager, self._user_id, json_ids["policy_id"]) JsonUtils.convert_names_to_ids(json_rule["rule"], json_object_ids, "object_data", "object", "object_data", PolicyManager, self._user_id, json_ids["policy_id"]) JsonUtils.convert_names_to_ids(json_rule["rule"], json_action_ids, "action_data", "action", "action_data", PolicyManager, self._user_id, json_ids["policy_id"]) - logger.info(json_rule_to_use) - for json_subject_id in json_subject_ids["subject"]: - for json_object_id in json_object_ids["object"]: - for json_action_id in json_action_ids["action"]: - json_to_use["rule"] = [json_subject_id, json_object_id, json_action_id] - try: - logger.info("Adding / updating a rule from json {}".format(json_to_use)) - PolicyManager.add_rule(self._user_id, json_ids["policy_id"], json_to_use["meta_rule_id"], json_to_use) - except exceptions.RuleExisting: - pass - except exceptions.PolicyUnknown: - raise UnknownPolicy("Unknown policy with id {}".format(json_ids["policy_id"])) + + meta_rule = ModelManager.get_meta_rules(self._user_id, json_to_use["meta_rule_id"]) + meta_rule = [v for v in meta_rule.values()] + meta_rule = meta_rule[0] + + json_to_use_rule = self._reorder_rules_ids(json_rule, meta_rule["subject_categories"], json_subject_ids["subject"], json_ids["policy_id"], PolicyManager.get_subject_data) + json_to_use_rule = json_to_use_rule + self._reorder_rules_ids(json_rule, meta_rule["object_categories"], json_object_ids["object"], json_ids["policy_id"], PolicyManager.get_object_data) + json_to_use_rule = json_to_use_rule + self._reorder_rules_ids(json_rule, meta_rule["action_categories"], json_action_ids["action"], json_ids["policy_id"], PolicyManager.get_action_data) + json_to_use["rule"] = json_to_use_rule + try: + logger.info("Adding / updating a rule from json {}".format(json_to_use)) + PolicyManager.add_rule(self._user_id, json_ids["policy_id"], json_to_use["meta_rule_id"], json_to_use) + except exceptions.RuleExisting: + pass + except exceptions.PolicyUnknown: + raise UnknownPolicy("Unknown policy with id {}".format(json_ids["policy_id"])) def _import_meta_rules(self, json_meta_rules): logger.info("Input meta rules : {}".format(json_meta_rules)) diff --git a/moon_manager/moon_manager/api/rules.py b/moon_manager/moon_manager/api/rules.py index e6c46bf4..57dcd45c 100644 --- a/moon_manager/moon_manager/api/rules.py +++ b/moon_manager/moon_manager/api/rules.py @@ -40,9 +40,9 @@ class Rules(Resource): "policy_id": "policy_id1", "meta_rule_id": "meta_rule_id1", "rule_id1": - ["subject_data_id1", "object_data_id1", "action_data_id1"], + ["subject_data_id1", "subject_data_id2", "object_data_id1", "action_data_id1"], "rule_id2": - ["subject_data_id2", "object_data_id2", "action_data_id2"], + ["subject_data_id3", "subject_data_id4", "object_data_id2", "action_data_id2"], ] } :internal_api: get_rules -- cgit 1.2.3-korg