def getPolicies( params ):
'''
to get all the policies that apply to the given list of params
'''
paramsClone = dict( params )
for param in paramsClone:
if params[param] is None:
del params[param]
result = getPoliciesThatApply( params )
if result['OK']:
return result['Value']
else:
error( "It wasn't possible to execute getPoliciesThatApply, check this: %s" % str(result) )
def isStorageElementAlwaysBanned( self, seName, statusType ):
""" Checks if the AlwaysBanned policy is applied to the SE given as parameter
:param seName : string, name of the SE
:param statusType : ReadAcces, WriteAccess, RemoveAccess, CheckAccess
:returns: S_OK(True/False)
"""
res = getPoliciesThatApply( {'name' : seName, 'statusType' : statusType} )
if not res['OK']:
self.log.error( "isStorageElementAlwaysBanned: unable to get the information", res['Message'] )
return res
isAlwaysBanned = 'AlwaysBanned' in [policy['type'] for policy in res['Value']]
return S_OK( isAlwaysBanned )
def isStorageElementAlwaysBanned(self, seName, statusType):
""" Checks if the AlwaysBanned policy is applied to the SE given as parameter
:param seName: string, name of the SE
:param statusType: ReadAcces, WriteAccess, RemoveAccess, CheckAccess
:returns: S_OK(True/False)
"""
res = getPoliciesThatApply({'name': seName, 'statusType': statusType})
if not res['OK']:
self.log.error("isStorageElementAlwaysBanned: unable to get the information", res['Message'])
return res
isAlwaysBanned = 'AlwaysBanned' in [policy['type'] for policy in res['Value']]
return S_OK(isAlwaysBanned)
def takeDecision(self):
""" main PDP method which does all the work. If firstly finds all the policies
defined in the CS that match <self.decisionParams> and runs them. Once it has
all the singlePolicyResults, it combines them. Next step is action discovery:
using a similar approach to the one used to discover the policies, but also
taking into account the single policy results and their combined result, finds
the actions to be triggered and returns.
examples:
>>> pdp.takeDecision()['Value'].keys()
['singlePolicyResults', 'policyCombinedResult', 'decisionParams']
>>> pdp.takeDecision()['Value']['singlePolicyResults']
[ { 'Status' : 'Active',
'Reason' : 'blah',
'Policy' : { 'name' : 'AlwaysActiveForResource',
'type' : 'AlwaysActive',
'module' : 'AlwaysActivePolicy',
'description' : 'This is the AlwaysActive policy'
'command' : None,
'args' : {}
}
}, ... ]
>>> pdp.takeDecision()['Value']['policyCombinedResult']
{ 'Status' : 'Active',
'Reason' : 'blah ###',
'PolicyAction' : [ ( 'policyActionName1', 'policyActionType1' ), ... ]
}
:return: S_OK( { 'singlePolicyResults' : `list`,
'policyCombinedResult' : `dict`,
'decisionParams' : `dict` } ) / S_ERROR
"""
if self.decisionParams is None:
return S_OK({
'singlePolicyResults': [],
'policyCombinedResult': {},
'decisionParams': self.decisionParams
})
self.log.verbose("Taking decision")
# Policies..................................................................
# Get policies that match self.decisionParams
policiesThatApply = getPoliciesThatApply(self.decisionParams)
if not policiesThatApply['OK']:
return policiesThatApply
policiesThatApply = policiesThatApply['Value']
self.log.verbose("Policies that apply: %s" %
', '.join([po['name'] for po in policiesThatApply]))
# Evaluate policies
singlePolicyResults = self._runPolicies(policiesThatApply)
if not singlePolicyResults['OK']:
return singlePolicyResults
singlePolicyResults = singlePolicyResults['Value']
self.log.verbose("Single policy results: %s" % singlePolicyResults)
# Combine policies and get most penalizing status ( see RSSMachine )
policyCombinedResults = self._combineSinglePolicyResults(
singlePolicyResults)
if not policyCombinedResults['OK']:
return policyCombinedResults
policyCombinedResults = policyCombinedResults['Value']
self.log.verbose("Combined policy result: %s" % policyCombinedResults)
# Actions...................................................................
policyActionsThatApply = getPolicyActionsThatApply(
self.decisionParams, singlePolicyResults, policyCombinedResults)
if not policyActionsThatApply['OK']:
return policyActionsThatApply
policyActionsThatApply = policyActionsThatApply['Value']
self.log.verbose("Policy actions that apply: %s" %
','.join(pata[0] for pata in policyActionsThatApply))
policyCombinedResults['PolicyAction'] = policyActionsThatApply
return S_OK({
'singlePolicyResults': singlePolicyResults,
'policyCombinedResult': policyCombinedResults,
'decisionParams': self.decisionParams
})
def takeDecision( self ):
""" main PDP method which does all the work. If firstly finds all the policies
defined in the CS that match <self.decisionParams> and runs them. Once it has
all the singlePolicyResults, it combines them. Next step is action discovery:
using a similar approach to the one used to discover the policies, but also
taking into account the single policy results and their combined result, finds
the actions to be triggered and returns.
examples:
>>> pdp.takeDecision()['Value'].keys()
['singlePolicyResults', 'policyCombinedResult', 'decisionParams']
>>> pdp.takeDecision()['Value']['singlePolicyResults']
[ { 'Status' : 'Active',
'Reason' : 'blah',
'Policy' : { 'name' : 'AlwaysActiveForResource',
'type' : 'AlwaysActive',
'module' : 'AlwaysActivePolicy',
'description' : 'This is the AlwaysActive policy'
'command' : None,
'args' : {}
}
}, ... ]
>>> pdp.takeDecision()['Value']['policyCombinedResult']
{ 'Status' : 'Active',
'Reason' : 'blah ###',
'PolicyAction' : [ ( 'policyActionName1', 'policyActionType1' ), ... ]
}
:return: S_OK( { 'singlePolicyResults' : `list`,
'policyCombinedResult' : `dict`,
'decisionParams' : `dict` } ) / S_ERROR
"""
if self.decisionParams is None:
return S_OK( {'singlePolicyResults' : [],
'policyCombinedResult' : {},
'decisionParams' : self.decisionParams} )
self.log.verbose( "Taking decision" )
# Policies..................................................................
# Get policies that match self.decisionParams
policiesThatApply = getPoliciesThatApply( self.decisionParams )
if not policiesThatApply['OK']:
return policiesThatApply
policiesThatApply = policiesThatApply['Value']
self.log.verbose( "Policies that apply: %s" % ', '.join( [po['name'] for po in policiesThatApply] ) )
# Evaluate policies
singlePolicyResults = self._runPolicies( policiesThatApply )
if not singlePolicyResults['OK']:
return singlePolicyResults
singlePolicyResults = singlePolicyResults['Value']
self.log.verbose( "Single policy results: %s" % singlePolicyResults )
# Combine policies and get most penalizing status ( see RSSMachine )
policyCombinedResults = self._combineSinglePolicyResults( singlePolicyResults )
if not policyCombinedResults['OK']:
return policyCombinedResults
policyCombinedResults = policyCombinedResults['Value']
self.log.verbose( "Combined policy result: %s" % policyCombinedResults )
# Actions...................................................................
policyActionsThatApply = getPolicyActionsThatApply( self.decisionParams,
singlePolicyResults,
policyCombinedResults )
if not policyActionsThatApply['OK']:
return policyActionsThatApply
policyActionsThatApply = policyActionsThatApply['Value']
self.log.verbose( "Policy actions that apply: %s" % ','.join( pata[0] for pata in policyActionsThatApply ) )
policyCombinedResults['PolicyAction'] = policyActionsThatApply
return S_OK( {'singlePolicyResults' : singlePolicyResults,
'policyCombinedResult' : policyCombinedResults,
'decisionParams' : self.decisionParams} )
