def getPolicies( params ): ''' to get all the policies that apply to the given list of params ''' paramsClone = dict( params ) for param in paramsClone: if params[param] is None: del params[param] result = getPoliciesThatApply( params ) if result['OK']: return result['Value'] else: error( "It wasn't possible to execute getPoliciesThatApply, check this: %s" % str(result) )
def isStorageElementAlwaysBanned( self, seName, statusType ): """ Checks if the AlwaysBanned policy is applied to the SE given as parameter :param seName : string, name of the SE :param statusType : ReadAcces, WriteAccess, RemoveAccess, CheckAccess :returns: S_OK(True/False) """ res = getPoliciesThatApply( {'name' : seName, 'statusType' : statusType} ) if not res['OK']: self.log.error( "isStorageElementAlwaysBanned: unable to get the information", res['Message'] ) return res isAlwaysBanned = 'AlwaysBanned' in [policy['type'] for policy in res['Value']] return S_OK( isAlwaysBanned )
def isStorageElementAlwaysBanned(self, seName, statusType): """ Checks if the AlwaysBanned policy is applied to the SE given as parameter :param seName: string, name of the SE :param statusType: ReadAcces, WriteAccess, RemoveAccess, CheckAccess :returns: S_OK(True/False) """ res = getPoliciesThatApply({'name': seName, 'statusType': statusType}) if not res['OK']: self.log.error("isStorageElementAlwaysBanned: unable to get the information", res['Message']) return res isAlwaysBanned = 'AlwaysBanned' in [policy['type'] for policy in res['Value']] return S_OK(isAlwaysBanned)
def takeDecision(self): """ main PDP method which does all the work. If firstly finds all the policies defined in the CS that match <self.decisionParams> and runs them. Once it has all the singlePolicyResults, it combines them. Next step is action discovery: using a similar approach to the one used to discover the policies, but also taking into account the single policy results and their combined result, finds the actions to be triggered and returns. examples: >>> pdp.takeDecision()['Value'].keys() ['singlePolicyResults', 'policyCombinedResult', 'decisionParams'] >>> pdp.takeDecision()['Value']['singlePolicyResults'] [ { 'Status' : 'Active', 'Reason' : 'blah', 'Policy' : { 'name' : 'AlwaysActiveForResource', 'type' : 'AlwaysActive', 'module' : 'AlwaysActivePolicy', 'description' : 'This is the AlwaysActive policy' 'command' : None, 'args' : {} } }, ... ] >>> pdp.takeDecision()['Value']['policyCombinedResult'] { 'Status' : 'Active', 'Reason' : 'blah ###', 'PolicyAction' : [ ( 'policyActionName1', 'policyActionType1' ), ... ] } :return: S_OK( { 'singlePolicyResults' : `list`, 'policyCombinedResult' : `dict`, 'decisionParams' : `dict` } ) / S_ERROR """ if self.decisionParams is None: return S_OK({ 'singlePolicyResults': [], 'policyCombinedResult': {}, 'decisionParams': self.decisionParams }) self.log.verbose("Taking decision") # Policies.................................................................. # Get policies that match self.decisionParams policiesThatApply = getPoliciesThatApply(self.decisionParams) if not policiesThatApply['OK']: return policiesThatApply policiesThatApply = policiesThatApply['Value'] self.log.verbose("Policies that apply: %s" % ', '.join([po['name'] for po in policiesThatApply])) # Evaluate policies singlePolicyResults = self._runPolicies(policiesThatApply) if not singlePolicyResults['OK']: return singlePolicyResults singlePolicyResults = singlePolicyResults['Value'] self.log.verbose("Single policy results: %s" % singlePolicyResults) # Combine policies and get most penalizing status ( see RSSMachine ) policyCombinedResults = self._combineSinglePolicyResults( singlePolicyResults) if not policyCombinedResults['OK']: return policyCombinedResults policyCombinedResults = policyCombinedResults['Value'] self.log.verbose("Combined policy result: %s" % policyCombinedResults) # Actions................................................................... policyActionsThatApply = getPolicyActionsThatApply( self.decisionParams, singlePolicyResults, policyCombinedResults) if not policyActionsThatApply['OK']: return policyActionsThatApply policyActionsThatApply = policyActionsThatApply['Value'] self.log.verbose("Policy actions that apply: %s" % ','.join(pata[0] for pata in policyActionsThatApply)) policyCombinedResults['PolicyAction'] = policyActionsThatApply return S_OK({ 'singlePolicyResults': singlePolicyResults, 'policyCombinedResult': policyCombinedResults, 'decisionParams': self.decisionParams })
def takeDecision( self ): """ main PDP method which does all the work. If firstly finds all the policies defined in the CS that match <self.decisionParams> and runs them. Once it has all the singlePolicyResults, it combines them. Next step is action discovery: using a similar approach to the one used to discover the policies, but also taking into account the single policy results and their combined result, finds the actions to be triggered and returns. examples: >>> pdp.takeDecision()['Value'].keys() ['singlePolicyResults', 'policyCombinedResult', 'decisionParams'] >>> pdp.takeDecision()['Value']['singlePolicyResults'] [ { 'Status' : 'Active', 'Reason' : 'blah', 'Policy' : { 'name' : 'AlwaysActiveForResource', 'type' : 'AlwaysActive', 'module' : 'AlwaysActivePolicy', 'description' : 'This is the AlwaysActive policy' 'command' : None, 'args' : {} } }, ... ] >>> pdp.takeDecision()['Value']['policyCombinedResult'] { 'Status' : 'Active', 'Reason' : 'blah ###', 'PolicyAction' : [ ( 'policyActionName1', 'policyActionType1' ), ... ] } :return: S_OK( { 'singlePolicyResults' : `list`, 'policyCombinedResult' : `dict`, 'decisionParams' : `dict` } ) / S_ERROR """ if self.decisionParams is None: return S_OK( {'singlePolicyResults' : [], 'policyCombinedResult' : {}, 'decisionParams' : self.decisionParams} ) self.log.verbose( "Taking decision" ) # Policies.................................................................. # Get policies that match self.decisionParams policiesThatApply = getPoliciesThatApply( self.decisionParams ) if not policiesThatApply['OK']: return policiesThatApply policiesThatApply = policiesThatApply['Value'] self.log.verbose( "Policies that apply: %s" % ', '.join( [po['name'] for po in policiesThatApply] ) ) # Evaluate policies singlePolicyResults = self._runPolicies( policiesThatApply ) if not singlePolicyResults['OK']: return singlePolicyResults singlePolicyResults = singlePolicyResults['Value'] self.log.verbose( "Single policy results: %s" % singlePolicyResults ) # Combine policies and get most penalizing status ( see RSSMachine ) policyCombinedResults = self._combineSinglePolicyResults( singlePolicyResults ) if not policyCombinedResults['OK']: return policyCombinedResults policyCombinedResults = policyCombinedResults['Value'] self.log.verbose( "Combined policy result: %s" % policyCombinedResults ) # Actions................................................................... policyActionsThatApply = getPolicyActionsThatApply( self.decisionParams, singlePolicyResults, policyCombinedResults ) if not policyActionsThatApply['OK']: return policyActionsThatApply policyActionsThatApply = policyActionsThatApply['Value'] self.log.verbose( "Policy actions that apply: %s" % ','.join( pata[0] for pata in policyActionsThatApply ) ) policyCombinedResults['PolicyAction'] = policyActionsThatApply return S_OK( {'singlePolicyResults' : singlePolicyResults, 'policyCombinedResult' : policyCombinedResults, 'decisionParams' : self.decisionParams} )