def _register_sensor_from_pack(self, pack, sensor): sensor_metadata_file_path = sensor LOG.debug("Loading sensor from %s.", sensor_metadata_file_path) content = self._meta_loader.load(file_path=sensor_metadata_file_path) pack_field = content.get("pack", None) if not pack_field: content["pack"] = pack pack_field = pack if pack_field != pack: raise Exception( 'Model is in pack "%s" but field "pack" is different: %s' % (pack, pack_field) ) entry_point = content.get("entry_point", None) if not entry_point: raise ValueError("Sensor definition missing entry_point") # Add in "metadata_file" attribute which stores path to the pack metadata file relative to # the pack directory metadata_file = content_utils.get_relative_path_to_pack_file( pack_ref=pack, file_path=sensor, use_pack_cache=True ) content["metadata_file"] = metadata_file # Pass override information altered = self._override_loader.override(pack, "sensors", content) sensors_dir = os.path.dirname(sensor_metadata_file_path) sensor_file_path = os.path.join(sensors_dir, entry_point) artifact_uri = "file://%s" % (sensor_file_path) content["artifact_uri"] = artifact_uri content["entry_point"] = entry_point sensor_api = SensorTypeAPI(**content) sensor_model = SensorTypeAPI.to_model(sensor_api) sensor_types = SensorType.query(pack=sensor_model.pack, name=sensor_model.name) if len(sensor_types) >= 1: sensor_type = sensor_types[0] LOG.debug( "Found existing sensor id:%s with name:%s. Will update it.", sensor_type.id, sensor_type.name, ) sensor_model.id = sensor_type.id try: sensor_model = SensorType.add_or_update(sensor_model) except: LOG.exception("Failed creating sensor model for %s", sensor) return sensor_model, altered
def _register_sensor_from_pack(self, pack, sensor): sensor_metadata_file_path = sensor LOG.debug('Loading sensor from %s.', sensor_metadata_file_path) content = self._meta_loader.load(file_path=sensor_metadata_file_path) pack_field = content.get('pack', None) if not pack_field: content['pack'] = pack pack_field = pack if pack_field != pack: raise Exception('Model is in pack "%s" but field "pack" is different: %s' % (pack, pack_field)) entry_point = content.get('entry_point', None) if not entry_point: raise ValueError('Sensor definition missing entry_point') # Add in "metadata_file" attribute which stores path to the pack metadata file relative to # the pack directory metadata_file = content_utils.get_relative_path_to_pack_file(pack_ref=pack, file_path=sensor, use_pack_cache=True) content['metadata_file'] = metadata_file sensors_dir = os.path.dirname(sensor_metadata_file_path) sensor_file_path = os.path.join(sensors_dir, entry_point) artifact_uri = 'file://%s' % (sensor_file_path) content['artifact_uri'] = artifact_uri content['entry_point'] = entry_point sensor_api = SensorTypeAPI(**content) sensor_model = SensorTypeAPI.to_model(sensor_api) sensor_types = SensorType.query(pack=sensor_model.pack, name=sensor_model.name) if len(sensor_types) >= 1: sensor_type = sensor_types[0] LOG.debug('Found existing sensor id:%s with name:%s. Will update it.', sensor_type.id, sensor_type.name) sensor_model.id = sensor_type.id try: sensor_model = SensorType.add_or_update(sensor_model) except: LOG.exception('Failed creating sensor model for %s', sensor) return sensor_model
def put(self, sensor_type, ref_or_id, requester_user): # Note: Right now this function only supports updating of "enabled" # attribute on the SensorType model. # The reason for that is that SensorTypeAPI.to_model right now only # knows how to work with sensor type definitions from YAML files. sensor_type_db = self._get_by_ref_or_id(ref_or_id=ref_or_id) permission_type = PermissionType.SENSOR_MODIFY rbac_utils = get_rbac_backend().get_utils_class() rbac_utils.assert_user_has_resource_db_permission( user_db=requester_user, resource_db=sensor_type_db, permission_type=permission_type, ) sensor_type_id = sensor_type_db.id try: validate_not_part_of_system_pack(sensor_type_db) except ValueValidationException as e: abort(http_client.BAD_REQUEST, six.text_type(e)) return if not getattr(sensor_type, "pack", None): sensor_type.pack = sensor_type_db.pack try: old_sensor_type_db = sensor_type_db sensor_type_db.id = sensor_type_id sensor_type_db.enabled = getattr(sensor_type, "enabled", False) sensor_type_db = SensorType.add_or_update(sensor_type_db) except (ValidationError, ValueError) as e: LOG.exception("Unable to update sensor_type data=%s", sensor_type) abort(http_client.BAD_REQUEST, six.text_type(e)) return extra = { "old_sensor_type_db": old_sensor_type_db, "new_sensor_type_db": sensor_type_db, } LOG.audit("Sensor updated. Sensor.id=%s." % (sensor_type_db.id), extra=extra) sensor_type_api = SensorTypeAPI.from_model(sensor_type_db) return sensor_type_api
def _register_sensor_from_pack(self, pack, sensor): sensor_metadata_file_path = sensor LOG.debug('Loading sensor from %s.', sensor_metadata_file_path) content = self._meta_loader.load(file_path=sensor_metadata_file_path) pack_field = content.get('pack', None) if not pack_field: content['pack'] = pack pack_field = pack if pack_field != pack: raise Exception( 'Model is in pack "%s" but field "pack" is different: %s' % (pack, pack_field)) entry_point = content.get('entry_point', None) if not entry_point: raise ValueError('Sensor definition missing entry_point') sensors_dir = os.path.dirname(sensor_metadata_file_path) sensor_file_path = os.path.join(sensors_dir, entry_point) artifact_uri = 'file://%s' % (sensor_file_path) content['artifact_uri'] = artifact_uri content['entry_point'] = entry_point sensor_api = SensorTypeAPI(**content) sensor_model = SensorTypeAPI.to_model(sensor_api) sensor_types = SensorType.query(pack=sensor_model.pack, name=sensor_model.name) if len(sensor_types) >= 1: sensor_type = sensor_types[0] LOG.debug( 'Found existing sensor id:%s with name:%s. Will update it.', sensor_type.id, sensor_type.name) sensor_model.id = sensor_type.id try: sensor_model = SensorType.add_or_update(sensor_model) except: LOG.exception('Failed creating sensor model for %s', sensor) return sensor_model
def put(self, sensor_type, ref_or_id, requester_user): # Note: Right now this function only supports updating of "enabled" # attribute on the SensorType model. # The reason for that is that SensorTypeAPI.to_model right now only # knows how to work with sensor type definitions from YAML files. sensor_type_db = self._get_by_ref_or_id(ref_or_id=ref_or_id) permission_type = PermissionType.SENSOR_MODIFY rbac_utils = get_rbac_backend().get_utils_class() rbac_utils.assert_user_has_resource_db_permission(user_db=requester_user, resource_db=sensor_type_db, permission_type=permission_type) sensor_type_id = sensor_type_db.id try: validate_not_part_of_system_pack(sensor_type_db) except ValueValidationException as e: abort(http_client.BAD_REQUEST, six.text_type(e)) return if not getattr(sensor_type, 'pack', None): sensor_type.pack = sensor_type_db.pack try: old_sensor_type_db = sensor_type_db sensor_type_db.id = sensor_type_id sensor_type_db.enabled = getattr(sensor_type, 'enabled', False) sensor_type_db = SensorType.add_or_update(sensor_type_db) except (ValidationError, ValueError) as e: LOG.exception('Unable to update sensor_type data=%s', sensor_type) abort(http_client.BAD_REQUEST, six.text_type(e)) return extra = { 'old_sensor_type_db': old_sensor_type_db, 'new_sensor_type_db': sensor_type_db } LOG.audit('Sensor updated. Sensor.id=%s.' % (sensor_type_db.id), extra=extra) sensor_type_api = SensorTypeAPI.from_model(sensor_type_db) return sensor_type_api
def put(self, ref_or_id, sensor_type): # Note: Right now this function only supports updating of "enabled" # attribute on the SensorType model. # The reason for that is that SensorTypeAPI.to_model right now only # knows how to work with sensor type definitions from YAML files. try: sensor_type_db = self._get_by_ref_or_id(ref_or_id=ref_or_id) except Exception as e: LOG.exception(e.message) abort(http_client.NOT_FOUND, e.message) return sensor_type_id = sensor_type_db.id try: validate_not_part_of_system_pack(sensor_type_db) except ValueValidationException as e: abort(http_client.BAD_REQUEST, str(e)) return if not getattr(sensor_type, 'pack', None): sensor_type.pack = sensor_type_db.pack try: old_sensor_type_db = sensor_type_db sensor_type_db.id = sensor_type_id sensor_type_db.enabled = getattr(sensor_type, 'enabled', False) sensor_type_db = SensorType.add_or_update(sensor_type_db) except (ValidationError, ValueError) as e: LOG.exception('Unable to update sensor_type data=%s', sensor_type) abort(http_client.BAD_REQUEST, str(e)) return extra = { 'old_sensor_type_db': old_sensor_type_db, 'new_sensor_type_db': sensor_type_db } LOG.audit('Sensor updated. Sensor.id=%s.' % (sensor_type_db.id), extra=extra) sensor_type_api = SensorTypeAPI.from_model(sensor_type_db) return sensor_type_api
def put(self, ref_or_id, sensor_type): # Note: Right now this function only supports updating of "enabled" # attribute on the SensorType model. # The reason for that is that SensorTypeAPI.to_model right now only # knows how to work with sensor type definitions from YAML files. try: sensor_type_db = self._get_by_ref_or_id(ref_or_id=ref_or_id) except Exception as e: LOG.exception(e.message) abort(http_client.NOT_FOUND, e.message) return sensor_type_id = sensor_type_db.id try: validate_not_part_of_system_pack(sensor_type_db) except ValueValidationException as e: abort(http_client.BAD_REQUEST, str(e)) return if not getattr(sensor_type, 'pack', None): sensor_type.pack = sensor_type_db.pack try: old_sensor_type_db = sensor_type_db sensor_type_db.id = sensor_type_id sensor_type_db.enabled = getattr(sensor_type, 'enabled', False) sensor_type_db = SensorType.add_or_update(sensor_type_db) except (ValidationError, ValueError) as e: LOG.exception('Unable to update sensor_type data=%s', sensor_type) abort(http_client.BAD_REQUEST, str(e)) return extra = { 'old_sensor_type_db': old_sensor_type_db, 'new_sensor_type_db': sensor_type_db } LOG.audit('Sensor updated. Sensor.id=%s.' % (sensor_type_db.id), extra=extra) sensor_type_api = SensorTypeAPI.from_model(sensor_type_db) return sensor_type_api
def setUp(self): super(SensorPermissionsResolverTestCase, self).setUp() # Create some mock users user_1_db = UserDB(name='1_role_sensor_pack_grant') user_1_db = User.add_or_update(user_1_db) self.users['custom_role_sensor_pack_grant'] = user_1_db user_2_db = UserDB(name='1_role_sensor_grant') user_2_db = User.add_or_update(user_2_db) self.users['custom_role_sensor_grant'] = user_2_db user_3_db = UserDB(name='custom_role_pack_sensor_all_grant') user_3_db = User.add_or_update(user_3_db) self.users['custom_role_pack_sensor_all_grant'] = user_3_db user_4_db = UserDB(name='custom_role_sensor_all_grant') user_4_db = User.add_or_update(user_4_db) self.users['custom_role_sensor_all_grant'] = user_4_db user_5_db = UserDB(name='custom_role_sensor_list_grant') user_5_db = User.add_or_update(user_5_db) self.users['custom_role_sensor_list_grant'] = user_5_db # Create some mock resources on which permissions can be granted sensor_1_db = SensorTypeDB(pack='test_pack_1', name='sensor1') sensor_1_db = SensorType.add_or_update(sensor_1_db) self.resources['sensor_1'] = sensor_1_db sensor_2_db = SensorTypeDB(pack='test_pack_1', name='sensor2') sensor_2_db = SensorType.add_or_update(sensor_2_db) self.resources['sensor_2'] = sensor_2_db sensor_3_db = SensorTypeDB(pack='test_pack_2', name='sensor3') sensor_3_db = SensorType.add_or_update(sensor_3_db) self.resources['sensor_3'] = sensor_3_db # Create some mock roles with associated permission grants # Custom role 2 - one grant on parent pack # "sensor_view" on pack_1 grant_db = PermissionGrantDB( resource_uid=self.resources['pack_1'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.SENSOR_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_3_db = RoleDB(name='custom_role_sensor_pack_grant', permission_grants=permission_grants) role_3_db = Role.add_or_update(role_3_db) self.roles['custom_role_sensor_pack_grant'] = role_3_db # Custom role 4 - one grant on pack # "sensor_view on sensor_3 grant_db = PermissionGrantDB( resource_uid=self.resources['sensor_3'].get_uid(), resource_type=ResourceType.SENSOR, permission_types=[PermissionType.SENSOR_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_4_db = RoleDB(name='custom_role_sensor_grant', permission_grants=permission_grants) role_4_db = Role.add_or_update(role_4_db) self.roles['custom_role_sensor_grant'] = role_4_db # Custom role - "sensor_all" grant on a parent sensor pack grant_db = PermissionGrantDB( resource_uid=self.resources['pack_1'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.SENSOR_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_4_db = RoleDB(name='custom_role_pack_sensor_all_grant', permission_grants=permission_grants) role_4_db = Role.add_or_update(role_4_db) self.roles['custom_role_pack_sensor_all_grant'] = role_4_db # Custom role - "sensor_all" grant on a sensor grant_db = PermissionGrantDB( resource_uid=self.resources['sensor_1'].get_uid(), resource_type=ResourceType.SENSOR, permission_types=[PermissionType.SENSOR_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_4_db = RoleDB(name='custom_role_sensor_all_grant', permission_grants=permission_grants) role_4_db = Role.add_or_update(role_4_db) self.roles['custom_role_sensor_all_grant'] = role_4_db # Custom role - "sensor_list" grant grant_db = PermissionGrantDB( resource_uid=None, resource_type=None, permission_types=[PermissionType.SENSOR_LIST]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_5_db = RoleDB(name='custom_role_sensor_list_grant', permission_grants=permission_grants) role_5_db = Role.add_or_update(role_5_db) self.roles['custom_role_sensor_list_grant'] = role_5_db # Create some mock role assignments user_db = self.users['custom_role_sensor_pack_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_sensor_pack_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_sensor_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_sensor_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_pack_sensor_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_pack_sensor_all_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_sensor_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_sensor_all_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_sensor_list_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_sensor_list_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db)
def setUp(self): super(SensorPermissionsResolverTestCase, self).setUp() # Create some mock users user_1_db = UserDB(name='1_role_sensor_pack_grant') user_1_db = User.add_or_update(user_1_db) self.users['custom_role_sensor_pack_grant'] = user_1_db user_2_db = UserDB(name='1_role_sensor_grant') user_2_db = User.add_or_update(user_2_db) self.users['custom_role_sensor_grant'] = user_2_db user_3_db = UserDB(name='custom_role_pack_sensor_all_grant') user_3_db = User.add_or_update(user_3_db) self.users['custom_role_pack_sensor_all_grant'] = user_3_db user_4_db = UserDB(name='custom_role_sensor_all_grant') user_4_db = User.add_or_update(user_4_db) self.users['custom_role_sensor_all_grant'] = user_4_db # Create some mock resources on which permissions can be granted sensor_1_db = SensorTypeDB(pack='test_pack_1', name='sensor1') sensor_1_db = SensorType.add_or_update(sensor_1_db) self.resources['sensor_1'] = sensor_1_db sensor_2_db = SensorTypeDB(pack='test_pack_1', name='sensor2') sensor_2_db = SensorType.add_or_update(sensor_2_db) self.resources['sensor_2'] = sensor_2_db sensor_3_db = SensorTypeDB(pack='test_pack_2', name='sensor3') sensor_3_db = SensorType.add_or_update(sensor_3_db) self.resources['sensor_3'] = sensor_3_db # Create some mock roles with associated permission grants # Custom role 2 - one grant on parent pack # "sensor_view" on pack_1 grant_db = PermissionGrantDB(resource_uid=self.resources['pack_1'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.SENSOR_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_3_db = RoleDB(name='custom_role_sensor_pack_grant', permission_grants=permission_grants) role_3_db = Role.add_or_update(role_3_db) self.roles['custom_role_sensor_pack_grant'] = role_3_db # Custom role 4 - one grant on pack # "sensor_view on sensor_3 grant_db = PermissionGrantDB(resource_uid=self.resources['sensor_3'].get_uid(), resource_type=ResourceType.SENSOR, permission_types=[PermissionType.SENSOR_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_4_db = RoleDB(name='custom_role_sensor_grant', permission_grants=permission_grants) role_4_db = Role.add_or_update(role_4_db) self.roles['custom_role_sensor_grant'] = role_4_db # Custom role - "sensor_all" grant on a parent sensor pack grant_db = PermissionGrantDB(resource_uid=self.resources['pack_1'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.SENSOR_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_4_db = RoleDB(name='custom_role_pack_sensor_all_grant', permission_grants=permission_grants) role_4_db = Role.add_or_update(role_4_db) self.roles['custom_role_pack_sensor_all_grant'] = role_4_db # Custom role - "sensor_all" grant on a sensor grant_db = PermissionGrantDB(resource_uid=self.resources['sensor_1'].get_uid(), resource_type=ResourceType.SENSOR, permission_types=[PermissionType.SENSOR_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_4_db = RoleDB(name='custom_role_sensor_all_grant', permission_grants=permission_grants) role_4_db = Role.add_or_update(role_4_db) self.roles['custom_role_sensor_all_grant'] = role_4_db # Create some mock role assignments user_db = self.users['custom_role_sensor_pack_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_sensor_pack_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_sensor_grant'] role_assignment_db = UserRoleAssignmentDB(user=user_db.name, role=self.roles['custom_role_sensor_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_pack_sensor_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_pack_sensor_all_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_sensor_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_sensor_all_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db)