From 2dbe655587ca98b67c1a3e3798c63fd47229adc0 Mon Sep 17 00:00:00 2001 From: Thomas Duval Date: Tue, 19 Jun 2018 16:13:31 +0200 Subject: Update code to 4.5 official version Change-Id: I5075da0e2a3247ae1564f21b358748f482b75aa4 --- moon_manager/moon_manager/api/assignments.py | 149 +++++++--------- moon_manager/moon_manager/api/data.py | 124 +++++-------- moon_manager/moon_manager/api/json_import.py | 88 ++++------ moon_manager/moon_manager/api/meta_data.py | 101 ++++------- moon_manager/moon_manager/api/meta_rules.py | 51 ++---- moon_manager/moon_manager/api/models.py | 45 ++--- moon_manager/moon_manager/api/pdp.py | 83 ++++----- moon_manager/moon_manager/api/perimeter.py | 254 ++++++++++++--------------- moon_manager/moon_manager/api/policies.py | 50 +++--- moon_manager/moon_manager/api/rules.py | 37 ++-- moon_manager/moon_manager/api/slaves.py | 12 +- 11 files changed, 397 insertions(+), 597 deletions(-) (limited to 'moon_manager/moon_manager/api') diff --git a/moon_manager/moon_manager/api/assignments.py b/moon_manager/moon_manager/api/assignments.py index a1d10ccb..426789e6 100644 --- a/moon_manager/moon_manager/api/assignments.py +++ b/moon_manager/moon_manager/api/assignments.py @@ -53,17 +53,14 @@ class SubjectAssignments(Resource): } :internal_api: get_subject_assignments """ - try: - data = PolicyManager.get_subject_assignments( - user_id=user_id, policy_id=uuid, - subject_id=perimeter_id, category_id=category_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = PolicyManager.get_subject_assignments( + user_id=user_id, policy_id=uuid, + subject_id=perimeter_id, category_id=category_id) + return {"subject_assignments": data} - @validate_input("post", kwargs_state=[True, False, False, False, False], body_state=[True, True, True]) + @validate_input("post", kwargs_state=[True, False, False, False, False], body_state={"id":True, "category_id":True, "data_id":True}) @check_auth def post(self, uuid, perimeter_id=None, category_id=None, data_id=None, user_id=None): @@ -89,18 +86,13 @@ class SubjectAssignments(Resource): } :internal_api: update_subject_assignment """ - try: - data_id = request.json.get("data_id") - category_id = request.json.get("category_id") - perimeter_id = request.json.get("id") - data = PolicyManager.add_subject_assignment( - user_id=user_id, policy_id=uuid, - subject_id=perimeter_id, category_id=category_id, - data_id=data_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + data_id = request.json.get("data_id") + category_id = request.json.get("category_id") + perimeter_id = request.json.get("id") + data = PolicyManager.add_subject_assignment( + user_id=user_id, policy_id=uuid, + subject_id=perimeter_id, category_id=category_id, + data_id=data_id) return {"subject_assignments": data} @validate_input("delete", kwargs_state=[True, True, True, True, False]) @@ -120,15 +112,12 @@ class SubjectAssignments(Resource): } :internal_api: delete_subject_assignment """ - try: - data = PolicyManager.delete_subject_assignment( - user_id=user_id, policy_id=uuid, - subject_id=perimeter_id, category_id=category_id, - data_id=data_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = PolicyManager.delete_subject_assignment( + user_id=user_id, policy_id=uuid, + subject_id=perimeter_id, category_id=category_id, + data_id=data_id) + return {"result": True} @@ -166,17 +155,14 @@ class ObjectAssignments(Resource): } :internal_api: get_object_assignments """ - try: - data = PolicyManager.get_object_assignments( - user_id=user_id, policy_id=uuid, - object_id=perimeter_id, category_id=category_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = PolicyManager.get_object_assignments( + user_id=user_id, policy_id=uuid, + object_id=perimeter_id, category_id=category_id) + return {"object_assignments": data} - @validate_input("post", kwargs_state=[True, False, False, False, False], body_state=[True, True, True]) + @validate_input("post", kwargs_state=[True, False, False, False, False], body_state={"id":True, "category_id":True, "data_id":True}) @check_auth def post(self, uuid, perimeter_id=None, category_id=None, data_id=None, user_id=None): @@ -202,18 +188,15 @@ class ObjectAssignments(Resource): } :internal_api: update_object_assignment """ - try: - data_id = request.json.get("data_id") - category_id = request.json.get("category_id") - perimeter_id = request.json.get("id") - data = PolicyManager.add_object_assignment( - user_id=user_id, policy_id=uuid, - object_id=perimeter_id, category_id=category_id, - data_id=data_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data_id = request.json.get("data_id") + category_id = request.json.get("category_id") + perimeter_id = request.json.get("id") + data = PolicyManager.add_object_assignment( + user_id=user_id, policy_id=uuid, + object_id=perimeter_id, category_id=category_id, + data_id=data_id) + return {"object_assignments": data} @validate_input("delete", kwargs_state=[True, True, True, True, False]) @@ -233,15 +216,11 @@ class ObjectAssignments(Resource): } :internal_api: delete_object_assignment """ - try: - data = PolicyManager.delete_object_assignment( - user_id=user_id, policy_id=uuid, - object_id=perimeter_id, category_id=category_id, - data_id=data_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + data = PolicyManager.delete_object_assignment( + user_id=user_id, policy_id=uuid, + object_id=perimeter_id, category_id=category_id, + data_id=data_id) + return {"result": True} @@ -279,17 +258,13 @@ class ActionAssignments(Resource): } :internal_api: get_action_assignments """ - try: - data = PolicyManager.get_action_assignments( - user_id=user_id, policy_id=uuid, - action_id=perimeter_id, category_id=category_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + data = PolicyManager.get_action_assignments( + user_id=user_id, policy_id=uuid, + action_id=perimeter_id, category_id=category_id) + return {"action_assignments": data} - @validate_input("post", kwargs_state=[True, False, False, False, False], body_state=[True, True, True]) + @validate_input("post", kwargs_state=[True, False, False, False, False], body_state={"id":True, "category_id":True, "data_id":True}) @check_auth def post(self, uuid, perimeter_id=None, category_id=None, data_id=None, user_id=None): @@ -315,18 +290,15 @@ class ActionAssignments(Resource): } :internal_api: update_action_assignment """ - try: - data_id = request.json.get("data_id") - category_id = request.json.get("category_id") - perimeter_id = request.json.get("id") - data = PolicyManager.add_action_assignment( - user_id=user_id, policy_id=uuid, - action_id=perimeter_id, category_id=category_id, - data_id=data_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data_id = request.json.get("data_id") + category_id = request.json.get("category_id") + perimeter_id = request.json.get("id") + data = PolicyManager.add_action_assignment( + user_id=user_id, policy_id=uuid, + action_id=perimeter_id, category_id=category_id, + data_id=data_id) + return {"action_assignments": data} @validate_input("delete", kwargs_state=[True, True, True, True, False]) @@ -346,13 +318,10 @@ class ActionAssignments(Resource): } :internal_api: delete_action_assignment """ - try: - data = PolicyManager.delete_action_assignment( - user_id=user_id, policy_id=uuid, - action_id=perimeter_id, category_id=category_id, - data_id=data_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = PolicyManager.delete_action_assignment( + user_id=user_id, policy_id=uuid, + action_id=perimeter_id, category_id=category_id, + data_id=data_id) + return {"result": True} diff --git a/moon_manager/moon_manager/api/data.py b/moon_manager/moon_manager/api/data.py index 4b22f9dc..d887ac2b 100644 --- a/moon_manager/moon_manager/api/data.py +++ b/moon_manager/moon_manager/api/data.py @@ -54,18 +54,16 @@ class SubjectData(Resource): }] :internal_api: get_subject_data """ - try: - data = PolicyManager.get_subject_data(user_id=user_id, - policy_id=uuid, - category_id=category_id, - data_id=data_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + logger.info("api.get {} {} {}".format(uuid, category_id, data_id)) + data = PolicyManager.get_subject_data(user_id=user_id, + policy_id=uuid, + category_id=category_id, + data_id=data_id) + logger.info("api.get data = {}".format(data)) + return {"subject_data": data} - @validate_input("post", kwargs_state=[True, True, False, False], body_state=[True, False]) + @validate_input("post", kwargs_state=[True, True, False, False], body_state={"name":True}) @check_auth def post(self, uuid, category_id=None, data_id=None, user_id=None): """Create or update a subject. @@ -90,15 +88,11 @@ class SubjectData(Resource): } :internal_api: add_subject_data """ - try: - data = PolicyManager.set_subject_data(user_id=user_id, - policy_id=uuid, + data = PolicyManager.set_subject_data(user_id=user_id, + policy_id=uuid, category_id=category_id, value=request.json) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + return {"subject_data": data} @validate_input("delete", kwargs_state=[True, False, False, False]) @@ -116,14 +110,11 @@ class SubjectData(Resource): }] :internal_api: delete_subject_data """ - try: - data = PolicyManager.delete_subject_data(user_id=user_id, - policy_id=uuid, - data_id=data_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + logger.info("api.delete {} {}".format(uuid, data_id)) + data = PolicyManager.delete_subject_data(user_id=user_id, + policy_id=uuid, + data_id=data_id) + return {"result": True} @@ -162,18 +153,14 @@ class ObjectData(Resource): }] :internal_api: get_object_data """ - try: - data = PolicyManager.get_object_data(user_id=user_id, - policy_id=uuid, - category_id=category_id, - data_id=data_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + data = PolicyManager.get_object_data(user_id=user_id, + policy_id=uuid, + category_id=category_id, + data_id=data_id) + return {"object_data": data} - @validate_input("post", kwargs_state=[True, True, False, False], body_state=[True, False]) + @validate_input("post", kwargs_state=[True, True, False, False], body_state={"name":True}) @check_auth def post(self, uuid, category_id=None, data_id=None, user_id=None): """Create or update a object. @@ -198,15 +185,11 @@ class ObjectData(Resource): } :internal_api: add_object_data """ - try: - data = PolicyManager.add_object_data(user_id=user_id, - policy_id=uuid, - category_id=category_id, - value=request.json) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + data = PolicyManager.add_object_data(user_id=user_id, + policy_id=uuid, + category_id=category_id, + value=request.json) + return {"object_data": data} @validate_input("delete", kwargs_state=[True, False, False, False]) @@ -224,14 +207,10 @@ class ObjectData(Resource): } :internal_api: delete_object_data """ - try: - data = PolicyManager.delete_object_data(user_id=user_id, - policy_id=uuid, - data_id=data_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + data = PolicyManager.delete_object_data(user_id=user_id, + policy_id=uuid, + data_id=data_id) + return {"result": True} @@ -270,18 +249,14 @@ class ActionData(Resource): }] :internal_api: get_action_data """ - try: - data = PolicyManager.get_action_data(user_id=user_id, - policy_id=uuid, - category_id=category_id, - data_id=data_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + data = PolicyManager.get_action_data(user_id=user_id, + policy_id=uuid, + category_id=category_id, + data_id=data_id) + return {"action_data": data} - @validate_input("post", kwargs_state=[True, True, False, False], body_state=[True, False]) + @validate_input("post", kwargs_state=[True, True, False, False], body_state={"name":True}) @check_auth def post(self, uuid, category_id=None, data_id=None, user_id=None): """Create or update a action. @@ -306,15 +281,10 @@ class ActionData(Resource): } :internal_api: add_action_data """ - try: - data = PolicyManager.add_action_data(user_id=user_id, - policy_id=uuid, - category_id=category_id, - value=request.json) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + data = PolicyManager.add_action_data(user_id=user_id, + policy_id=uuid, + category_id=category_id, + value=request.json) return {"action_data": data} @validate_input("delete", kwargs_state=[True, False, False, False]) @@ -332,14 +302,10 @@ class ActionData(Resource): } :internal_api: delete_action_data """ - try: - data = PolicyManager.delete_action_data(user_id=user_id, - policy_id=uuid, - data_id=data_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + data = PolicyManager.delete_action_data(user_id=user_id, + policy_id=uuid, + data_id=data_id) + return {"result": True} diff --git a/moon_manager/moon_manager/api/json_import.py b/moon_manager/moon_manager/api/json_import.py index ae9a21d0..e57a27c1 100644 --- a/moon_manager/moon_manager/api/json_import.py +++ b/moon_manager/moon_manager/api/json_import.py @@ -81,17 +81,15 @@ class JsonImport(Resource): def _reorder_rules_ids(self, rule, ordered_perimeter_categories_ids, json_data_ids, policy_id, get_function): ordered_json_ids = [None]*len(ordered_perimeter_categories_ids) - logger.info("ordered_json_ids {}".format(ordered_json_ids)) - logger.info("json_data_ids {}".format(json_data_ids)) for json_id in json_data_ids: - logger.info("json_id {}".format(json_id)) data = get_function(self._user_id, policy_id, data_id=json_id) data = data[0] - logger.info("data {}".format(data)) if data["category_id"] not in ordered_perimeter_categories_ids: - raise InvalidJson("The category id {} of the rule {} does not match the meta rule".format(data["category_id"], rule)) + raise InvalidJson("The category id {} of the rule {} does not match the meta rule".format( + data["category_id"], rule)) if ordered_json_ids[ordered_perimeter_categories_ids.index(data["category_id"])] is not None: - raise InvalidJson("The category id {} of the rule {} shall not be used twice in the same rule".format(data["category_id"], rule)) + raise InvalidJson("The category id {} of the rule {} shall not be used twice in the same rule".format( + data["category_id"], rule)) ordered_json_ids[ordered_perimeter_categories_ids.index(data["category_id"])] = json_id logger.info(ordered_json_ids) return ordered_json_ids @@ -106,7 +104,8 @@ class JsonImport(Resource): JsonUtils.copy_field_if_exists(json_rule, json_to_use, "enabled", bool, default_value=True) json_ids = dict() - JsonUtils.convert_name_to_id(json_rule, json_ids, "policy", "policy_id", "policy", PolicyManager, self._user_id) + JsonUtils.convert_name_to_id(json_rule, json_ids, "policy", "policy_id", "policy", + PolicyManager, self._user_id) JsonUtils.convert_name_to_id(json_rule, json_to_use, "meta_rule", "meta_rule_id", "meta_rule", ModelManager, self._user_id) json_subject_ids = dict() json_object_ids = dict() @@ -124,7 +123,7 @@ class JsonImport(Resource): json_to_use_rule = json_to_use_rule + self._reorder_rules_ids(json_rule, meta_rule["action_categories"], json_action_ids["action"], json_ids["policy_id"], PolicyManager.get_action_data) json_to_use["rule"] = json_to_use_rule try: - logger.info("Adding / updating a rule from json {}".format(json_to_use)) + logger.debug("Adding / updating a rule from json {}".format(json_to_use)) PolicyManager.add_rule(self._user_id, json_ids["policy_id"], json_to_use["meta_rule_id"], json_to_use) except exceptions.RuleExisting: pass @@ -135,15 +134,14 @@ class JsonImport(Resource): logger.info("Input meta rules : {}".format(json_meta_rules)) for json_meta_rule in json_meta_rules: json_to_use = dict() - logger.info("Input meta rule : {}".format(json_meta_rule)) JsonUtils.copy_field_if_exists(json_meta_rule, json_to_use, "name", str) JsonUtils.copy_field_if_exists(json_meta_rule, json_to_use, "description", str) JsonUtils.convert_names_to_ids(json_meta_rule, json_to_use, "subject_categories", "subject_categories", "subject_category", ModelManager, self._user_id) JsonUtils.convert_names_to_ids(json_meta_rule, json_to_use, "object_categories", "object_categories", "object_category", ModelManager, self._user_id) JsonUtils.convert_names_to_ids(json_meta_rule, json_to_use, "action_categories", "action_categories", "action_category", ModelManager, self._user_id) - logger.info("Adding / updating a metarule from json {}".format(json_meta_rule)) + logger.debug("Adding / updating a metarule from json {}".format(json_meta_rule)) meta_rule = ModelManager.add_meta_rule(self._user_id, meta_rule_id=None, value=json_to_use) - logger.info("Added / updated meta rule : {}".format(meta_rule)) + logger.debug("Added / updated meta rule : {}".format(meta_rule)) def _import_subject_object_action_assignments(self, json_item_assignments, type_element): import_method = getattr(PolicyManager, 'add_' + type_element + '_assignment') @@ -178,14 +176,18 @@ class JsonImport(Resource): # find the policy related to the current data data = get_method(self._user_id, policy_id, data_id, json_assignment["category_id"]) if data is not None and len(data) == 1: - logger.info("Adding / updating a {} assignment from json {}".format(type_element, json_assignment)) - import_method(self._user_id, policy_id, json_assignment["id"], json_assignment["category_id"], data_id) + logger.debug("Adding / updating a {} assignment from json {}".format(type_element, + json_assignment)) + import_method(self._user_id, policy_id, json_assignment["id"], json_assignment["category_id"], + data_id) else: raise UnknownData("Unknown data with id {}".format(data_id)) # case the data has not been found in any policies if has_found_data is False: - raise InvalidJson("The json contains unknown {} data or category : {}".format(type_element,json_item_assignment)) + raise InvalidJson("The json contains unknown {} data or category : {}".format( + type_element, + json_item_assignment)) def _import_subject_object_action_datas(self, json_items_data, mandatory_policy_ids, type_element): if type_element == "subject": @@ -201,7 +203,6 @@ class JsonImport(Resource): item_override = JsonUtils.get_override(json_items_data) if item_override is True: raise ForbiddenOverride("{} datas do not support override flag !".format(type_element)) - logger.info("json_item_data {}".format(json_item_data)) json_to_use = dict() JsonUtils.copy_field_if_exists(json_item_data, json_to_use, "name", str) JsonUtils.copy_field_if_exists(json_item_data, json_to_use, "description", str) @@ -209,11 +210,9 @@ class JsonImport(Resource): # field_mandatory : not mandatory if there is some mandatory policies JsonUtils.convert_names_to_ids(json_item_data, json_policy, "policies", "policy_id", "policy", PolicyManager, self._user_id, field_mandatory=len(mandatory_policy_ids) == 0) - logger.info("json_policy {}".format(json_policy)) json_category = dict() JsonUtils.convert_name_to_id(json_item_data, json_category, "category", "category_id", type_element+"_category", ModelManager, self._user_id) - logger.info("json_category {}".format(json_category)) policy_ids = [] if "policy_id" in json_policy: policy_ids = json_policy["policy_id"] @@ -232,15 +231,12 @@ class JsonImport(Resource): for policy_id in mandatory_policy_ids: try: - # existing_datas = get_method(self._user_id, policy_id,category_id=category_id) - # logger.info(existing_datas) - logger.info("Adding / updating a {} data with policy id {} and category id {} from json {}".format(type_element, policy_id, category_id, json_to_use)) data = import_method(self._user_id, policy_id, category_id=category_id, value=json_to_use) - logger.info("Added / updated {} data : {}".format(type_element, data)) except exceptions.PolicyUnknown: raise UnknownPolicy("Unknown policy with id {}".format(policy_id)) except Exception as e: - raise BaseException(str(e)) + logger.exception(str(e)) + raise e def _import_subject_object_action_categories(self, json_item_categories, type_element): import_method = getattr(ModelManager, 'add_' + type_element + '_category') @@ -267,14 +263,13 @@ class JsonImport(Resource): raise ForbiddenOverride("{} categories do not support override flag !".format(type_element)) try: - logger.info("Adding a {} category from json {}".format(type_element, json_to_use)) category = import_method(self._user_id, existing_id, json_to_use) - logger.info("Added category {}".format(category)) except (exceptions.SubjectCategoryExisting, exceptions.ObjectCategoryExisting, exceptions.ActionCategoryExisting): # it already exists: do nothing - logger.info("Ignored {} category with name {} is already in the database".format(type_element, json_to_use["name"])) + logger.warning("Ignored {} category with name {} is already in the database".format(type_element, json_to_use["name"])) except Exception as e: - logger.info("Error while importing the category : {}".format(str(e))) + logger.warning("Error while importing the category : {}".format(str(e))) + logger.exception(str(e)) raise e def _import_subject_object_action(self, json_items, mandatory_policy_ids, type_element): @@ -302,7 +297,7 @@ class JsonImport(Resource): raise ForbiddenOverride("{} does not support override flag !".format(type_element)) if len(policy_ids) == 0: - raise MissingPolicy("a {} needs at least one policy to be created or updated : {}".format(type_element, json.dumps(json_item))) + raise MissingPolicy("a {} needs at least one policy to be created or updated : {}".format(type_element, json.dumps(json_item))) for policy_id in policy_ids: try: @@ -312,16 +307,13 @@ class JsonImport(Resource): if items_in_db[key_in_db]["name"] == json_without_policy_name["name"]: key = key_in_db break - if key is None: - logger.info("Adding a {} from json {} to the policy with id {}".format(type_element, json_without_policy_name, policy_id)) - else: - logger.info("Updating a {} from json {} to the policy with id {}".format(type_element, json_without_policy_name, policy_id)) element = import_method(self._user_id, policy_id, perimeter_id=key, value=json_without_policy_name) - logger.info("Added / updated {} : {}".format(type_element, element)) + logger.debug("Added / updated {} : {}".format(type_element, element)) except exceptions.PolicyUnknown: raise UnknownPolicy("Unknown policy when adding a {}!".format(type_element)) except Exception as e: + logger.exception(str(e)) raise BaseException(str(e)) def _import_policies(self, json_policies): @@ -335,7 +327,7 @@ class JsonImport(Resource): # policy_in_db = PolicyManager.get_policies_by_name(json_without_model_name["name"]) policies = PolicyManager.get_policies(self._user_id) policy_in_db = None - logger.info(policies) + policy_id = None for policy_key in policies: if policies[policy_key]["name"] == json_policy["name"]: policy_in_db = policies[policy_key] @@ -350,9 +342,10 @@ class JsonImport(Resource): policy_mandatory = JsonUtils.get_mandatory(json_policy) if policy_override is False and policy_does_exist: - policy_mandatory_ids.append(policy_id) - logger.warning("Existing policy not updated because of the override option is not set !") - continue + if policy_id: + policy_mandatory_ids.append(policy_id) + logger.warning("Existing policy not updated because of the override option is not set !") + continue json_without_model_name = dict() JsonUtils.copy_field_if_exists(json_policy, json_without_model_name, "name", str) @@ -361,16 +354,14 @@ class JsonImport(Resource): JsonUtils.convert_name_to_id(json_policy, json_without_model_name, "model", "model_id", "model", ModelManager, self._user_id, field_mandatory=False) if not policy_does_exist: - logger.info("Creating policy {} ".format(json_without_model_name)) + logger.debug("Creating policy {} ".format(json_without_model_name)) added_policy = PolicyManager.add_policy(self._user_id, None, json_without_model_name) - logger.info("Added policy {}".format(added_policy)) if policy_mandatory is True: keys = list(added_policy.keys()) policy_mandatory_ids.append(keys[0]) elif policy_override is True: - logger.info("Updating policy {} ".format(json_without_model_name)) + logger.debug("Updating policy {} ".format(json_without_model_name)) updated_policy = PolicyManager.update_policy(self._user_id, policy_id, json_without_model_name) - logger.info("Updated policy {}".format(updated_policy)) if policy_mandatory is True: policy_mandatory_ids.append(policy_id) return policy_mandatory_ids @@ -380,7 +371,7 @@ class JsonImport(Resource): raise InvalidJson("models shall be a list!") for json_model in json_models: - logger.info("json_model {}".format(json_model)) + logger.debug("json_model {}".format(json_model)) models = ModelManager.get_models(self._user_id) model_in_db = None model_id = None @@ -389,19 +380,16 @@ class JsonImport(Resource): model_in_db = models[model_key] model_id = model_key - logger.info("model in db".format(model_in_db)) # this should not occur as the model has been put in db previously in _import_models_without_new_meta_rules if model_in_db is None: - raise UnknownModel("Unknwon model ") + raise UnknownModel("Unknown model ") json_key = dict() JsonUtils.convert_names_to_ids(json_model, json_key, "meta_rules", "meta_rule_id", "meta_rule", ModelManager, self._user_id) - logger.info("json_key {}".format(json_key)) for meta_rule_id in json_key["meta_rule_id"]: if meta_rule_id not in model_in_db["meta_rules"]: model_in_db["meta_rules"].append(meta_rule_id) - logger.info("Updating model with id {} : {} ".format(model_id, model_in_db)) ModelManager.update_model(self._user_id, model_id, model_in_db) def _import_models_without_new_meta_rules(self, json_models): @@ -426,16 +414,14 @@ class JsonImport(Resource): if model_in_db is None: model_does_exist = False else: - logger.info("model_in_db {}".format(model_in_db)) - # JsonUtils.convert_names_to_ids(model_in_db, json_without_new_metarules, "meta_rules", "meta_rule_id", "meta_rule", ModelManager, self._user_id) json_without_new_metarules["meta_rule_id"] = model_in_db["meta_rules"] model_does_exist = True model_override = JsonUtils.get_override(json_model) if not model_does_exist: - logger.info("Creating model {} ".format(json_without_new_metarules)) + logger.debug("Creating model {} ".format(json_without_new_metarules)) ModelManager.add_model(self._user_id, None, json_without_new_metarules) elif model_override is True: - logger.info("Updating model with id {} : {} ".format(model_id, json_without_new_metarules)) + logger.debug("Updating model with id {} : {} ".format(model_id, json_without_new_metarules)) ModelManager.update_model(self._user_id, model_id, json_without_new_metarules) def _import_pdps(self, json_pdps): @@ -462,11 +448,11 @@ class JsonImport(Resource): self._user_id = user_id if 'file' in request.files: file = request.files['file'] - logger.info("Importing {} file...".format(file)) + logger.debug("Importing {} file...".format(file)) json_content = json.load(file) else: json_content = request.json - logger.info("Importing content: {} ...".format(json_content)) + logger.debug("Importing content: {} ...".format(json_content)) # first import the models without the meta rules as they are not yet defined if "models" in json_content: diff --git a/moon_manager/moon_manager/api/meta_data.py b/moon_manager/moon_manager/api/meta_data.py index f3b22d29..62ca050f 100644 --- a/moon_manager/moon_manager/api/meta_data.py +++ b/moon_manager/moon_manager/api/meta_data.py @@ -45,16 +45,12 @@ class SubjectCategories(Resource): } :internal_api: get_subject_categories """ - try: - data = ModelManager.get_subject_categories( - user_id=user_id, category_id=category_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + data = ModelManager.get_subject_categories( + user_id=user_id, category_id=category_id) + return {"subject_categories": data} - @validate_input("post",body_state=[True,False]) + @validate_input("post",body_state={"name":True}) @check_auth def post(self, category_id=None, user_id=None): """Create or update a subject category. @@ -73,13 +69,9 @@ class SubjectCategories(Resource): } :internal_api: add_subject_category """ - try: - data = ModelManager.add_subject_category( - user_id=user_id, value=request.json) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + data = ModelManager.add_subject_category( + user_id=user_id, value=request.json) + return {"subject_categories": data} @validate_input("delete",kwargs_state=[True,False]) @@ -95,13 +87,10 @@ class SubjectCategories(Resource): } :internal_api: delete_subject_category """ - try: - data = ModelManager.delete_subject_category( - user_id=user_id, category_id=category_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = ModelManager.delete_subject_category( + user_id=user_id, category_id=category_id) + return {"result": True} @@ -131,16 +120,12 @@ class ObjectCategories(Resource): } :internal_api: get_object_categories """ - try: - data = ModelManager.get_object_categories( - user_id=user_id, category_id=category_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + data = ModelManager.get_object_categories( + user_id=user_id, category_id=category_id) + return {"object_categories": data} - @validate_input("post", body_state=[True, False]) + @validate_input("post", body_state={"name":True}) @check_auth def post(self, category_id=None, user_id=None): """Create or update a object category. @@ -159,13 +144,10 @@ class ObjectCategories(Resource): } :internal_api: add_object_category """ - try: - data = ModelManager.add_object_category( - user_id=user_id, value=request.json) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = ModelManager.add_object_category( + user_id=user_id, value=request.json) + return {"object_categories": data} @validate_input("delete", kwargs_state=[True, False]) @@ -181,13 +163,10 @@ class ObjectCategories(Resource): } :internal_api: delete_object_category """ - try: - data = ModelManager.delete_object_category( - user_id=user_id, category_id=category_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = ModelManager.delete_object_category( + user_id=user_id, category_id=category_id) + return {"result": True} @@ -217,16 +196,13 @@ class ActionCategories(Resource): } :internal_api: get_action_categories """ - try: - data = ModelManager.get_action_categories( - user_id=user_id, category_id=category_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = ModelManager.get_action_categories( + user_id=user_id, category_id=category_id) + return {"action_categories": data} - @validate_input("post", body_state=[True, False]) + @validate_input("post", body_state={"name":True}) @check_auth def post(self, category_id=None, user_id=None): """Create or update an action category. @@ -245,13 +221,10 @@ class ActionCategories(Resource): } :internal_api: add_action_category """ - try: - data = ModelManager.add_action_category( - user_id=user_id, value=request.json) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = ModelManager.add_action_category( + user_id=user_id, value=request.json) + return {"action_categories": data} @validate_input("delete", kwargs_state=[True, False]) @@ -267,11 +240,7 @@ class ActionCategories(Resource): } :internal_api: delete_action_category """ - try: - data = ModelManager.delete_action_category( - user_id=user_id, category_id=category_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + data = ModelManager.delete_action_category( + user_id=user_id, category_id=category_id) + return {"result": True} diff --git a/moon_manager/moon_manager/api/meta_rules.py b/moon_manager/moon_manager/api/meta_rules.py index afc11eba..3dc9996b 100644 --- a/moon_manager/moon_manager/api/meta_rules.py +++ b/moon_manager/moon_manager/api/meta_rules.py @@ -51,16 +51,13 @@ class MetaRules(Resource): } :internal_api: get_meta_rules """ - try: - data = ModelManager.get_meta_rules( - user_id=user_id, meta_rule_id=meta_rule_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = ModelManager.get_meta_rules( + user_id=user_id, meta_rule_id=meta_rule_id) + return {"meta_rules": data} - @validate_input("post", body_state=[True, True, True, True]) + @validate_input("post", body_state={"name":True, "subject_categories":True, "object_categories":True, "action_categories":True}) @check_auth def post(self, meta_rule_id=None, user_id=None): """Add a meta rule @@ -87,18 +84,15 @@ class MetaRules(Resource): } :internal_api: add_meta_rules """ - try: - data = ModelManager.add_meta_rule( - user_id=user_id, meta_rule_id=None, value=request.json) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = ModelManager.add_meta_rule( + user_id=user_id, meta_rule_id=None, value=request.json) + return {"meta_rules": data} - @validate_input("patch", kwargs_state=[True, False], body_state=[True, True, True, True]) + @validate_input("patch", kwargs_state=[True, False], body_state={"name":True, "subject_categories":True, "object_categories":True, "action_categories":True}) @check_auth - def patch(self, meta_rule_id, user_id=None): + def patch(self, meta_rule_id=None, user_id=None): """Update a meta rule :param meta_rule_id: Meta rule ID @@ -123,18 +117,14 @@ class MetaRules(Resource): } :internal_api: set_meta_rules """ - try: - data = ModelManager.set_meta_rule( - user_id=user_id, meta_rule_id=meta_rule_id, value=request.json) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + data = ModelManager.set_meta_rule( + user_id=user_id, meta_rule_id=meta_rule_id, value=request.json) + return {"meta_rules": data} @validate_input("delete", kwargs_state=[True, False]) @check_auth - def delete(self, meta_rule_id, user_id=None): + def delete(self, meta_rule_id=None, user_id=None): """Delete a meta rule :param meta_rule_id: Meta rule ID @@ -152,12 +142,9 @@ class MetaRules(Resource): } :internal_api: delete_meta_rules """ - try: - data = ModelManager.delete_meta_rule( - user_id=user_id, meta_rule_id=meta_rule_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = ModelManager.delete_meta_rule( + user_id=user_id, meta_rule_id=meta_rule_id) + return {"result": True} diff --git a/moon_manager/moon_manager/api/models.py b/moon_manager/moon_manager/api/models.py index 440a4d2b..c3068367 100644 --- a/moon_manager/moon_manager/api/models.py +++ b/moon_manager/moon_manager/api/models.py @@ -46,15 +46,11 @@ class Models(Resource): } :internal_api: get_models """ - try: - data = ModelManager.get_models(user_id=user_id, model_id=uuid) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + data = ModelManager.get_models(user_id=user_id, model_id=uuid) + return {"models": data} - @validate_input("post", body_state=[True, False, True]) + @validate_input("post", body_state={"name":True, "meta_rules":True}) @check_auth def post(self, uuid=None, user_id=None): """Create model. @@ -75,18 +71,14 @@ class Models(Resource): } :internal_api: add_model """ - try: - data = ModelManager.add_model( - user_id=user_id, model_id=uuid, value=request.json) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + data = ModelManager.add_model( + user_id=user_id, model_id=uuid, value=request.json) + return {"models": data} @validate_input("delete", kwargs_state=[True, False]) @check_auth - def delete(self, uuid, user_id=None): + def delete(self, uuid=None, user_id=None): """Delete a model :param uuid: uuid of the model to delete @@ -97,17 +89,14 @@ class Models(Resource): } :internal_api: delete_model """ - try: - data = ModelManager.delete_model(user_id=user_id, model_id=uuid) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = ModelManager.delete_model(user_id=user_id, model_id=uuid) + return {"result": True} - @validate_input("patch", kwargs_state=[True, False], body_state=[True, False, True]) + @validate_input("patch", kwargs_state=[True, False], body_state={"name":True, "meta_rules":True}) @check_auth - def patch(self, uuid, user_id=None): + def patch(self, uuid=None, user_id=None): """Update a model :param uuid: uuid of the model to update @@ -121,12 +110,8 @@ class Models(Resource): } :internal_api: update_model """ - try: - data = ModelManager.update_model( - user_id=user_id, model_id=uuid, value=request.json) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + data = ModelManager.update_model( + user_id=user_id, model_id=uuid, value=request.json) + return {"models": data} diff --git a/moon_manager/moon_manager/api/pdp.py b/moon_manager/moon_manager/api/pdp.py index fd20c85f..a5d7c007 100644 --- a/moon_manager/moon_manager/api/pdp.py +++ b/moon_manager/moon_manager/api/pdp.py @@ -114,15 +114,12 @@ class PDP(Resource): } :internal_api: get_pdp """ - try: - data = PDPManager.get_pdp(user_id=user_id, pdp_id=uuid) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = PDPManager.get_pdp(user_id=user_id, pdp_id=uuid) + return {"pdps": data} - @validate_input("post", body_state=[True, True, True, False]) + @validate_input("post", body_state={"name": True, "security_pipeline": True, "keystone_project_id": True}) @check_auth def post(self, uuid=None, user_id=None): """Create pdp. @@ -145,23 +142,20 @@ class PDP(Resource): } :internal_api: add_pdp """ - try: - data = dict(request.json) - if not data.get("keystone_project_id"): - data["keystone_project_id"] = None - else: - if check_keystone_pid(data.get("keystone_project_id")): - raise exceptions.PdpKeystoneMappingConflict - data = PDPManager.add_pdp( - user_id=user_id, pdp_id=None, value=request.json) - uuid = list(data.keys())[0] - logger.debug("data={}".format(data)) - logger.debug("uuid={}".format(uuid)) - add_pod(uuid=uuid, data=data[uuid]) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = dict(request.json) + if not data.get("keystone_project_id"): + data["keystone_project_id"] = None + else: + if check_keystone_pid(data.get("keystone_project_id")): + raise exceptions.PdpKeystoneMappingConflict + data = PDPManager.add_pdp( + user_id=user_id, pdp_id=None, value=request.json) + uuid = list(data.keys())[0] + logger.debug("data={}".format(data)) + logger.debug("uuid={}".format(uuid)) + add_pod(uuid=uuid, data=data[uuid]) + return {"pdps": data} @validate_input("delete", kwargs_state=[True, False]) @@ -177,16 +171,12 @@ class PDP(Resource): } :internal_api: delete_pdp """ - try: - data = PDPManager.delete_pdp(user_id=user_id, pdp_id=uuid) - delete_pod(uuid) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + data = PDPManager.delete_pdp(user_id=user_id, pdp_id=uuid) + delete_pod(uuid) + return {"result": True} - @validate_input("patch", kwargs_state=[True, False], body_state=[True, True, True, False]) + @validate_input("patch", kwargs_state=[True, False], body_state={"name": True, "security_pipeline": True, "keystone_project_id": True}) @check_auth def patch(self, uuid, user_id=None): """Update a pdp @@ -203,21 +193,18 @@ class PDP(Resource): } :internal_api: update_pdp """ - try: - _data = dict(request.json) - if not _data.get("keystone_project_id"): - _data["keystone_project_id"] = None - else: - if check_keystone_pid(_data.get("keystone_project_id")): - raise exceptions.PdpKeystoneMappingConflict - data = PDPManager.update_pdp( - user_id=user_id, pdp_id=uuid, value=_data) - logger.debug("data={}".format(data)) - logger.debug("uuid={}".format(uuid)) - add_pod(uuid=uuid, data=data[uuid]) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + _data = dict(request.json) + if not _data.get("keystone_project_id"): + _data["keystone_project_id"] = None + else: + if check_keystone_pid(_data.get("keystone_project_id")): + raise exceptions.PdpKeystoneMappingConflict + data = PDPManager.update_pdp( + user_id=user_id, pdp_id=uuid, value=_data) + logger.debug("data={}".format(data)) + logger.debug("uuid={}".format(uuid)) + add_pod(uuid=uuid, data=data[uuid]) + return {"pdps": data} diff --git a/moon_manager/moon_manager/api/perimeter.py b/moon_manager/moon_manager/api/perimeter.py index 014aa4b9..6c39c43d 100644 --- a/moon_manager/moon_manager/api/perimeter.py +++ b/moon_manager/moon_manager/api/perimeter.py @@ -55,21 +55,18 @@ class Subjects(Resource): } :internal_api: get_subjects """ - try: - data = PolicyManager.get_subjects( - user_id=user_id, - policy_id=uuid, - perimeter_id=perimeter_id - ) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = PolicyManager.get_subjects( + user_id=user_id, + policy_id=uuid, + perimeter_id=perimeter_id + ) + return {"subjects": data} - @validate_input("post", body_state=[True, False, False, False]) + @validate_input("post", body_state={"name":True}) @check_auth - def post(self, uuid=None, perimeter_id=None, user_id=None): + def post(self, uuid, perimeter_id=None, user_id=None): """Create or update a subject. :param uuid: uuid of the policy @@ -92,25 +89,22 @@ class Subjects(Resource): } :internal_api: set_subject """ - try: - if not perimeter_id: - data = PolicyManager.get_subjects(user_id=user_id, - policy_id=None) - if 'name' in request.json: - for data_id, data_value in data.items(): - if data_value['name'] == request.json['name']: - perimeter_id = data_id - break - data = PolicyManager.add_subject( - user_id=user_id, policy_id=uuid, - perimeter_id=perimeter_id, value=request.json) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + if not perimeter_id: + data = PolicyManager.get_subjects(user_id=user_id, + policy_id=uuid) + if 'name' in request.json: + for data_id, data_value in data.items(): + if data_value['name'] == request.json['name']: + perimeter_id = data_id + break + data = PolicyManager.add_subject( + user_id=user_id, policy_id=uuid, + perimeter_id=perimeter_id, value=request.json) + return {"subjects": data} - @validate_input("patch", kwargs_state=[False, True, False], body_state=[True, False, False, False]) + @validate_input("patch", kwargs_state=[False, True, False], body_state={"name":True}) @check_auth def patch(self, uuid, perimeter_id=None, user_id=None): """Create or update a subject. @@ -135,22 +129,19 @@ class Subjects(Resource): } :internal_api: set_subject """ - try: - if not perimeter_id: - data = PolicyManager.get_subjects(user_id=user_id, - policy_id=None) - if 'name' in request.json: - for data_id, data_value in data.items(): - if data_value['name'] == request.json['name']: - perimeter_id = data_id - break - data = PolicyManager.add_subject( - user_id=user_id, policy_id=uuid, - perimeter_id=perimeter_id, value=request.json) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + if not perimeter_id: + data = PolicyManager.get_subjects(user_id=user_id, + policy_id=None) + if 'name' in request.json: + for data_id, data_value in data.items(): + if data_value['name'] == request.json['name']: + perimeter_id = data_id + break + data = PolicyManager.add_subject( + user_id=user_id, policy_id=uuid, + perimeter_id=perimeter_id, value=request.json) + return {"subjects": data} @validate_input("delete", kwargs_state=[False, True, False]) @@ -172,13 +163,10 @@ class Subjects(Resource): } :internal_api: delete_subject """ - try: - data = PolicyManager.delete_subject( - user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = PolicyManager.delete_subject( + user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id) + return {"result": True} @@ -213,21 +201,18 @@ class Objects(Resource): } :internal_api: get_objects """ - try: - data = PolicyManager.get_objects( - user_id=user_id, - policy_id=uuid, - perimeter_id=perimeter_id - ) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = PolicyManager.get_objects( + user_id=user_id, + policy_id=uuid, + perimeter_id=perimeter_id + ) + return {"objects": data} - @validate_input("post", body_state=[True, False, False, False]) + @validate_input("post", body_state={"name":True}) @check_auth - def post(self, uuid=None, perimeter_id=None, user_id=None): + def post(self, uuid, perimeter_id=None, user_id=None): """Create or update a object. :param uuid: uuid of the policy @@ -245,23 +230,20 @@ class Objects(Resource): } :internal_api: set_object """ - try: - data = PolicyManager.get_objects(user_id=user_id, policy_id=None) - if 'name' in request.json: - for data_id, data_value in data.items(): - if data_value['name'] == request.json['name']: - perimeter_id = data_id - break - data = PolicyManager.add_object( - user_id=user_id, policy_id=uuid, - perimeter_id=perimeter_id, value=request.json) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = PolicyManager.get_objects(user_id=user_id, policy_id=uuid) + if 'name' in request.json: + for data_id, data_value in data.items(): + if data_value['name'] == request.json['name']: + perimeter_id = data_id + break + data = PolicyManager.add_object( + user_id=user_id, policy_id=uuid, + perimeter_id=perimeter_id, value=request.json) + return {"objects": data} - @validate_input("patch", kwargs_state=[False, True, False], body_state=[True, False, False, False]) + @validate_input("patch", kwargs_state=[False, True, False], body_state={"name":True}) @check_auth def patch(self, uuid, perimeter_id=None, user_id=None): """Create or update a object. @@ -281,20 +263,17 @@ class Objects(Resource): } :internal_api: set_object """ - try: - data = PolicyManager.get_objects(user_id=user_id, policy_id=None) - if 'name' in request.json: - for data_id, data_value in data.items(): - if data_value['name'] == request.json['name']: - perimeter_id = data_id - break - data = PolicyManager.add_object( - user_id=user_id, policy_id=uuid, - perimeter_id=perimeter_id, value=request.json) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = PolicyManager.get_objects(user_id=user_id, policy_id=uuid) + if 'name' in request.json: + for data_id, data_value in data.items(): + if data_value['name'] == request.json['name']: + perimeter_id = data_id + break + data = PolicyManager.add_object( + user_id=user_id, policy_id=uuid, + perimeter_id=perimeter_id, value=request.json) + return {"objects": data} @validate_input("delete", kwargs_state=[False, True, False]) @@ -313,13 +292,10 @@ class Objects(Resource): } :internal_api: delete_object """ - try: - data = PolicyManager.delete_object( - user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = PolicyManager.delete_object( + user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id) + return {"result": True} @@ -354,18 +330,15 @@ class Actions(Resource): } :internal_api: get_actions """ - try: - data = PolicyManager.get_actions( - user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = PolicyManager.get_actions( + user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id) + return {"actions": data} - @validate_input("post", body_state=[True, False, False, False]) + @validate_input("post", body_state={"name":True}) @check_auth - def post(self, uuid=None, perimeter_id=None, user_id=None): + def post(self, uuid, perimeter_id=None, user_id=None): """Create or update a action. :param uuid: uuid of the policy @@ -383,23 +356,20 @@ class Actions(Resource): } :internal_api: set_action """ - try: - data = PolicyManager.get_actions(user_id=user_id, policy_id=None) - if 'name' in request.json: - for data_id, data_value in data.items(): - if data_value['name'] == request.json['name']: - perimeter_id = data_id - break - data = PolicyManager.add_action( - user_id=user_id, policy_id=uuid, - perimeter_id=perimeter_id, value=request.json) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = PolicyManager.get_actions(user_id=user_id, policy_id=uuid) + if 'name' in request.json: + for data_id, data_value in data.items(): + if data_value['name'] == request.json['name']: + perimeter_id = data_id + break + data = PolicyManager.add_action( + user_id=user_id, policy_id=uuid, + perimeter_id=perimeter_id, value=request.json) + return {"actions": data} - @validate_input("patch", kwargs_state=[False, True, False], body_state=[True, False, False, False]) + @validate_input("patch", kwargs_state=[False, True, False], body_state={"name":True}) @check_auth def patch(self, uuid, perimeter_id=None, user_id=None): """Create or update a action. @@ -419,20 +389,17 @@ class Actions(Resource): } :internal_api: set_action """ - try: - data = PolicyManager.get_actions(user_id=user_id, policy_id=None) - if 'name' in request.json: - for data_id, data_value in data.items(): - if data_value['name'] == request.json['name']: - perimeter_id = data_id - break - data = PolicyManager.add_action( - user_id=user_id, policy_id=uuid, - perimeter_id=perimeter_id, value=request.json) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = PolicyManager.get_actions(user_id=user_id, policy_id=uuid) + if 'name' in request.json: + for data_id, data_value in data.items(): + if data_value['name'] == request.json['name']: + perimeter_id = data_id + break + data = PolicyManager.add_action( + user_id=user_id, policy_id=uuid, + perimeter_id=perimeter_id, value=request.json) + return {"actions": data} @validate_input("delete", kwargs_state=[False, True, False]) @@ -451,11 +418,8 @@ class Actions(Resource): } :internal_api: delete_action """ - try: - data = PolicyManager.delete_action( - user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = PolicyManager.delete_action( + user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id) + return {"result": True} diff --git a/moon_manager/moon_manager/api/policies.py b/moon_manager/moon_manager/api/policies.py index 1a9e0bae..9fe237b2 100644 --- a/moon_manager/moon_manager/api/policies.py +++ b/moon_manager/moon_manager/api/policies.py @@ -12,6 +12,8 @@ from flask_restful import Resource import logging from python_moonutilities.security_functions import check_auth from python_moondb.core import PolicyManager +from python_moonutilities.security_functions import validate_input + __version__ = "4.3.2" @@ -30,6 +32,7 @@ class Policies(Resource): "/policies//", ) + @validate_input("get", kwargs_state=[False, False]) @check_auth def get(self, uuid=None, user_id=None): """Retrieve all policies @@ -46,14 +49,12 @@ class Policies(Resource): } :internal_api: get_policies """ - try: - data = PolicyManager.get_policies(user_id=user_id, policy_id=uuid) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = PolicyManager.get_policies(user_id=user_id, policy_id=uuid) + return {"policies": data} + @validate_input("post", body_state={"name": True, "model_id":True}) @check_auth def post(self, uuid=None, user_id=None): """Create policy. @@ -76,17 +77,15 @@ class Policies(Resource): } :internal_api: add_policy """ - try: - data = PolicyManager.add_policy( - user_id=user_id, policy_id=uuid, value=request.json) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = PolicyManager.add_policy( + user_id=user_id, policy_id=uuid, value=request.json) + return {"policies": data} + @validate_input("delete", kwargs_state=[ True, False]) @check_auth - def delete(self, uuid, user_id=None): + def delete(self, uuid=None, user_id=None): """Delete a policy :param uuid: uuid of the policy to delete @@ -97,16 +96,14 @@ class Policies(Resource): } :internal_api: delete_policy """ - try: - data = PolicyManager.delete_policy(user_id=user_id, policy_id=uuid) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = PolicyManager.delete_policy(user_id=user_id, policy_id=uuid) + return {"result": True} + @validate_input("patch", kwargs_state=[True, False], body_state={"name": True, "model_id":True}) @check_auth - def patch(self, uuid, user_id=None): + def patch(self, uuid=None, user_id=None): """Update a policy :param uuid: uuid of the policy to update @@ -121,12 +118,9 @@ class Policies(Resource): } :internal_api: update_policy """ - try: - data = PolicyManager.update_policy( - user_id=user_id, policy_id=uuid, value=request.json) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = PolicyManager.update_policy( + user_id=user_id, policy_id=uuid, value=request.json) + return {"policies": data} diff --git a/moon_manager/moon_manager/api/rules.py b/moon_manager/moon_manager/api/rules.py index ecb066d9..a0248097 100644 --- a/moon_manager/moon_manager/api/rules.py +++ b/moon_manager/moon_manager/api/rules.py @@ -49,17 +49,14 @@ class Rules(Resource): } :internal_api: get_rules """ - try: - data = PolicyManager.get_rules(user_id=user_id, + + data = PolicyManager.get_rules(user_id=user_id, policy_id=uuid, rule_id=rule_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + return {"rules": data} - @validate_input("post", kwargs_state=[True, False, False], body_state=[True, False, False, False]) + @validate_input("post", kwargs_state=[True, False, False], body_state={"meta_rule_id": True, "rule": True, "instructions": True}) @check_auth def post(self, uuid=None, rule_id=None, user_id=None): """Add a rule to a meta rule @@ -111,15 +108,12 @@ class Rules(Resource): :internal_api: add_rule """ args = request.json - try: - data = PolicyManager.add_rule(user_id=user_id, - policy_id=uuid, - meta_rule_id=args['meta_rule_id'], - value=args) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = PolicyManager.add_rule(user_id=user_id, + policy_id=uuid, + meta_rule_id=args['meta_rule_id'], + value=args) + return {"rules": data} @validate_input("delete", kwargs_state=[True, True, False]) @@ -133,12 +127,9 @@ class Rules(Resource): :return: { "result": true } :internal_api: delete_rule """ - try: - data = PolicyManager.delete_rule( - user_id=user_id, policy_id=uuid, rule_id=rule_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = PolicyManager.delete_rule( + user_id=user_id, policy_id=uuid, rule_id=rule_id) + return {"result": True} diff --git a/moon_manager/moon_manager/api/slaves.py b/moon_manager/moon_manager/api/slaves.py index f5b3fa14..769b681f 100644 --- a/moon_manager/moon_manager/api/slaves.py +++ b/moon_manager/moon_manager/api/slaves.py @@ -11,12 +11,11 @@ from flask import request from flask_restful import Resource import logging import requests -import time from python_moonutilities.security_functions import check_auth -from python_moondb.core import PDPManager -from python_moondb.core import PolicyManager -from python_moondb.core import ModelManager -from python_moonutilities import configuration, exceptions + +from python_moonutilities import configuration +from python_moonutilities.security_functions import validate_input + __version__ = "4.3.0" @@ -42,6 +41,7 @@ class Slaves(Resource): self.orchestrator_port = conf["components/orchestrator"].get("port", 80) + @validate_input("get", kwargs_state=[False, False]) @check_auth def get(self, uuid=None, user_id=None): """Retrieve all slaves @@ -66,6 +66,8 @@ class Slaves(Resource): )) return {"slaves": req.json().get("slaves", dict())} + @validate_input("patch", kwargs_state=[False, False], + body_state={"op": True, "variable": True, "value": True}) @check_auth def patch(self, uuid=None, user_id=None): """Update a slave -- cgit 1.2.3-korg