Esempio n. 1
0
def _set_policy(data, context):
    new_policy = Policy()
    new_policy.ParseFromString(data)

    if not new_policy.entries:
        raise InvalidTransaction("Atleast one entry must be in a policy.")

    if not new_policy.name:
        raise InvalidTransaction("The name must be set in a policy.")

    # check entries in the policy
    for entry in new_policy.entries:
        if not entry.key:
            raise InvalidTransaction("Every policy entry must have a key.")

    address = _get_policy_address(new_policy.name)
    entries_list = _get_data(address, context)

    policy_list = PolicyList()
    policies = []

    if entries_list != []:
        policy_list.ParseFromString(entries_list[0].data)

        # sort all roles by using sorted(roles, policy.name)
        # if a policy with the same name exists, replace that policy
        policies = [
            x for x in policy_list.policies if x.name != new_policy.name
        ]
        policies.append(new_policy)
        policies = sorted(policies, key=lambda role: role.name)
    else:
        policies.append(new_policy)

    address = _get_policy_address(new_policy.name)

    # Store policy in a PolicyList incase of hash collisions
    new_policy_list = PolicyList(policies=policies)
    addresses = context.set_state([
        StateEntry(address=address, data=new_policy_list.SerializeToString())
    ])

    if not addresses:
        LOGGER.warning('Failed to set policy %s at %s', new_policy.name,
                       address)
        raise InternalError('Unable to save policy {}'.format(new_policy.name))

    context.add_event(event_type="identity_update",
                      attributes=[("updated", new_policy.name)])
    LOGGER.debug("Set policy : \n%s", new_policy)
 def create_policy_transaction(self, name, rules):
     rules_list = rules.split("\n")
     entries = []
     for rule in rules_list:
         rule = rule.split(" ")
         if rule[0] == "PERMIT_KEY":
             entry = Policy.Entry(type=Policy.PERMIT_KEY, key=rule[1])
             entries.append(entry)
         elif rule[0] == "DENY_KEY":
             entry = Policy.Entry(type=Policy.DENY_KEY, key=rule[1])
             entries.append(entry)
     policy = Policy(name=name, entries=entries)
     payload = IdentityPayload(type=IdentityPayload.POLICY,
                               data=policy.SerializeToString())
     return self._create_tp_process_request(payload)
 def create_set_policy_request(self, name, rules=None):
     rules_list = rules.split("\n")
     entries = []
     for rule in rules_list:
         rule = rule.split(" ")
         if rule[0] == "PERMIT_KEY":
             entry = Policy.Entry(type=Policy.PERMIT_KEY, key=rule[1])
             entries.append(entry)
         elif rule[0] == "DENY_KEY":
             entry = Policy.Entry(type=Policy.DENY_KEY, key=rule[1])
             entries.append(entry)
     policy = Policy(name=name, entries=entries)
     policy_list = PolicyList(policies=[policy])
     return self._factory.create_set_request(
         {self._policy_to_address(name): policy_list.SerializeToString()})
Esempio n. 4
0
    def _create_tp_process_request(self, payload):
        inputs = []
        outputs = []
        if payload.type == IdentityPayload.ROLE:
            role = Role()
            role.ParseFromString(payload.data)
            inputs = [self._role_to_address(role.name),
                      self._policy_to_address(role.policy_name)]

            outputs = [self._role_to_address(role.name)]
        else:
            policy = Policy()
            policy.ParseFromString(payload.data)
            inputs = [self._policy_to_address(policy.name)]

            outputs = [self._role_to_address(policy.name)]

        return self._factory.create_tp_process_request(
            payload.SerializeToString(), inputs, outputs, [])