def post(self, uuid=None, rule_id=None, user_id=None): """Add a rule to a meta rule :param uuid: policy ID :param rule_id: rule ID :param user_id: user ID who do the request :request body: post = { "meta_rule_id": "meta_rule_id1", "rule": ["subject_data_id2", "object_data_id2", "action_data_id2"], "instructions": ( {"decision": "grant"}, ) "enabled": True } :return: { "rules": [ "meta_rule_id": "meta_rule_id1", "rule_id1": { "rule": ["subject_data_id1", "object_data_id1", "action_data_id1"], "instructions": ( {"decision": "grant"}, # "grant" to immediately exit, # "continue" to wait for the result of next policy # "deny" to deny the request ) } "rule_id2": { "rule": ["subject_data_id2", "object_data_id2", "action_data_id2"], "instructions": ( { "update": { "operation": "add", # operations may be "add" or "delete" "target": "rbac:role:admin" # add the role admin to the current user } }, {"chain": {"name": "rbac"}} # chain with the policy named rbac ) } ] } :internal_api: add_rule """ args = request.json try: data = PolicyManager.add_rule(user_id=user_id, policy_id=uuid, meta_rule_id=args['meta_rule_id'], value=args) except Exception as e: logger.error(e, exc_info=True) return {"result": False, "error": str(e)}, 500 return {"rules": data}
def add_rule(policy_id=None, meta_rule_id=None, value=None): from python_moondb.core import PolicyManager if not value: value = { "rule": ("high", "medium", "vm-action"), "instructions": ({ "decision": "grant" }), "enabled": "", } return PolicyManager.add_rule("", policy_id, meta_rule_id, value)
def add_rule(policy_id, meta_rule_id, value=None): from python_moondb.core import PolicyManager if not value: meta_rule = meta_rule_helper.get_meta_rules(meta_rule_id) sub_cat_id = meta_rule[meta_rule_id]['subject_categories'][0] ob_cat_id = meta_rule[meta_rule_id]['object_categories'][0] act_cat_id = meta_rule[meta_rule_id]['action_categories'][0] subject_data_id = mock_data.create_subject_data(policy_id=policy_id, category_id=sub_cat_id) object_data_id = mock_data.create_object_data(policy_id=policy_id, category_id=ob_cat_id) action_data_id = mock_data.create_action_data(policy_id=policy_id, category_id=act_cat_id) value = { "rule": (subject_data_id, object_data_id, action_data_id), "instructions": ({ "decision": "grant" }), "enabled": "", } return PolicyManager.add_rule("", policy_id, meta_rule_id, value)
def _import_rules(self, json_rules): if not isinstance(json_rules, list): raise InvalidJson("rules shall be a list!") for json_rule in json_rules: json_to_use = dict() JsonUtils.copy_field_if_exists(json_rule, json_to_use, "instructions", str) JsonUtils.copy_field_if_exists(json_rule, json_to_use, "enabled", bool, default_value=True) json_ids = dict() JsonUtils.convert_name_to_id(json_rule, json_ids, "policy", "policy_id", "policy", PolicyManager, self._user_id) JsonUtils.convert_name_to_id(json_rule, json_to_use, "meta_rule", "meta_rule_id", "meta_rule", ModelManager, self._user_id) json_subject_ids = dict() json_object_ids = dict() json_action_ids = dict() JsonUtils.convert_names_to_ids(json_rule["rule"], json_subject_ids, "subject_data", "subject", "subject_data", PolicyManager, self._user_id, json_ids["policy_id"]) JsonUtils.convert_names_to_ids(json_rule["rule"], json_object_ids, "object_data", "object", "object_data", PolicyManager, self._user_id, json_ids["policy_id"]) JsonUtils.convert_names_to_ids(json_rule["rule"], json_action_ids, "action_data", "action", "action_data", PolicyManager, self._user_id, json_ids["policy_id"]) meta_rule = ModelManager.get_meta_rules( self._user_id, json_to_use["meta_rule_id"]) meta_rule = [v for v in meta_rule.values()] meta_rule = meta_rule[0] json_to_use_rule = self._reorder_rules_ids( json_rule, meta_rule["subject_categories"], json_subject_ids["subject"], json_ids["policy_id"], PolicyManager.get_subject_data) json_to_use_rule = json_to_use_rule + self._reorder_rules_ids( json_rule, meta_rule["object_categories"], json_object_ids["object"], json_ids["policy_id"], PolicyManager.get_object_data) json_to_use_rule = json_to_use_rule + self._reorder_rules_ids( json_rule, meta_rule["action_categories"], json_action_ids["action"], json_ids["policy_id"], PolicyManager.get_action_data) json_to_use["rule"] = json_to_use_rule try: logger.debug("Adding / updating a rule from json {}".format( json_to_use)) PolicyManager.add_rule(self._user_id, json_ids["policy_id"], json_to_use["meta_rule_id"], json_to_use) except exceptions.RuleExisting: pass except exceptions.PolicyUnknown: raise UnknownPolicy("Unknown policy with id {}".format( json_ids["policy_id"]))