def get_meta_rule_ids_from_pdp_value(self, pdp_value):
meta_rules = []
if "security_pipeline" in pdp_value:
for policy_id in pdp_value["security_pipeline"]:
if policy_id not in self.policies or "model_id" not in self.policies[policy_id]:
raise exceptions.PolicyUnknown("Cannot find 'models' key")
model_id = self.policies[policy_id]["model_id"]
if model_id not in self.models or 'meta_rules' not in self.models[model_id]:
raise exceptions.ModelNotFound("Cannot find 'models' key")
for meta_rule in self.models[model_id]["meta_rules"]:
meta_rules.append(meta_rule)
return meta_rules
raise exceptions.PdpContentError
def get_action_assignments(self, policy_id, perimeter_id, category_id):
if not policy_id:
raise exceptions.PolicyUnknown("Cannot find policy within policy_id {}".format(policy_id))
if policy_id not in self.action_assignments:
self.__update_action_assignments(policy_id, perimeter_id)
for key, value in self.action_assignments[policy_id].items():
if all(k in value for k in ("action_id", "category_id", "assignments")):
if perimeter_id == value['action_id'] and category_id == value['category_id']:
return value['assignments']
else:
logger.warning("'action_id' or 'category_id' or'assignments'"
" keys are not found in action_assignments")
return []
def get_action(self, policy_id, name):
if not policy_id:
raise exceptions.PolicyUnknown("Cannot find policy within policy_id {}".format(policy_id))
if policy_id in self.actions:
for _action_id, _action_dict in self.__ACTIONS[policy_id].items():
if _action_id == name or _action_dict.get("name") == name:
return _action_id
self.__update_actions(policy_id)
for _action_id, _action_dict in self.__ACTIONS[policy_id].items():
if _action_id == name or _action_dict.get("name") == name:
return _action_id
raise exceptions.ActionUnknown("Cannot find action {}".format(name))
def get_subject(self, policy_id, name):
if not policy_id:
raise exceptions.PolicyUnknown("Cannot find policy within policy_id {}".format(policy_id))
if policy_id in self.subjects:
for _subject_id, _subject_dict in self.subjects[policy_id].items():
if _subject_id == name or _subject_dict.get("name") == name:
return _subject_id
self.__update_subjects(policy_id)
if policy_id in self.subjects:
for _subject_id, _subject_dict in self.subjects[policy_id].items():
if _subject_id == name or _subject_dict.get("name") == name:
return _subject_id
raise exceptions.SubjectUnknown("Cannot find subject {}".format(name))
def get_object(self, policy_id, name):
if not policy_id:
raise exceptions.PolicyUnknown("Cannot find policy within policy_id {}".format(policy_id))
if policy_id in self.objects:
for _object_id, _object_dict in self.__OBJECTS[policy_id].items():
if "name" in _object_dict and _object_dict["name"] == name:
return _object_id
self.__update_objects(policy_id)
if policy_id in self.objects:
for _object_id, _object_dict in self.__OBJECTS[policy_id].items():
if "name" in _object_dict and _object_dict["name"] == name:
return _object_id
raise exceptions.ObjectUnknown("Cannot find object {}".format(name))
def __update_container_chaining(self, keystone_project_id):
container_ids = []
for pdp_id, pdp_value, in self.__PDP.items():
if pdp_value:
if all(k in pdp_value for k in ("keystone_project_id", "security_pipeline")) \
and pdp_value["keystone_project_id"] == keystone_project_id:
for policy_id in pdp_value["security_pipeline"]:
if policy_id in self.policies and "model_id" in self.policies[policy_id]:
model_id = self.policies[policy_id]['model_id']
if model_id in self.models and "meta_rules" in self.models[model_id]:
for meta_rule_id in self.models[model_id]["meta_rules"]:
for container_id, container_value in self.get_containers_from_keystone_project_id(
keystone_project_id,
meta_rule_id
):
if "name" in container_value:
if all(k in container_value for k in ("genre", "port")):
container_ids.append(
{
"container_id": container_value["name"],
"genre": container_value["genre"],
"policy_id": policy_id,
"meta_rule_id": meta_rule_id,
"hostname": container_value["name"],
"hostip": "127.0.0.1",
"port": container_value["port"],
}
)
else:
logger.warning("Container content keys not found {}", container_value)
else:
logger.warning("Container content keys not found {}", container_value)
else:
raise exceptions.ModelUnknown("Cannot find model_id: {} in models and "
"may not contains 'meta_rules' key".format(model_id))
else:
raise exceptions.PolicyUnknown("Cannot find policy within policy_id: {}, "
"and may not contains 'model_id' key".format(policy_id))
self.__CONTAINER_CHAINING[keystone_project_id] = container_ids
