def _import_models_with_new_meta_rules(self, json_models): if not isinstance(json_models, list): raise InvalidJson("models shall be a list!") for json_model in json_models: logger.debug("json_model {}".format(json_model)) models = ModelManager.get_models(self._user_id) model_in_db = None model_id = None for model_key in models: if ("id" in json_model and model_key == json_model["id"]) or ( "name" in json_model and models[model_key]["name"] == json_model["name"]): model_in_db = models[model_key] model_id = model_key # this should not occur as the model has been put in db previously in _import_models_without_new_meta_rules if model_in_db is None: raise UnknownModel("Unknown model ") json_key = dict() JsonUtils.convert_names_to_ids(json_model, json_key, "meta_rules", "meta_rule_id", "meta_rule", ModelManager, self._user_id) for meta_rule_id in json_key["meta_rule_id"]: if meta_rule_id not in model_in_db["meta_rules"]: model_in_db["meta_rules"].append(meta_rule_id) ModelManager.update_model(self._user_id, model_id, model_in_db)
def delete_models(uuid=None, name=None): from python_moondb.core import ModelManager if not uuid: for model_id, model_value in get_models(): if name == model_value['name']: uuid = model_id break ModelManager.delete_model(user_id=None, model_id=uuid)
def post(self, meta_rule_id=None, user_id=None): """Add a meta rule :param meta_rule_id: Meta rule ID (not used here) :param user_id: user ID who do the request :request body: post = { "name": "name of the meta rule (mandatory)", "subject_categories": ["subject_category_id1 (mandatory)", "subject_category_id2"], "object_categories": ["object_category_id1 (mandatory)"], "action_categories": ["action_category_id1 (mandatory)"] } :return: { "meta_rules": { "meta_rule_id1": { "name": "name of the meta rule", "subject_categories": ["subject_category_id1", "subject_category_id2"], "object_categories": ["object_category_id1"], "action_categories": ["action_category_id1"] }, } } :internal_api: add_meta_rules """ data = ModelManager.add_meta_rule(user_id=user_id, meta_rule_id=None, value=request.json) return {"meta_rules": data}
def _import_meta_rules(self, json_meta_rules): logger.info("Input meta rules : {}".format(json_meta_rules)) for json_meta_rule in json_meta_rules: json_to_use = dict() JsonUtils.copy_field_if_exists(json_meta_rule, json_to_use, "name", str) JsonUtils.copy_field_if_exists(json_meta_rule, json_to_use, "description", str) JsonUtils.convert_names_to_ids(json_meta_rule, json_to_use, "subject_categories", "subject_categories", "subject_category", ModelManager, self._user_id) JsonUtils.convert_names_to_ids(json_meta_rule, json_to_use, "object_categories", "object_categories", "object_category", ModelManager, self._user_id) JsonUtils.convert_names_to_ids(json_meta_rule, json_to_use, "action_categories", "action_categories", "action_category", ModelManager, self._user_id) logger.debug("Adding / updating a metarule from json {}".format( json_meta_rule)) meta_rule = ModelManager.add_meta_rule(self._user_id, meta_rule_id=None, value=json_to_use) logger.debug("Added / updated meta rule : {}".format(meta_rule))
def post(self, uuid=None, user_id=None): """Create model. :param uuid: uuid of the model (not used here) :param user_id: user ID who do the request :request body: { "name": "...", "description": "...", "meta_rules": ["meta_rule_id1", ] } :return: { "model_id1": { "name": "...", "description": "...", "meta_rules": ["meta_rule_id1", ] } } :internal_api: add_model """ try: data = ModelManager.add_model(user_id=user_id, model_id=uuid, value=request.json) except Exception as e: logger.error(e, exc_info=True) return {"result": False, "error": str(e)}, 500 return {"models": data}
def add_pod(uuid, data): if not data.get("keystone_project_id"): return logger.info("Add a new pod {}".format(data)) if "pdp_id" not in data: data["pdp_id"] = uuid data['policies'] = PolicyManager.get_policies(user_id="admin") data['models'] = ModelManager.get_models(user_id="admin") conf = configuration.get_configuration("components/orchestrator") hostname = conf["components/orchestrator"].get("hostname", "orchestrator") port = conf["components/orchestrator"].get("port", 80) proto = conf["components/orchestrator"].get("protocol", "http") while True: try: req = requests.post( "{}://{}:{}/pods".format(proto, hostname, port), json=data, headers={"content-type": "application/json"}) except requests.exceptions.ConnectionError as e: logger.warning("add_pod: Orchestrator is not ready, standby...") logger.exception(e) time.sleep(1) else: break logger.info("Pod add request answer : {}".format(req.text))
def _export_meta_rules(self, json_content): meta_rules = ModelManager.get_meta_rules(self._user_id) meta_rules_array = [] # logger.info(meta_rules) for meta_rule_key in meta_rules: # logger.info(meta_rules[meta_rule_key]) meta_rule_dict = dict() JsonUtils.copy_field_if_exists(meta_rules[meta_rule_key], meta_rule_dict, "name", str) JsonUtils.copy_field_if_exists(meta_rules[meta_rule_key], meta_rule_dict, "description", str) JsonUtils.convert_ids_to_names( meta_rules[meta_rule_key]["subject_categories"], meta_rule_dict, "subject_categories", "subject_category", ModelManager, self._user_id) JsonUtils.convert_ids_to_names( meta_rules[meta_rule_key]["object_categories"], meta_rule_dict, "object_categories", "object_category", ModelManager, self._user_id) JsonUtils.convert_ids_to_names( meta_rules[meta_rule_key]["action_categories"], meta_rule_dict, "action_categories", "action_category", ModelManager, self._user_id) logger.info("Exporting meta rule {}".format(meta_rule_dict)) meta_rules_array.append(meta_rule_dict) if len(meta_rules_array) > 0: json_content['meta_rules'] = meta_rules_array
def patch(self, meta_rule_id=None, user_id=None): """Update a meta rule :param meta_rule_id: Meta rule ID :param user_id: user ID who do the request :request body: patch = { "name": "name of the meta rule", "subject_categories": ["subject_category_id1", "subject_category_id2"], "object_categories": ["object_category_id1"], "action_categories": ["action_category_id1"] } :return: { "meta_rules": { "meta_rule_id1": { "name": "name of the meta rule", "subject_categories": ["subject_category_id1", "subject_category_id2"], "object_categories": ["object_category_id1"], "action_categories": ["action_category_id1"] }, } } :internal_api: set_meta_rules """ data = ModelManager.update_meta_rule(user_id=user_id, meta_rule_id=meta_rule_id, value=request.json) return {"meta_rules": data}
def get(self, meta_rule_id=None, user_id=None): """Retrieve all sub meta rules :param meta_rule_id: Meta rule algorithm ID :param user_id: user ID who do the request :return: { "meta_rules": { "meta_rule_id1": { "name": "name of the meta rule", "algorithm": "name of the meta rule algorithm", "subject_categories": ["subject_category_id1", "subject_category_id2"], "object_categories": ["object_category_id1"], "action_categories": ["action_category_id1"] }, } } :internal_api: get_meta_rules """ try: data = ModelManager.get_meta_rules( user_id=user_id, meta_rule_id=meta_rule_id) except Exception as e: logger.error(e, exc_info=True) return {"result": False, "error": str(e)}, 500 return {"meta_rules": data}
def patch(self, meta_rule_id=None, user_id=None): """Update a meta rule :param meta_rule_id: Meta rule ID :param user_id: user ID who do the request :request body: patch = { "name": "name of the meta rule", "subject_categories": ["subject_category_id1", "subject_category_id2"], "object_categories": ["object_category_id1"], "action_categories": ["action_category_id1"] } :return: { "meta_rules": { "meta_rule_id1": { "name": "name of the meta rule", "subject_categories": ["subject_category_id1", "subject_category_id2"], "object_categories": ["object_category_id1"], "action_categories": ["action_category_id1"] }, } } :internal_api: set_meta_rules """ try: data = ModelManager.set_meta_rule( user_id=user_id, meta_rule_id=meta_rule_id, value=request.json) except Exception as e: logger.error(e, exc_info=True) return {"result": False, "error": str(e)}, 500 return {"meta_rules": data}
def _export_rules(self, json_content): policies = PolicyManager.get_policies(self._user_id) rules_array = [] for policy_key in policies: rules = PolicyManager.get_rules(self._user_id, policy_key) rules = rules["rules"] # logger.info(rules) for rule in rules: rule_dict = dict() JsonUtils.copy_field_if_exists(rule, rule_dict, "instructions", dict) JsonUtils.copy_field_if_exists(rule, rule_dict, "enabled", True) JsonUtils.convert_id_to_name(rule["meta_rule_id"], rule_dict, "meta_rule", "meta_rule", ModelManager, self._user_id) JsonUtils.convert_id_to_name(policy_key, rule_dict, "policy", "policy", PolicyManager, self._user_id) ids = rule["rule"] rule_description = dict() meta_rule = ModelManager.get_meta_rules( self._user_id, rule["meta_rule_id"]) meta_rule = [v for v in meta_rule.values()] meta_rule = meta_rule[0] index_subject_data = len(meta_rule["subject_categories"]) - 1 index_object_data = len(meta_rule["subject_categories"]) + len( meta_rule["object_categories"]) - 1 index_action_data = len(meta_rule["subject_categories"]) + len( meta_rule["object_categories"]) + len( meta_rule["action_categories"]) - 1 ids_subject_data = [ids[0]] if len( meta_rule["subject_categories"] ) == 1 else ids[0:index_subject_data] ids_object_data = [ids[index_object_data]] if len( meta_rule["object_categories"] ) == 1 else ids[index_subject_data + 1:index_object_data] ids_action_date = [ids[index_action_data]] if len( meta_rule["action_categories"] ) == 1 else ids[index_object_data + 1:index_action_data] JsonUtils.convert_ids_to_names(ids_subject_data, rule_description, "subject_data", "subject_data", PolicyManager, self._user_id, policy_key) JsonUtils.convert_ids_to_names(ids_object_data, rule_description, "object_data", "object_data", PolicyManager, self._user_id, policy_key) JsonUtils.convert_ids_to_names(ids_action_date, rule_description, "action_data", "action_data", PolicyManager, self._user_id, policy_key) rule_dict["rule"] = rule_description rules_array.append(rule_dict) if len(rules_array) > 0: json_content['rules'] = rules_array
def add_model(model_id=None, value=None): from python_moondb.core import ModelManager if not value: value = { "name": "MLS", "description": "test", "meta_rules": "meta_rule_mls_1" } return ModelManager.add_model(user_id=None, model_id=model_id, value=value)
def add_model(model_id=None, value=None): from python_moondb.core import ModelManager if not value: subject_category_id, object_category_id, action_category_id, meta_rule_id = mock_data.create_new_meta_rule() name = "MLS" if model_id is None else "MLS " + model_id value = { "name": name, "description": "test", "meta_rules": [meta_rule_id] } return ModelManager.add_model(user_id=None, model_id=model_id, value=value)
def _import_models_without_new_meta_rules(self, json_models): if not isinstance(json_models, list): raise InvalidJson("models shall be a list!") for json_model in json_models: json_without_new_metarules = dict() JsonUtils.copy_field_if_exists(json_model, json_without_new_metarules, "name", str) # TODO put this in moondb # model_in_db = ModelManager.get_models_by_name(json_without_new_metarules["name"]) models = ModelManager.get_models(self._user_id) model_in_db = None for model_key in models: if models[model_key]["name"] == json_without_new_metarules[ "name"]: model_in_db = models[model_key] model_id = model_key # end TODO JsonUtils.copy_field_if_exists(json_model, json_without_new_metarules, "description", str) if model_in_db is None: model_does_exist = False else: json_without_new_metarules["meta_rules"] = model_in_db[ "meta_rules"] model_does_exist = True model_override = JsonUtils.get_override(json_model) if not model_does_exist: logger.debug( "Creating model {} ".format(json_without_new_metarules)) ModelManager.add_model(self._user_id, None, json_without_new_metarules) elif model_override is True: logger.debug("Updating model with id {} : {} ".format( model_id, json_without_new_metarules)) ModelManager.update_model(self._user_id, model_id, json_without_new_metarules)
def set_meta_rule(meta_rule_id, value=None): from python_moondb.core import ModelManager if not value: value = { "name": "MLS_meta_rule", "description": "test", "subject_categories": ["user_security_level_id_1"], "object_categories": ["vm_security_level_id_1"], "action_categories": ["action_type_id_1"] } return ModelManager.set_meta_rule(user_id=None, meta_rule_id=meta_rule_id, value=value)
def delete(self, uuid=None, user_id=None): """Delete a model :param uuid: uuid of the model to delete :param user_id: user ID who do the request :return: { "result": "True or False", "message": "optional message (optional)" } :internal_api: delete_model """ data = ModelManager.delete_model(user_id=user_id, model_id=uuid) return {"result": True}
def delete(self, category_id=None, user_id=None): """Delete an action :param category_id: uuid of the action category to delete :param user_id: user ID who do the request :return: { "result": "True or False", "message": "optional message (optional)" } :internal_api: delete_action_category """ data = ModelManager.delete_action_category(user_id=user_id, category_id=category_id) return {"result": True}
def _export_models(self, json_content): models = ModelManager.get_models(self._user_id) models_array = [] for model_key in models: model = dict() JsonUtils.copy_field_if_exists(models[model_key], model, "name", str) JsonUtils.copy_field_if_exists(models[model_key], model, "description", str) # logger.info(models[model_key]["meta_rules"]) JsonUtils.convert_ids_to_names(models[model_key]["meta_rules"], model, "meta_rules", "meta_rule", ModelManager, self._user_id) logger.info("Exporting model {}".format(model)) models_array.append(model) if len(models_array) > 0: json_content["models"] = models_array
def delete(self, uuid=None, user_id=None): """Delete a model :param uuid: uuid of the model to delete :param user_id: user ID who do the request :return: { "result": "True or False", "message": "optional message" } :internal_api: delete_model """ try: data = ModelManager.delete_model(user_id=user_id, model_id=uuid) except Exception as e: logger.error(e, exc_info=True) return {"result": False, "error": str(e)}, 500 return {"result": True}
def get(self, category_id=None, user_id=None): """Retrieve all subject categories or a specific one :param category_id: uuid of the subject category :param user_id: user ID who do the request :return: { "subject_category_id": { "name": "name of the category", "description": "description of the category (optional)" } } :internal_api: get_subject_categories """ data = ModelManager.get_subject_categories(user_id=user_id, category_id=category_id) return {"subject_categories": data}
def get(self, uuid=None, user_id=None): """Retrieve all models :param uuid: uuid of the model :param user_id: user ID who do the request :return: { "model_id1": { "name": "...", "description": "... (optional)", "meta_rules": ["meta_rule_id1", ] } } :internal_api: get_models """ data = ModelManager.get_models(user_id=user_id, model_id=uuid) return {"models": data}
def delete(self, category_id=None, user_id=None): """Delete a subject category :param category_id: uuid of the subject category to delete :param user_id: user ID who do the request :return: { "result": "True or False", "message": "optional message" } :internal_api: delete_subject_category """ try: data = ModelManager.delete_subject_category( user_id=user_id, category_id=category_id) except Exception as e: logger.error(e, exc_info=True) return {"result": False, "error": str(e)}, 500 return {"result": True}
def update_meta_rule(meta_rule_id, value=None): from python_moondb.core import ModelManager if not value: action_category_id = mock_data.create_action_category( "action_category_id1") subject_category_id = mock_data.create_subject_category( "subject_category_id1") object_category_id = mock_data.create_object_category( "object_category_id1") value = { "name": "MLS_meta_rule", "description": "test", "subject_categories": [subject_category_id], "object_categories": [object_category_id], "action_categories": [action_category_id] } return ModelManager.update_meta_rule(user_id=None, meta_rule_id=meta_rule_id, value=value)
def set_meta_rule(meta_rule_id, value=None): from python_moondb.core import ModelManager if not value: action_category_id = builder.create_action_category( "action_category_id1" + uuid4().hex) subject_category_id = builder.create_subject_category( "subject_category_id1" + uuid4().hex) object_category_id = builder.create_object_category( "object_category_id1" + uuid4().hex) value = { "name": "MLS_meta_rule", "description": "test", "subject_categories": [subject_category_id], "object_categories": [object_category_id], "action_categories": [action_category_id] } return ModelManager.set_meta_rule(user_id=None, meta_rule_id=meta_rule_id, value=value)
def patch(self, uuid=None, user_id=None): """Update a model :param uuid: uuid of the model to update :param user_id: user ID who do the request :return: { "model_id1": { "name": "name of the model", "description": "... (optional)", "meta_rules": ["meta_rule_id1", ] } } :internal_api: update_model """ data = ModelManager.update_model(user_id=user_id, model_id=uuid, value=request.json) return {"models": data}
def get(self, category_id=None, user_id=None): """Retrieve all subject categories or a specific one :param category_id: uuid of the subject category :param user_id: user ID who do the request :return: { "subject_category_id": { "name": "name of the category", "description": "description of the category" } } :internal_api: get_subject_categories """ try: data = ModelManager.get_subject_categories(user_id=user_id, category_id=category_id) except Exception as e: logger.error(e, exc_info=True) return {"result": False, "error": str(e)}, 500 return {"subject_categories": data}
def get(self, uuid=None, user_id=None): """Retrieve all models :param uuid: uuid of the model :param user_id: user ID who do the request :return: { "model_id1": { "name": "...", "description": "...", "meta_rules": ["meta_rule_id1", ] } } :internal_api: get_models """ try: data = ModelManager.get_models(user_id=user_id, model_id=uuid) except Exception as e: logger.error(e, exc_info=True) return {"result": False, "error": str(e)}, 500 return {"models": data}
def post(self, category_id=None, user_id=None): """Create or update a subject category. :param category_id: must not be used here :param user_id: user ID who do the request :request body: { "name": "name of the category (mandatory)", "description": "description of the category (optional)" } :return: { "subject_category_id": { "name": "name of the category", "description": "description of the category (optional)" } } :internal_api: add_subject_category """ data = ModelManager.add_subject_category(user_id=user_id, value=request.json) return {"subject_categories": data}
def delete(self, meta_rule_id=None, user_id=None): """Delete a meta rule :param meta_rule_id: Meta rule ID :param user_id: user ID who do the request :return: { "meta_rules": { "meta_rule_id1": { "name": "name of the meta rule", "subject_categories": ["subject_category_id1", "subject_category_id2"], "object_categories": ["object_category_id1"], "action_categories": ["action_category_id1"] }, } } :internal_api: delete_meta_rules """ data = ModelManager.delete_meta_rule(user_id=user_id, meta_rule_id=meta_rule_id) return {"result": True}
def get(self, meta_rule_id=None, user_id=None): """Retrieve all sub meta rules :param meta_rule_id: Meta rule algorithm ID :param user_id: user ID who do the request :return: { "meta_rules": { "meta_rule_id1": { "name": "name of the meta rule", "subject_categories": ["subject_category_id1", "subject_category_id2"], "object_categories": ["object_category_id1"], "action_categories": ["action_category_id1"] }, } } :internal_api: get_meta_rules """ data = ModelManager.get_meta_rules(user_id=user_id, meta_rule_id=meta_rule_id) return {"meta_rules": data}