From 2e35a7e46f0929438c1c206e3116caa829f07dc6 Mon Sep 17 00:00:00 2001 From: Thomas Duval Date: Fri, 5 Oct 2018 16:54:37 +0200 Subject: Update code to 4.6 official version Change-Id: Ibd0da0e476e24b2685f54693efc11f7a58d40a62 --- moon_manager/moon_manager/api/assignments.py | 96 +++++++++++++++++++++++----- 1 file changed, 80 insertions(+), 16 deletions(-) (limited to 'moon_manager/moon_manager/api/assignments.py') diff --git a/moon_manager/moon_manager/api/assignments.py b/moon_manager/moon_manager/api/assignments.py index 426789e6..9bc54b2d 100644 --- a/moon_manager/moon_manager/api/assignments.py +++ b/moon_manager/moon_manager/api/assignments.py @@ -6,10 +6,11 @@ Assignments allow to connect data with elements of perimeter """ - +import flask from flask import request from flask_restful import Resource import logging +import requests from python_moonutilities.security_functions import check_auth from python_moondb.core import PolicyManager from python_moonutilities.security_functions import validate_input @@ -19,6 +20,35 @@ __version__ = "4.3.2" logger = logging.getLogger("moon.manager.api." + __name__) +def invalidate_data_in_slaves( + policy_id, + perimeter_id, + category_id, + data_id): + slaves = requests.get("http://{}/slaves".format(request.host)).json().get("slaves") + for slave in slaves: + if not slave.get("configured", False): + continue + try: + update = requests.put("http://{}:{}/update".format( + slave.get("wrapper_name"), slave.get("internal_port")), + data={ + "policy_id": policy_id, + "perimeter_id": perimeter_id, + "category_id": category_id, + "data_id": data_id + }, + timeout=1 + ) + logger.info("result {} {}:{} = {}".format( + update.status_code, + slave.get("wrapper_name"), + slave.get("internal_port"), + update.text)) + except requests.exceptions.ConnectionError: + logger.warning("Cannot reach {}:{}".format(slave.get("wrapper_name"), slave.get("port"))) + + class SubjectAssignments(Resource): """ Endpoint for subject assignment requests @@ -32,9 +62,9 @@ class SubjectAssignments(Resource): "/policies//subject_assignments///", ) - @validate_input("get", kwargs_state=[True, False, False,False,False]) + @validate_input("get", kwargs_state=[True, False, False, False, False]) @check_auth - def get(self, uuid, perimeter_id=None, category_id=None, + def get(self, uuid=None, perimeter_id=None, category_id=None, data_id=None, user_id=None): """Retrieve all subject assignments or a specific one for a given policy @@ -60,9 +90,10 @@ class SubjectAssignments(Resource): return {"subject_assignments": data} - @validate_input("post", kwargs_state=[True, False, False, False, False], body_state={"id":True, "category_id":True, "data_id":True}) + @validate_input("post", kwargs_state=[True, False, False, False, False], + body_state={"id": True, "category_id": True, "data_id": True}) @check_auth - def post(self, uuid, perimeter_id=None, category_id=None, + def post(self, uuid=None, perimeter_id=None, category_id=None, data_id=None, user_id=None): """Create a subject assignment. @@ -93,11 +124,17 @@ class SubjectAssignments(Resource): user_id=user_id, policy_id=uuid, subject_id=perimeter_id, category_id=category_id, data_id=data_id) + invalidate_data_in_slaves( + policy_id=uuid, + perimeter_id=perimeter_id, + category_id=category_id, + data_id=data_id) + return {"subject_assignments": data} @validate_input("delete", kwargs_state=[True, True, True, True, False]) @check_auth - def delete(self, uuid, perimeter_id=None, category_id=None, + def delete(self, uuid=None, perimeter_id=None, category_id=None, data_id=None, user_id=None): """Delete a subject assignment for a given policy @@ -117,6 +154,11 @@ class SubjectAssignments(Resource): user_id=user_id, policy_id=uuid, subject_id=perimeter_id, category_id=category_id, data_id=data_id) + invalidate_data_in_slaves( + policy_id=uuid, + perimeter_id=perimeter_id, + category_id=category_id, + data_id=data_id) return {"result": True} @@ -134,9 +176,9 @@ class ObjectAssignments(Resource): "/policies//object_assignments///", ) - @validate_input("get", kwargs_state=[True, False, False,False,False]) + @validate_input("get", kwargs_state=[True, False, False, False, False]) @check_auth - def get(self, uuid, perimeter_id=None, category_id=None, + def get(self, uuid=None, perimeter_id=None, category_id=None, data_id=None, user_id=None): """Retrieve all object assignment or a specific one for a given policy @@ -162,9 +204,10 @@ class ObjectAssignments(Resource): return {"object_assignments": data} - @validate_input("post", kwargs_state=[True, False, False, False, False], body_state={"id":True, "category_id":True, "data_id":True}) + @validate_input("post", kwargs_state=[True, False, False, False, False], + body_state={"id": True, "category_id": True, "data_id": True}) @check_auth - def post(self, uuid, perimeter_id=None, category_id=None, + def post(self, uuid=None, perimeter_id=None, category_id=None, data_id=None, user_id=None): """Create an object assignment. @@ -196,12 +239,17 @@ class ObjectAssignments(Resource): user_id=user_id, policy_id=uuid, object_id=perimeter_id, category_id=category_id, data_id=data_id) + invalidate_data_in_slaves( + policy_id=uuid, + perimeter_id=perimeter_id, + category_id=category_id, + data_id=data_id) return {"object_assignments": data} @validate_input("delete", kwargs_state=[True, True, True, True, False]) @check_auth - def delete(self, uuid, perimeter_id=None, category_id=None, + def delete(self, uuid=None, perimeter_id=None, category_id=None, data_id=None, user_id=None): """Delete a object assignment for a given policy @@ -220,6 +268,11 @@ class ObjectAssignments(Resource): user_id=user_id, policy_id=uuid, object_id=perimeter_id, category_id=category_id, data_id=data_id) + invalidate_data_in_slaves( + policy_id=uuid, + perimeter_id=perimeter_id, + category_id=category_id, + data_id=data_id) return {"result": True} @@ -237,9 +290,9 @@ class ActionAssignments(Resource): "/policies//action_assignments///", ) - @validate_input("get", kwargs_state=[True, False, False,False,False]) + @validate_input("get", kwargs_state=[True, False, False, False, False]) @check_auth - def get(self, uuid, perimeter_id=None, category_id=None, + def get(self, uuid=None, perimeter_id=None, category_id=None, data_id=None, user_id=None): """Retrieve all action assignment or a specific one for a given policy @@ -264,9 +317,10 @@ class ActionAssignments(Resource): return {"action_assignments": data} - @validate_input("post", kwargs_state=[True, False, False, False, False], body_state={"id":True, "category_id":True, "data_id":True}) + @validate_input("post", kwargs_state=[True, False, False, False, False], + body_state={"id": True, "category_id": True, "data_id": True}) @check_auth - def post(self, uuid, perimeter_id=None, category_id=None, + def post(self, uuid=None, perimeter_id=None, category_id=None, data_id=None, user_id=None): """Create an action assignment. @@ -298,12 +352,17 @@ class ActionAssignments(Resource): user_id=user_id, policy_id=uuid, action_id=perimeter_id, category_id=category_id, data_id=data_id) + invalidate_data_in_slaves( + policy_id=uuid, + perimeter_id=perimeter_id, + category_id=category_id, + data_id=data_id) return {"action_assignments": data} @validate_input("delete", kwargs_state=[True, True, True, True, False]) @check_auth - def delete(self, uuid, perimeter_id=None, category_id=None, + def delete(self, uuid=None, perimeter_id=None, category_id=None, data_id=None, user_id=None): """Delete a action assignment for a given policy @@ -323,5 +382,10 @@ class ActionAssignments(Resource): user_id=user_id, policy_id=uuid, action_id=perimeter_id, category_id=category_id, data_id=data_id) + invalidate_data_in_slaves( + policy_id=uuid, + perimeter_id=perimeter_id, + category_id=category_id, + data_id=data_id) return {"result": True} -- cgit 1.2.3-korg