def _import_models_with_new_meta_rules(self, json_models):
if not isinstance(json_models, list):
raise InvalidJson("models shall be a list!")
for json_model in json_models:
logger.debug("json_model {}".format(json_model))
models = ModelManager.get_models(self._user_id)
model_in_db = None
model_id = None
for model_key in models:
if ("id" in json_model and model_key == json_model["id"]) or (
"name" in json_model
and models[model_key]["name"] == json_model["name"]):
model_in_db = models[model_key]
model_id = model_key
# this should not occur as the model has been put in db previously in _import_models_without_new_meta_rules
if model_in_db is None:
raise UnknownModel("Unknown model ")
json_key = dict()
JsonUtils.convert_names_to_ids(json_model, json_key, "meta_rules",
"meta_rule_id", "meta_rule",
ModelManager, self._user_id)
for meta_rule_id in json_key["meta_rule_id"]:
if meta_rule_id not in model_in_db["meta_rules"]:
model_in_db["meta_rules"].append(meta_rule_id)
ModelManager.update_model(self._user_id, model_id, model_in_db)
def delete_models(uuid=None, name=None):
from python_moondb.core import ModelManager
if not uuid:
for model_id, model_value in get_models():
if name == model_value['name']:
uuid = model_id
break
ModelManager.delete_model(user_id=None, model_id=uuid)
def post(self, meta_rule_id=None, user_id=None):
"""Add a meta rule
:param meta_rule_id: Meta rule ID (not used here)
:param user_id: user ID who do the request
:request body: post = {
"name": "name of the meta rule (mandatory)",
"subject_categories": ["subject_category_id1 (mandatory)",
"subject_category_id2"],
"object_categories": ["object_category_id1 (mandatory)"],
"action_categories": ["action_category_id1 (mandatory)"]
}
:return: {
"meta_rules": {
"meta_rule_id1": {
"name": "name of the meta rule",
"subject_categories": ["subject_category_id1",
"subject_category_id2"],
"object_categories": ["object_category_id1"],
"action_categories": ["action_category_id1"]
},
}
}
:internal_api: add_meta_rules
"""
data = ModelManager.add_meta_rule(user_id=user_id,
meta_rule_id=None,
value=request.json)
return {"meta_rules": data}
def _import_meta_rules(self, json_meta_rules):
logger.info("Input meta rules : {}".format(json_meta_rules))
for json_meta_rule in json_meta_rules:
json_to_use = dict()
JsonUtils.copy_field_if_exists(json_meta_rule, json_to_use, "name",
str)
JsonUtils.copy_field_if_exists(json_meta_rule, json_to_use,
"description", str)
JsonUtils.convert_names_to_ids(json_meta_rule, json_to_use,
"subject_categories",
"subject_categories",
"subject_category", ModelManager,
self._user_id)
JsonUtils.convert_names_to_ids(json_meta_rule, json_to_use,
"object_categories",
"object_categories",
"object_category", ModelManager,
self._user_id)
JsonUtils.convert_names_to_ids(json_meta_rule, json_to_use,
"action_categories",
"action_categories",
"action_category", ModelManager,
self._user_id)
logger.debug("Adding / updating a metarule from json {}".format(
json_meta_rule))
meta_rule = ModelManager.add_meta_rule(self._user_id,
meta_rule_id=None,
value=json_to_use)
logger.debug("Added / updated meta rule : {}".format(meta_rule))
def post(self, uuid=None, user_id=None):
"""Create model.
:param uuid: uuid of the model (not used here)
:param user_id: user ID who do the request
:request body: {
"name": "...",
"description": "...",
"meta_rules": ["meta_rule_id1", ]
}
:return: {
"model_id1": {
"name": "...",
"description": "...",
"meta_rules": ["meta_rule_id1", ]
}
}
:internal_api: add_model
"""
try:
data = ModelManager.add_model(user_id=user_id,
model_id=uuid,
value=request.json)
except Exception as e:
logger.error(e, exc_info=True)
return {"result": False, "error": str(e)}, 500
return {"models": data}
def add_pod(uuid, data):
if not data.get("keystone_project_id"):
return
logger.info("Add a new pod {}".format(data))
if "pdp_id" not in data:
data["pdp_id"] = uuid
data['policies'] = PolicyManager.get_policies(user_id="admin")
data['models'] = ModelManager.get_models(user_id="admin")
conf = configuration.get_configuration("components/orchestrator")
hostname = conf["components/orchestrator"].get("hostname", "orchestrator")
port = conf["components/orchestrator"].get("port", 80)
proto = conf["components/orchestrator"].get("protocol", "http")
while True:
try:
req = requests.post(
"{}://{}:{}/pods".format(proto, hostname, port),
json=data,
headers={"content-type": "application/json"})
except requests.exceptions.ConnectionError as e:
logger.warning("add_pod: Orchestrator is not ready, standby...")
logger.exception(e)
time.sleep(1)
else:
break
logger.info("Pod add request answer : {}".format(req.text))
def _export_meta_rules(self, json_content):
meta_rules = ModelManager.get_meta_rules(self._user_id)
meta_rules_array = []
# logger.info(meta_rules)
for meta_rule_key in meta_rules:
# logger.info(meta_rules[meta_rule_key])
meta_rule_dict = dict()
JsonUtils.copy_field_if_exists(meta_rules[meta_rule_key],
meta_rule_dict, "name", str)
JsonUtils.copy_field_if_exists(meta_rules[meta_rule_key],
meta_rule_dict, "description", str)
JsonUtils.convert_ids_to_names(
meta_rules[meta_rule_key]["subject_categories"],
meta_rule_dict, "subject_categories", "subject_category",
ModelManager, self._user_id)
JsonUtils.convert_ids_to_names(
meta_rules[meta_rule_key]["object_categories"], meta_rule_dict,
"object_categories", "object_category", ModelManager,
self._user_id)
JsonUtils.convert_ids_to_names(
meta_rules[meta_rule_key]["action_categories"], meta_rule_dict,
"action_categories", "action_category", ModelManager,
self._user_id)
logger.info("Exporting meta rule {}".format(meta_rule_dict))
meta_rules_array.append(meta_rule_dict)
if len(meta_rules_array) > 0:
json_content['meta_rules'] = meta_rules_array
def patch(self, meta_rule_id=None, user_id=None):
"""Update a meta rule
:param meta_rule_id: Meta rule ID
:param user_id: user ID who do the request
:request body: patch = {
"name": "name of the meta rule",
"subject_categories": ["subject_category_id1",
"subject_category_id2"],
"object_categories": ["object_category_id1"],
"action_categories": ["action_category_id1"]
}
:return: {
"meta_rules": {
"meta_rule_id1": {
"name": "name of the meta rule",
"subject_categories": ["subject_category_id1",
"subject_category_id2"],
"object_categories": ["object_category_id1"],
"action_categories": ["action_category_id1"]
},
}
}
:internal_api: set_meta_rules
"""
data = ModelManager.update_meta_rule(user_id=user_id,
meta_rule_id=meta_rule_id,
value=request.json)
return {"meta_rules": data}
def get(self, meta_rule_id=None, user_id=None):
"""Retrieve all sub meta rules
:param meta_rule_id: Meta rule algorithm ID
:param user_id: user ID who do the request
:return: {
"meta_rules": {
"meta_rule_id1": {
"name": "name of the meta rule",
"algorithm": "name of the meta rule algorithm",
"subject_categories": ["subject_category_id1",
"subject_category_id2"],
"object_categories": ["object_category_id1"],
"action_categories": ["action_category_id1"]
},
}
}
:internal_api: get_meta_rules
"""
try:
data = ModelManager.get_meta_rules(
user_id=user_id, meta_rule_id=meta_rule_id)
except Exception as e:
logger.error(e, exc_info=True)
return {"result": False,
"error": str(e)}, 500
return {"meta_rules": data}
def patch(self, meta_rule_id=None, user_id=None):
"""Update a meta rule
:param meta_rule_id: Meta rule ID
:param user_id: user ID who do the request
:request body: patch = {
"name": "name of the meta rule",
"subject_categories": ["subject_category_id1",
"subject_category_id2"],
"object_categories": ["object_category_id1"],
"action_categories": ["action_category_id1"]
}
:return: {
"meta_rules": {
"meta_rule_id1": {
"name": "name of the meta rule",
"subject_categories": ["subject_category_id1",
"subject_category_id2"],
"object_categories": ["object_category_id1"],
"action_categories": ["action_category_id1"]
},
}
}
:internal_api: set_meta_rules
"""
try:
data = ModelManager.set_meta_rule(
user_id=user_id, meta_rule_id=meta_rule_id, value=request.json)
except Exception as e:
logger.error(e, exc_info=True)
return {"result": False,
"error": str(e)}, 500
return {"meta_rules": data}
def _export_rules(self, json_content):
policies = PolicyManager.get_policies(self._user_id)
rules_array = []
for policy_key in policies:
rules = PolicyManager.get_rules(self._user_id, policy_key)
rules = rules["rules"]
# logger.info(rules)
for rule in rules:
rule_dict = dict()
JsonUtils.copy_field_if_exists(rule, rule_dict, "instructions",
dict)
JsonUtils.copy_field_if_exists(rule, rule_dict, "enabled",
True)
JsonUtils.convert_id_to_name(rule["meta_rule_id"], rule_dict,
"meta_rule", "meta_rule",
ModelManager, self._user_id)
JsonUtils.convert_id_to_name(policy_key, rule_dict, "policy",
"policy", PolicyManager,
self._user_id)
ids = rule["rule"]
rule_description = dict()
meta_rule = ModelManager.get_meta_rules(
self._user_id, rule["meta_rule_id"])
meta_rule = [v for v in meta_rule.values()]
meta_rule = meta_rule[0]
index_subject_data = len(meta_rule["subject_categories"]) - 1
index_object_data = len(meta_rule["subject_categories"]) + len(
meta_rule["object_categories"]) - 1
index_action_data = len(meta_rule["subject_categories"]) + len(
meta_rule["object_categories"]) + len(
meta_rule["action_categories"]) - 1
ids_subject_data = [ids[0]] if len(
meta_rule["subject_categories"]
) == 1 else ids[0:index_subject_data]
ids_object_data = [ids[index_object_data]] if len(
meta_rule["object_categories"]
) == 1 else ids[index_subject_data + 1:index_object_data]
ids_action_date = [ids[index_action_data]] if len(
meta_rule["action_categories"]
) == 1 else ids[index_object_data + 1:index_action_data]
JsonUtils.convert_ids_to_names(ids_subject_data,
rule_description,
"subject_data", "subject_data",
PolicyManager, self._user_id,
policy_key)
JsonUtils.convert_ids_to_names(ids_object_data,
rule_description, "object_data",
"object_data", PolicyManager,
self._user_id, policy_key)
JsonUtils.convert_ids_to_names(ids_action_date,
rule_description, "action_data",
"action_data", PolicyManager,
self._user_id, policy_key)
rule_dict["rule"] = rule_description
rules_array.append(rule_dict)
if len(rules_array) > 0:
json_content['rules'] = rules_array
def add_model(model_id=None, value=None):
from python_moondb.core import ModelManager
if not value:
value = {
"name": "MLS",
"description": "test",
"meta_rules": "meta_rule_mls_1"
}
return ModelManager.add_model(user_id=None, model_id=model_id, value=value)
def add_model(model_id=None, value=None):
from python_moondb.core import ModelManager
if not value:
subject_category_id, object_category_id, action_category_id, meta_rule_id = mock_data.create_new_meta_rule()
name = "MLS" if model_id is None else "MLS " + model_id
value = {
"name": name,
"description": "test",
"meta_rules": [meta_rule_id]
}
return ModelManager.add_model(user_id=None, model_id=model_id, value=value)
def _import_models_without_new_meta_rules(self, json_models):
if not isinstance(json_models, list):
raise InvalidJson("models shall be a list!")
for json_model in json_models:
json_without_new_metarules = dict()
JsonUtils.copy_field_if_exists(json_model,
json_without_new_metarules, "name",
str)
# TODO put this in moondb
# model_in_db = ModelManager.get_models_by_name(json_without_new_metarules["name"])
models = ModelManager.get_models(self._user_id)
model_in_db = None
for model_key in models:
if models[model_key]["name"] == json_without_new_metarules[
"name"]:
model_in_db = models[model_key]
model_id = model_key
# end TODO
JsonUtils.copy_field_if_exists(json_model,
json_without_new_metarules,
"description", str)
if model_in_db is None:
model_does_exist = False
else:
json_without_new_metarules["meta_rules"] = model_in_db[
"meta_rules"]
model_does_exist = True
model_override = JsonUtils.get_override(json_model)
if not model_does_exist:
logger.debug(
"Creating model {} ".format(json_without_new_metarules))
ModelManager.add_model(self._user_id, None,
json_without_new_metarules)
elif model_override is True:
logger.debug("Updating model with id {} : {} ".format(
model_id, json_without_new_metarules))
ModelManager.update_model(self._user_id, model_id,
json_without_new_metarules)
def set_meta_rule(meta_rule_id, value=None):
from python_moondb.core import ModelManager
if not value:
value = {
"name": "MLS_meta_rule",
"description": "test",
"subject_categories": ["user_security_level_id_1"],
"object_categories": ["vm_security_level_id_1"],
"action_categories": ["action_type_id_1"]
}
return ModelManager.set_meta_rule(user_id=None,
meta_rule_id=meta_rule_id,
value=value)
def delete(self, uuid=None, user_id=None):
"""Delete a model
:param uuid: uuid of the model to delete
:param user_id: user ID who do the request
:return: {
"result": "True or False",
"message": "optional message (optional)"
}
:internal_api: delete_model
"""
data = ModelManager.delete_model(user_id=user_id, model_id=uuid)
return {"result": True}
def delete(self, category_id=None, user_id=None):
"""Delete an action
:param category_id: uuid of the action category to delete
:param user_id: user ID who do the request
:return: {
"result": "True or False",
"message": "optional message (optional)"
}
:internal_api: delete_action_category
"""
data = ModelManager.delete_action_category(user_id=user_id,
category_id=category_id)
return {"result": True}
def _export_models(self, json_content):
models = ModelManager.get_models(self._user_id)
models_array = []
for model_key in models:
model = dict()
JsonUtils.copy_field_if_exists(models[model_key], model, "name",
str)
JsonUtils.copy_field_if_exists(models[model_key], model,
"description", str)
# logger.info(models[model_key]["meta_rules"])
JsonUtils.convert_ids_to_names(models[model_key]["meta_rules"],
model, "meta_rules", "meta_rule",
ModelManager, self._user_id)
logger.info("Exporting model {}".format(model))
models_array.append(model)
if len(models_array) > 0:
json_content["models"] = models_array
def delete(self, uuid=None, user_id=None):
"""Delete a model
:param uuid: uuid of the model to delete
:param user_id: user ID who do the request
:return: {
"result": "True or False",
"message": "optional message"
}
:internal_api: delete_model
"""
try:
data = ModelManager.delete_model(user_id=user_id, model_id=uuid)
except Exception as e:
logger.error(e, exc_info=True)
return {"result": False, "error": str(e)}, 500
return {"result": True}
def get(self, category_id=None, user_id=None):
"""Retrieve all subject categories or a specific one
:param category_id: uuid of the subject category
:param user_id: user ID who do the request
:return: {
"subject_category_id": {
"name": "name of the category",
"description": "description of the category (optional)"
}
}
:internal_api: get_subject_categories
"""
data = ModelManager.get_subject_categories(user_id=user_id,
category_id=category_id)
return {"subject_categories": data}
def get(self, uuid=None, user_id=None):
"""Retrieve all models
:param uuid: uuid of the model
:param user_id: user ID who do the request
:return: {
"model_id1": {
"name": "...",
"description": "... (optional)",
"meta_rules": ["meta_rule_id1", ]
}
}
:internal_api: get_models
"""
data = ModelManager.get_models(user_id=user_id, model_id=uuid)
return {"models": data}
def delete(self, category_id=None, user_id=None):
"""Delete a subject category
:param category_id: uuid of the subject category to delete
:param user_id: user ID who do the request
:return: {
"result": "True or False",
"message": "optional message"
}
:internal_api: delete_subject_category
"""
try:
data = ModelManager.delete_subject_category(
user_id=user_id, category_id=category_id)
except Exception as e:
logger.error(e, exc_info=True)
return {"result": False, "error": str(e)}, 500
return {"result": True}
def update_meta_rule(meta_rule_id, value=None):
from python_moondb.core import ModelManager
if not value:
action_category_id = mock_data.create_action_category(
"action_category_id1")
subject_category_id = mock_data.create_subject_category(
"subject_category_id1")
object_category_id = mock_data.create_object_category(
"object_category_id1")
value = {
"name": "MLS_meta_rule",
"description": "test",
"subject_categories": [subject_category_id],
"object_categories": [object_category_id],
"action_categories": [action_category_id]
}
return ModelManager.update_meta_rule(user_id=None,
meta_rule_id=meta_rule_id,
value=value)
def set_meta_rule(meta_rule_id, value=None):
from python_moondb.core import ModelManager
if not value:
action_category_id = builder.create_action_category(
"action_category_id1" + uuid4().hex)
subject_category_id = builder.create_subject_category(
"subject_category_id1" + uuid4().hex)
object_category_id = builder.create_object_category(
"object_category_id1" + uuid4().hex)
value = {
"name": "MLS_meta_rule",
"description": "test",
"subject_categories": [subject_category_id],
"object_categories": [object_category_id],
"action_categories": [action_category_id]
}
return ModelManager.set_meta_rule(user_id=None,
meta_rule_id=meta_rule_id,
value=value)
def patch(self, uuid=None, user_id=None):
"""Update a model
:param uuid: uuid of the model to update
:param user_id: user ID who do the request
:return: {
"model_id1": {
"name": "name of the model",
"description": "... (optional)",
"meta_rules": ["meta_rule_id1", ]
}
}
:internal_api: update_model
"""
data = ModelManager.update_model(user_id=user_id,
model_id=uuid,
value=request.json)
return {"models": data}
def get(self, category_id=None, user_id=None):
"""Retrieve all subject categories or a specific one
:param category_id: uuid of the subject category
:param user_id: user ID who do the request
:return: {
"subject_category_id": {
"name": "name of the category",
"description": "description of the category"
}
}
:internal_api: get_subject_categories
"""
try:
data = ModelManager.get_subject_categories(user_id=user_id,
category_id=category_id)
except Exception as e:
logger.error(e, exc_info=True)
return {"result": False, "error": str(e)}, 500
return {"subject_categories": data}
def get(self, uuid=None, user_id=None):
"""Retrieve all models
:param uuid: uuid of the model
:param user_id: user ID who do the request
:return: {
"model_id1": {
"name": "...",
"description": "...",
"meta_rules": ["meta_rule_id1", ]
}
}
:internal_api: get_models
"""
try:
data = ModelManager.get_models(user_id=user_id, model_id=uuid)
except Exception as e:
logger.error(e, exc_info=True)
return {"result": False, "error": str(e)}, 500
return {"models": data}
def post(self, category_id=None, user_id=None):
"""Create or update a subject category.
:param category_id: must not be used here
:param user_id: user ID who do the request
:request body: {
"name": "name of the category (mandatory)",
"description": "description of the category (optional)"
}
:return: {
"subject_category_id": {
"name": "name of the category",
"description": "description of the category (optional)"
}
}
:internal_api: add_subject_category
"""
data = ModelManager.add_subject_category(user_id=user_id,
value=request.json)
return {"subject_categories": data}
def delete(self, meta_rule_id=None, user_id=None):
"""Delete a meta rule
:param meta_rule_id: Meta rule ID
:param user_id: user ID who do the request
:return: {
"meta_rules": {
"meta_rule_id1": {
"name": "name of the meta rule",
"subject_categories": ["subject_category_id1",
"subject_category_id2"],
"object_categories": ["object_category_id1"],
"action_categories": ["action_category_id1"]
},
}
}
:internal_api: delete_meta_rules
"""
data = ModelManager.delete_meta_rule(user_id=user_id,
meta_rule_id=meta_rule_id)
return {"result": True}
def get(self, meta_rule_id=None, user_id=None):
"""Retrieve all sub meta rules
:param meta_rule_id: Meta rule algorithm ID
:param user_id: user ID who do the request
:return: {
"meta_rules": {
"meta_rule_id1": {
"name": "name of the meta rule",
"subject_categories": ["subject_category_id1",
"subject_category_id2"],
"object_categories": ["object_category_id1"],
"action_categories": ["action_category_id1"]
},
}
}
:internal_api: get_meta_rules
"""
data = ModelManager.get_meta_rules(user_id=user_id,
meta_rule_id=meta_rule_id)
return {"meta_rules": data}
