def remove_rule(self, rule_hash, user): ''' Removes the rule that corresponds to the rule_hash that wa returned either from add_rule() or found with get_rules(). If user does not have removal ability, returns an error. ''' if self.rule_table.find_one(hash=rule_hash) == None: raise RuleManagerError("rule_hash doesn't exist: %s" % rule_hash) rule = pickle.loads( str(self.rule_table.find_one(hash=rule_hash)['rule'])) authorized = None try: authorized = AuthorizationInspector.instance().is_authorized( user, rule) #FIXME except Exception as e: raise RuleManagerAuthorizationError( "User %s is not authorized to remove rule %s with exception %s" % (user, rule_hash, str(e))) if authorized != True: raise RuleManagerAuthorizationError( "User %s is not authorized to remove rule %s" % (user, rule_hash)) rule.pre_remove_callback(TopologyManager.instance(), AuthorizationInspector.instance()) self._rm_rule_from_db(rule)
def change_callback_dispatch(self, cookie, data): ''' This is used to handle changes callbacks. It performs four main functions: - Find the policy that this change callback belongs to - Call the change callback with data, possibly receive breakdown to install. - if received breakdown, install it - if received breakdown, update database of installed additional breakdown. ''' table_entry = self.rule_table.find_one(hash=cookie) if table_entry == None: raise RuleManagerError("rule_hash doesn't exist: %s" % rule_hash) policy = pickle.loads(str(table_entry['rule'])) breakdown = policy.switch_change_callback(TopologyManager.instance(), AuthorizationInspector.instance(), data) if breakdown == None: return self._install_breakdown(breakdown) extendedbd = pickle.loads(str(table_entry['extendedbd'])) if extendedbd == None: extendedbd = breakdown else: for entry in breakdown: extendedbd.append(entry) self.rule_table.update({'hash':table_entry['hash'], 'extendedbd':pickle.dumps(extendedbd)}, ['hash'])
def is_valid_rule(self, rule): ''' Checks to see if a rule is valid. True if valid. Raises error describing problem if invalid. ''' #FIXME: I am confused. I cannot find an object named 'rule' anywhere and doing a search in the filesystem for objects that call "check_validity" just takes me back here. I need some clarification please. return rule.check_validity( TopologyManager.instance().get_topology(), AuthorizationInspector.instance().is_authorized)
def get_breakdown(self, rule): ''' Breaks down the given rule to rules that each local controller can handle. Requires a user to verify that the user had the correct permissions determined by the AuthorizationInspector for proposed rules (e.g., if a user cannot create paths through a particular LC, reroute around that LC). ''' try: tm = TopologyManager.instance() ai = AuthorizationInspector.instance() return rule.breakdown_rule(tm, ai) except Exception as e: raise
def add_rule(self, rule): ''' Adds a rule for a particular user. Returns rule hash if successful, failure message based on why the rule installation failed. Also returns a reference to the rule (e.g., a tracking number) so that more details can be retrieved in the future. ''' try: breakdown = self._determine_breakdown(rule) except Exception as e: raise # If everything passes, set the hash, cookie, and breakdown, # put into database rulehash = self._get_new_rule_number() rule.set_rule_hash(rulehash) for entry in breakdown: entry.set_cookie(rulehash) rule.set_breakdown(breakdown) rule.pre_add_callback(TopologyManager.instance(), AuthorizationInspector.instance()) self._add_rule_to_db(rule) return rulehash