def update_rule(rule_id=None, name=None, rule=None):
"""Update a rule from the system.
:param rule_id: Rule id to be updated
:param name: The new name
:param rule: The new rule
:return Rule information
"""
if name is None and rule is None:
raise WazuhError(4001)
result = AffectedItemsWazuhResult(
none_msg='Security rule was not updated',
all_msg='Security rule was successfully updated')
with RulesManager() as rum:
status = rum.update_rule(rule_id=rule_id[0], name=name, rule=rule)
if status == SecurityError.ALREADY_EXIST:
result.add_failed_item(id_=int(rule_id[0]), error=WazuhError(4005))
elif status == SecurityError.INVALID:
result.add_failed_item(id_=int(rule_id[0]), error=WazuhError(4003))
elif status == SecurityError.RULE_NOT_EXIST:
result.add_failed_item(id_=int(rule_id[0]), error=WazuhError(4022))
elif status == SecurityError.ADMIN_RESOURCES:
result.add_failed_item(id_=int(rule_id[0]), error=WazuhError(4008))
else:
updated = rum.get_rule(rule_id[0])
result.affected_items.append(updated)
result.total_affected_items += 1
invalid_roles_tokens(roles=updated['roles'])
return result
def remove_policies(policy_ids=None):
"""Removes a certain policy from the system
:param policy_ids: ID of the policy to be removed (All for all policies)
:return Result of operation
"""
result = AffectedItemsWazuhResult(
none_msg='No policy was deleted',
some_msg='Some policies were not deleted',
all_msg='All specified policies were deleted')
with PoliciesManager() as pm:
for p_id in policy_ids:
policy = pm.get_policy_id(int(p_id))
policy_delete = pm.delete_policy(int(p_id))
if policy_delete == SecurityError.ADMIN_RESOURCES:
result.add_failed_item(id_=int(p_id), error=WazuhError(4008))
elif policy_delete == SecurityError.RELATIONSHIP_ERROR:
result.add_failed_item(id_=int(p_id), error=WazuhError(4025))
elif not policy_delete:
result.add_failed_item(id_=int(p_id), error=WazuhError(4007))
elif policy:
result.affected_items.append(policy)
result.total_affected_items += 1
invalid_roles_tokens(roles=policy['roles'])
result.affected_items = sorted(result.affected_items,
key=lambda i: i['id'])
return result
def remove_rules(rule_ids=None):
"""Remove a rule from the system.
:param rule_ids: List of rule ids (None for all rules)
:return Result of operation
"""
result = AffectedItemsWazuhResult(
none_msg='No security rule was deleted',
some_msg='Some security rules were not deleted',
all_msg='All specified security rules were deleted')
with RulesManager() as rum:
for r_id in rule_ids:
rule = rum.get_rule(int(r_id))
role_delete = rum.delete_rule(int(r_id))
if role_delete == SecurityError.ADMIN_RESOURCES:
result.add_failed_item(id_=int(r_id), error=WazuhError(4008))
elif role_delete == SecurityError.RELATIONSHIP_ERROR:
result.add_failed_item(id_=int(r_id), error=WazuhError(4025))
elif not role_delete:
result.add_failed_item(id_=int(r_id), error=WazuhError(4022))
elif rule:
result.affected_items.append(rule)
result.total_affected_items += 1
invalid_roles_tokens(roles=rule['roles'])
result.affected_items = sorted(result.affected_items,
key=lambda i: i['id'])
return result
def update_role(role_id=None, name=None):
"""Updates a role in the system
:param role_id: Role id to be update
:param name: The new role name
:return Role information
"""
if name is None:
raise WazuhError(4001)
result = AffectedItemsWazuhResult(none_msg='Role was not updated',
all_msg='Role was successfully updated')
with RolesManager() as rm:
status = rm.update_role(role_id=role_id[0], name=name)
if status == SecurityError.ALREADY_EXIST:
result.add_failed_item(id_=int(role_id[0]), error=WazuhError(4005))
elif status == SecurityError.INVALID:
result.add_failed_item(id_=int(role_id[0]), error=WazuhError(4003))
elif status == SecurityError.ROLE_NOT_EXIST:
result.add_failed_item(id_=int(role_id[0]), error=WazuhError(4002))
elif status == SecurityError.ADMIN_RESOURCES:
result.add_failed_item(id_=int(role_id[0]), error=WazuhError(4008))
else:
updated = rm.get_role_id(int(role_id[0]))
result.affected_items.append(updated)
result.total_affected_items += 1
invalid_roles_tokens(roles=role_id)
return result
def remove_role_policy(role_id, policy_ids):
"""Removes a relationship between a role and a policy
:param role_id: The new role_id
:param policy_ids: List of policies ids
:return Result of operation
"""
result = AffectedItemsWazuhResult(none_msg=f'No policy was unlinked from role {role_id[0]}',
some_msg=f'Some policies were not unlinked from role {role_id[0]}',
all_msg=f'All policies were unlinked from role {role_id[0]}')
success = False
with RolesPoliciesManager() as rpm:
for policy_id in policy_ids:
policy_id = int(policy_id)
role_policy = rpm.remove_policy_in_role(role_id=role_id[0], policy_id=policy_id)
if role_policy == SecurityError.INVALID:
result.add_failed_item(id_=policy_id, error=WazuhError(4010))
elif role_policy == SecurityError.ROLE_NOT_EXIST:
result.add_failed_item(id_=int(role_id[0]), error=WazuhError(4002))
elif role_policy == SecurityError.POLICY_NOT_EXIST:
result.add_failed_item(id_=policy_id, error=WazuhError(4007))
elif role_policy == SecurityError.ADMIN_RESOURCES:
result.add_failed_item(id_=int(role_id[0]), error=WazuhError(4008))
else:
success = True
result.total_affected_items += 1
if success:
with RolesManager() as rm:
result.affected_items.append(rm.get_role_id(role_id=role_id[0]))
role = rm.get_role_id(role_id=role_id[0])
invalid_roles_tokens(roles=[role['id']])
result.affected_items.sort(key=str)
return result
def update_policy(policy_id=None, name=None, policy=None):
"""Updates a policy in the system
:param policy_id: Policy id to be update
:param name: The new policy name
:param policy: The new policy
:return Policy information
"""
if name is None and policy is None:
raise WazuhError(4001)
result = AffectedItemsWazuhResult(none_msg='Policy was not updated',
all_msg='Policy was successfully updated')
with PoliciesManager() as pm:
status = pm.update_policy(policy_id=policy_id[0], name=name, policy=policy)
if status == SecurityError.ALREADY_EXIST:
result.add_failed_item(id_=int(policy_id[0]), error=WazuhError(4013))
elif status == SecurityError.INVALID:
result.add_failed_item(id_=int(policy_id[0]), error=WazuhError(4006))
elif status == SecurityError.POLICY_NOT_EXIST:
result.add_failed_item(id_=int(policy_id[0]), error=WazuhError(4007))
elif status == SecurityError.ADMIN_RESOURCES:
result.add_failed_item(id_=int(policy_id[0]), error=WazuhError(4008))
else:
updated = pm.get_policy_id(int(policy_id[0]))
result.affected_items.append(updated)
result.total_affected_items += 1
invalid_roles_tokens(roles=updated['roles'])
return result
def remove_roles(role_ids):
"""Removes a certain role from the system
:param role_ids: List of roles ids (None for all roles)
:return Result of operation
"""
result = AffectedItemsWazuhResult(
none_msg='No role was deleted',
some_msg='Some roles were not deleted',
all_msg='All specified roles were deleted')
with RolesManager() as rm:
for r_id in role_ids:
role = rm.get_role_id(int(r_id))
role_delete = rm.delete_role(int(r_id))
if role_delete == SecurityError.ADMIN_RESOURCES:
result.add_failed_item(id_=r_id, error=WazuhError(4008))
elif not role_delete:
result.add_failed_item(id_=r_id, error=WazuhError(4002))
elif role:
result.affected_items.append(role)
result.total_affected_items += 1
invalid_roles_tokens(
roles=[role['id'] for role in result.affected_items])
result.affected_items = sorted(result.affected_items,
key=lambda i: i['id'])
return result
def set_role_policy(role_id, policy_ids, position=None):
"""Create a relationship between a role and a policy
Parameters
----------
role_id : int
The new role_id
policy_ids : list of int
List of policy IDs
position : int
Position where the new role will be inserted
Returns
-------
dict
Role-Policies information
"""
result = AffectedItemsWazuhResult(
none_msg=f'No link was created to role {role_id[0]}',
some_msg=f'Some policies were not linked to role {role_id[0]}',
all_msg=f'All policies were linked to role {role_id[0]}')
success = False
with RolesPoliciesManager() as rpm:
for policy_id in policy_ids:
policy_id = int(policy_id)
role_policy = rpm.add_policy_to_role(role_id=role_id[0],
policy_id=policy_id,
position=position)
if role_policy == SecurityError.ALREADY_EXIST:
result.add_failed_item(id_=policy_id, error=WazuhError(4011))
elif role_policy == SecurityError.ROLE_NOT_EXIST:
result.add_failed_item(id_=int(role_id[0]),
error=WazuhError(4002))
elif role_policy == SecurityError.POLICY_NOT_EXIST:
result.add_failed_item(id_=policy_id, error=WazuhError(4007))
elif role_policy == SecurityError.ADMIN_RESOURCES:
result.add_failed_item(id_=int(role_id[0]),
error=WazuhError(4008))
else:
success = True
result.total_affected_items += 1
if position is not None:
position += 1
if success:
with RolesManager() as rm:
result.affected_items.append(
rm.get_role_id(role_id=role_id[0]))
role = rm.get_role_id(role_id=role_id[0])
invalid_roles_tokens(roles=[role['id']])
result.affected_items.sort(key=str)
return result
def test_invalid_roles_tokens(db_setup, role_list, expected_roles):
"""Check that the argument passed to `TokenManager.add_user_roles_rules` formed by `roles` is correct.
Parameters
----------
role_list : list
List of roles.
expected_roles : set
Expected roles.
"""
with patch('wazuh.security.TokenManager.add_user_roles_rules') as TM_mock:
_, _, core_security = db_setup
core_security.invalid_roles_tokens(roles=[role_id for role_id in role_list])
assert set(TM_mock.call_args.kwargs['roles']) == expected_roles
