def _import_meta_rules(self, json_meta_rules):
logger.info("Input meta rules : {}".format(json_meta_rules))
for json_meta_rule in json_meta_rules:
json_to_use = dict()
JsonUtils.copy_field_if_exists(json_meta_rule, json_to_use, "name",
str)
JsonUtils.copy_field_if_exists(json_meta_rule, json_to_use,
"description", str)
JsonUtils.convert_names_to_ids(json_meta_rule, json_to_use,
"subject_categories",
"subject_categories",
"subject_category", ModelManager,
self._user_id)
JsonUtils.convert_names_to_ids(json_meta_rule, json_to_use,
"object_categories",
"object_categories",
"object_category", ModelManager,
self._user_id)
JsonUtils.convert_names_to_ids(json_meta_rule, json_to_use,
"action_categories",
"action_categories",
"action_category", ModelManager,
self._user_id)
logger.debug("Adding / updating a metarule from json {}".format(
json_meta_rule))
meta_rule = ModelManager.add_meta_rule(self._user_id,
meta_rule_id=None,
value=json_to_use)
logger.debug("Added / updated meta rule : {}".format(meta_rule))
def _export_meta_rules(self, json_content):
meta_rules = ModelManager.get_meta_rules(self._user_id)
meta_rules_array = []
# logger.info(meta_rules)
for meta_rule_key in meta_rules:
# logger.info(meta_rules[meta_rule_key])
meta_rule_dict = dict()
JsonUtils.copy_field_if_exists(meta_rules[meta_rule_key],
meta_rule_dict, "name", str)
JsonUtils.copy_field_if_exists(meta_rules[meta_rule_key],
meta_rule_dict, "description", str)
JsonUtils.convert_ids_to_names(
meta_rules[meta_rule_key]["subject_categories"],
meta_rule_dict, "subject_categories", "subject_category",
ModelManager, self._user_id)
JsonUtils.convert_ids_to_names(
meta_rules[meta_rule_key]["object_categories"], meta_rule_dict,
"object_categories", "object_category", ModelManager,
self._user_id)
JsonUtils.convert_ids_to_names(
meta_rules[meta_rule_key]["action_categories"], meta_rule_dict,
"action_categories", "action_category", ModelManager,
self._user_id)
logger.info("Exporting meta rule {}".format(meta_rule_dict))
meta_rules_array.append(meta_rule_dict)
if len(meta_rules_array) > 0:
json_content['meta_rules'] = meta_rules_array
def _export_rules(self, json_content):
policies = PolicyManager.get_policies(self._user_id)
rules_array = []
for policy_key in policies:
rules = PolicyManager.get_rules(self._user_id, policy_key)
rules = rules["rules"]
# logger.info(rules)
for rule in rules:
rule_dict = dict()
JsonUtils.copy_field_if_exists(rule, rule_dict, "instructions",
dict)
JsonUtils.copy_field_if_exists(rule, rule_dict, "enabled",
True)
JsonUtils.convert_id_to_name(rule["meta_rule_id"], rule_dict,
"meta_rule", "meta_rule",
ModelManager, self._user_id)
JsonUtils.convert_id_to_name(policy_key, rule_dict, "policy",
"policy", PolicyManager,
self._user_id)
ids = rule["rule"]
rule_description = dict()
meta_rule = ModelManager.get_meta_rules(
self._user_id, rule["meta_rule_id"])
meta_rule = [v for v in meta_rule.values()]
meta_rule = meta_rule[0]
index_subject_data = len(meta_rule["subject_categories"]) - 1
index_object_data = len(meta_rule["subject_categories"]) + len(
meta_rule["object_categories"]) - 1
index_action_data = len(meta_rule["subject_categories"]) + len(
meta_rule["object_categories"]) + len(
meta_rule["action_categories"]) - 1
ids_subject_data = [ids[0]] if len(
meta_rule["subject_categories"]
) == 1 else ids[0:index_subject_data]
ids_object_data = [ids[index_object_data]] if len(
meta_rule["object_categories"]
) == 1 else ids[index_subject_data + 1:index_object_data]
ids_action_date = [ids[index_action_data]] if len(
meta_rule["action_categories"]
) == 1 else ids[index_object_data + 1:index_action_data]
JsonUtils.convert_ids_to_names(ids_subject_data,
rule_description,
"subject_data", "subject_data",
PolicyManager, self._user_id,
policy_key)
JsonUtils.convert_ids_to_names(ids_object_data,
rule_description, "object_data",
"object_data", PolicyManager,
self._user_id, policy_key)
JsonUtils.convert_ids_to_names(ids_action_date,
rule_description, "action_data",
"action_data", PolicyManager,
self._user_id, policy_key)
rule_dict["rule"] = rule_description
rules_array.append(rule_dict)
if len(rules_array) > 0:
json_content['rules'] = rules_array
def _export_models(self, json_content):
models = ModelManager.get_models(self._user_id)
models_array = []
for model_key in models:
model = dict()
JsonUtils.copy_field_if_exists(models[model_key], model, "name",
str)
JsonUtils.copy_field_if_exists(models[model_key], model,
"description", str)
# logger.info(models[model_key]["meta_rules"])
JsonUtils.convert_ids_to_names(models[model_key]["meta_rules"],
model, "meta_rules", "meta_rule",
ModelManager, self._user_id)
logger.info("Exporting model {}".format(model))
models_array.append(model)
if len(models_array) > 0:
json_content["models"] = models_array
def _import_subject_object_action_categories(self, json_item_categories,
type_element):
import_method = getattr(ModelManager,
'add_' + type_element + '_category')
get_method = getattr(ModelManager,
'get_' + type_element + '_categories')
categories = get_method(self._user_id)
if not isinstance(json_item_categories, list):
raise InvalidJson(type_element + " categories shall be a list!")
for json_item_category in json_item_categories:
json_to_use = dict()
JsonUtils.copy_field_if_exists(json_item_category, json_to_use,
"name", str)
# check if category with the same name exists : do this in moondb ?
existing_id = None
for category_key in categories:
if categories[category_key]["name"] == json_to_use["name"]:
existing_id = category_key
JsonUtils.copy_field_if_exists(json_item_category, json_to_use,
"description", str)
item_override = JsonUtils.get_override(json_item_category)
if item_override is True:
raise ForbiddenOverride(
"{} categories do not support override flag !".format(
type_element))
try:
category = import_method(self._user_id, existing_id,
json_to_use)
except (exceptions.SubjectCategoryExisting,
exceptions.ObjectCategoryExisting,
exceptions.ActionCategoryExisting):
# it already exists: do nothing
logger.warning(
"Ignored {} category with name {} is already in the database"
.format(type_element, json_to_use["name"]))
except Exception as e:
logger.warning(
"Error while importing the category : {}".format(str(e)))
logger.exception(str(e))
raise e
def _export_subject_object_action_categories(self, type_element,
json_content):
export_method = getattr(ModelManager,
'get_' + type_element + '_categories')
element_categories = export_method(self._user_id)
element_categories_array = []
for element_category_key in element_categories:
element_category = dict()
JsonUtils.copy_field_if_exists(
element_categories[element_category_key], element_category,
"name", str)
JsonUtils.copy_field_if_exists(
element_categories[element_category_key], element_category,
"description", str)
element_categories_array.append(element_category)
logger.info("Exporting {} category {}".format(
type_element, element_category))
if len(element_categories_array) > 0:
json_content[type_element +
'_categories'] = element_categories_array
def _import_models_without_new_meta_rules(self, json_models):
if not isinstance(json_models, list):
raise InvalidJson("models shall be a list!")
for json_model in json_models:
json_without_new_metarules = dict()
JsonUtils.copy_field_if_exists(json_model,
json_without_new_metarules, "name",
str)
# TODO put this in moondb
# model_in_db = ModelManager.get_models_by_name(json_without_new_metarules["name"])
models = ModelManager.get_models(self._user_id)
model_in_db = None
for model_key in models:
if models[model_key]["name"] == json_without_new_metarules[
"name"]:
model_in_db = models[model_key]
model_id = model_key
# end TODO
JsonUtils.copy_field_if_exists(json_model,
json_without_new_metarules,
"description", str)
if model_in_db is None:
model_does_exist = False
else:
json_without_new_metarules["meta_rules"] = model_in_db[
"meta_rules"]
model_does_exist = True
model_override = JsonUtils.get_override(json_model)
if not model_does_exist:
logger.debug(
"Creating model {} ".format(json_without_new_metarules))
ModelManager.add_model(self._user_id, None,
json_without_new_metarules)
elif model_override is True:
logger.debug("Updating model with id {} : {} ".format(
model_id, json_without_new_metarules))
ModelManager.update_model(self._user_id, model_id,
json_without_new_metarules)
def _export_subject_object_action(self, type_element, json_content):
export_method = getattr(PolicyManager, 'get_' + type_element + 's')
policies = PolicyManager.get_policies(self._user_id)
element_dict = dict()
elements_array = []
for policy_key in policies:
elements = export_method(self._user_id, policy_key)
for element_key in elements:
# logger.info("Exporting {}".format(elements[element_key]))
element = dict()
JsonUtils.copy_field_if_exists(elements[element_key], element,
"name", str)
JsonUtils.copy_field_if_exists(elements[element_key], element,
"description", str)
JsonUtils.copy_field_if_exists(elements[element_key], element,
"extra", dict)
if element["name"] not in element_dict:
element["policies"] = []
element_dict[element["name"]] = element
current_element = element_dict[element["name"]]
current_element["policies"].append({
"name":
JsonUtils.convert_id_to_name_string(
policy_key, "policy", PolicyManager, self._user_id)
})
for key in element_dict:
logger.info("Exporting {} {}".format(type_element,
element_dict[key]))
elements_array.append(element_dict[key])
if len(elements_array) > 0:
json_content[type_element + 's'] = elements_array
def _export_subject_object_action_datas(self, type_element, json_content):
export_method_data = getattr(PolicyManager,
'get_' + type_element + '_data')
policies = PolicyManager.get_policies(self._user_id)
element_datas_array = []
for policy_key in policies:
datas = export_method_data(self._user_id, policy_key)
# logger.info("data found : {}".format(datas))
for data_group in datas:
policy_id = data_group["policy_id"]
category_id = data_group["category_id"]
# logger.info(data_group["data"])
for data_key in data_group["data"]:
data_dict = dict()
if type_element == 'subject':
JsonUtils.copy_field_if_exists(
data_group["data"][data_key], data_dict, "name",
str)
JsonUtils.copy_field_if_exists(
data_group["data"][data_key], data_dict,
"description", str)
else:
JsonUtils.copy_field_if_exists(
data_group["data"][data_key], data_dict, "name",
str)
JsonUtils.copy_field_if_exists(
data_group["data"][data_key], data_dict,
"description", str)
JsonUtils.convert_id_to_name(policy_id, data_dict,
"policy", "policy",
PolicyManager, self._user_id)
JsonUtils.convert_id_to_name(category_id, data_dict,
"category",
type_element + "_category",
ModelManager, self._user_id,
policy_key)
logger.info("Exporting {} data {}".format(
type_element, data_dict))
element_datas_array.append(data_dict)
if len(element_datas_array) > 0:
json_content[type_element + '_data'] = element_datas_array
def _import_pdps(self, json_pdps):
if not isinstance(json_pdps, list):
raise InvalidJson("pdps shall be a list!")
for json_pdp in json_pdps:
json_to_use = dict()
JsonUtils.copy_field_if_exists(json_pdp, json_to_use, "name", str)
JsonUtils.copy_field_if_exists(json_pdp, json_to_use,
"keystone_project_id", str)
JsonUtils.copy_field_if_exists(json_pdp, json_to_use,
"security_pipeline", list)
JsonUtils.copy_field_if_exists(json_pdp, json_to_use,
"description", str)
pdps = PDPManager.get_pdp(self._user_id)
exists = False
for pdp_key in pdps:
if pdps[pdp_key]["name"] == json_to_use["name"]:
PDPManager.update_pdp(self._user_id,
pdp_id=pdp_key,
value=json_to_use)
exists = True
if exists is False:
PDPManager.add_pdp(self._user_id, value=json_to_use)
def _export_policies(self, json_content):
policies = PolicyManager.get_policies(self._user_id)
policies_array = []
for policy_key in policies:
policy = dict()
JsonUtils.copy_field_if_exists(policies[policy_key], policy,
"name", str)
JsonUtils.copy_field_if_exists(policies[policy_key], policy,
"genre", str)
JsonUtils.copy_field_if_exists(policies[policy_key], policy,
"description", str)
JsonUtils.convert_id_to_name(policies[policy_key]["model_id"],
policy, "model", "model",
ModelManager, self._user_id)
logger.info("Exporting policy {}".format(policy))
policies_array.append(policy)
if len(policies_array) > 0:
json_content["policies"] = policies_array
def _import_rules(self, json_rules):
if not isinstance(json_rules, list):
raise InvalidJson("rules shall be a list!")
for json_rule in json_rules:
json_to_use = dict()
JsonUtils.copy_field_if_exists(json_rule, json_to_use,
"instructions", str)
JsonUtils.copy_field_if_exists(json_rule,
json_to_use,
"enabled",
bool,
default_value=True)
json_ids = dict()
JsonUtils.convert_name_to_id(json_rule, json_ids, "policy",
"policy_id", "policy", PolicyManager,
self._user_id)
JsonUtils.convert_name_to_id(json_rule, json_to_use, "meta_rule",
"meta_rule_id", "meta_rule",
ModelManager, self._user_id)
json_subject_ids = dict()
json_object_ids = dict()
json_action_ids = dict()
JsonUtils.convert_names_to_ids(json_rule["rule"], json_subject_ids,
"subject_data", "subject",
"subject_data", PolicyManager,
self._user_id,
json_ids["policy_id"])
JsonUtils.convert_names_to_ids(json_rule["rule"], json_object_ids,
"object_data", "object",
"object_data", PolicyManager,
self._user_id,
json_ids["policy_id"])
JsonUtils.convert_names_to_ids(json_rule["rule"], json_action_ids,
"action_data", "action",
"action_data", PolicyManager,
self._user_id,
json_ids["policy_id"])
meta_rule = ModelManager.get_meta_rules(
self._user_id, json_to_use["meta_rule_id"])
meta_rule = [v for v in meta_rule.values()]
meta_rule = meta_rule[0]
json_to_use_rule = self._reorder_rules_ids(
json_rule, meta_rule["subject_categories"],
json_subject_ids["subject"], json_ids["policy_id"],
PolicyManager.get_subject_data)
json_to_use_rule = json_to_use_rule + self._reorder_rules_ids(
json_rule, meta_rule["object_categories"],
json_object_ids["object"], json_ids["policy_id"],
PolicyManager.get_object_data)
json_to_use_rule = json_to_use_rule + self._reorder_rules_ids(
json_rule, meta_rule["action_categories"],
json_action_ids["action"], json_ids["policy_id"],
PolicyManager.get_action_data)
json_to_use["rule"] = json_to_use_rule
try:
logger.debug("Adding / updating a rule from json {}".format(
json_to_use))
PolicyManager.add_rule(self._user_id, json_ids["policy_id"],
json_to_use["meta_rule_id"],
json_to_use)
except exceptions.RuleExisting:
pass
except exceptions.PolicyUnknown:
raise UnknownPolicy("Unknown policy with id {}".format(
json_ids["policy_id"]))
def _import_policies(self, json_policies):
policy_mandatory_ids = []
if not isinstance(json_policies, list):
raise InvalidJson("policies shall be a list!")
for json_policy in json_policies:
# TODO put this in moondb
# policy_in_db = PolicyManager.get_policies_by_name(json_without_model_name["name"])
policies = PolicyManager.get_policies(self._user_id)
policy_in_db = None
policy_id = None
for policy_key in policies:
if policies[policy_key]["name"] == json_policy["name"]:
policy_in_db = policies[policy_key]
policy_id = policy_key
# end TODO
if policy_in_db is None:
policy_does_exist = False
else:
policy_does_exist = True
policy_override = JsonUtils.get_override(json_policy)
policy_mandatory = JsonUtils.get_mandatory(json_policy)
if policy_override is False and policy_does_exist:
if policy_id:
policy_mandatory_ids.append(policy_id)
logger.warning(
"Existing policy not updated because of the override option is not set !"
)
continue
json_without_model_name = dict()
JsonUtils.copy_field_if_exists(json_policy,
json_without_model_name, "name",
str)
JsonUtils.copy_field_if_exists(json_policy,
json_without_model_name,
"description", str)
JsonUtils.copy_field_if_exists(json_policy,
json_without_model_name, "genre",
str)
JsonUtils.convert_name_to_id(json_policy,
json_without_model_name,
"model",
"model_id",
"model",
ModelManager,
self._user_id,
field_mandatory=False)
if not policy_does_exist:
logger.debug(
"Creating policy {} ".format(json_without_model_name))
added_policy = PolicyManager.add_policy(
self._user_id, None, json_without_model_name)
if policy_mandatory is True:
keys = list(added_policy.keys())
policy_mandatory_ids.append(keys[0])
elif policy_override is True:
logger.debug(
"Updating policy {} ".format(json_without_model_name))
updated_policy = PolicyManager.update_policy(
self._user_id, policy_id, json_without_model_name)
if policy_mandatory is True:
policy_mandatory_ids.append(policy_id)
return policy_mandatory_ids
def _import_subject_object_action(self, json_items, mandatory_policy_ids,
type_element):
import_method = getattr(PolicyManager, 'add_' + type_element)
get_method = getattr(PolicyManager, 'get_' + type_element + 's')
if not isinstance(json_items, list):
raise InvalidJson(type_element + " items shall be a list!")
for json_item in json_items:
json_without_policy_name = dict()
JsonUtils.copy_field_if_exists(json_item, json_without_policy_name,
"name", str)
JsonUtils.copy_field_if_exists(json_item, json_without_policy_name,
"description", str)
JsonUtils.copy_field_if_exists(json_item, json_without_policy_name,
"extra", dict)
JsonUtils.convert_names_to_ids(json_item,
json_without_policy_name,
"policies",
"policy_list",
"policy",
PolicyManager,
self._user_id,
field_mandatory=False)
policy_ids = json_without_policy_name["policy_list"]
for mandatory_policy_id in mandatory_policy_ids:
if mandatory_policy_id not in policy_ids:
policy_ids.append(mandatory_policy_id)
# policy_ids and json_without_policy_name are references to the same array...
# json_without_policy_name["policy_list"].append(mandatory_policy_id)
item_override = JsonUtils.get_override(json_item)
if item_override is True:
raise ForbiddenOverride(
"{} does not support override flag !".format(type_element))
if len(policy_ids) == 0:
raise MissingPolicy(
"a {} needs at least one policy to be created or updated : {}"
.format(type_element, json.dumps(json_item)))
for policy_id in policy_ids:
try:
items_in_db = get_method(self._user_id, policy_id)
key = None
for key_in_db in items_in_db:
if items_in_db[key_in_db][
"name"] == json_without_policy_name["name"]:
key = key_in_db
break
element = import_method(self._user_id,
policy_id,
perimeter_id=key,
value=json_without_policy_name)
logger.debug("Added / updated {} : {}".format(
type_element, element))
except exceptions.PolicyUnknown:
raise UnknownPolicy(
"Unknown policy when adding a {}!".format(
type_element))
except Exception as e:
logger.exception(str(e))
raise BaseException(str(e))
def _import_subject_object_action_datas(self, json_items_data,
mandatory_policy_ids,
type_element):
if type_element == "subject":
import_method = getattr(PolicyManager,
'set_' + type_element + '_data')
else:
import_method = getattr(PolicyManager,
'add_' + type_element + '_data')
# get_method = getattr(PolicyManager, 'get_' + type_element + '_data')
if not isinstance(json_items_data, list):
raise InvalidJson(type_element + " data shall be a list!")
for json_item_data in json_items_data:
item_override = JsonUtils.get_override(json_items_data)
if item_override is True:
raise ForbiddenOverride(
"{} datas do not support override flag !".format(
type_element))
json_to_use = dict()
JsonUtils.copy_field_if_exists(json_item_data, json_to_use, "name",
str)
JsonUtils.copy_field_if_exists(json_item_data, json_to_use,
"description", str)
json_policy = dict()
# field_mandatory : not mandatory if there is some mandatory policies
JsonUtils.convert_names_to_ids(
json_item_data,
json_policy,
"policies",
"policy_id",
"policy",
PolicyManager,
self._user_id,
field_mandatory=len(mandatory_policy_ids) == 0)
json_category = dict()
JsonUtils.convert_name_to_id(json_item_data, json_category,
"category", "category_id",
type_element + "_category",
ModelManager, self._user_id)
policy_ids = []
if "policy_id" in json_policy:
policy_ids = json_policy["policy_id"]
for policy_id in policy_ids:
if policy_id is not None and policy_id not in mandatory_policy_ids:
mandatory_policy_ids.append(policy_id)
if len(mandatory_policy_ids) == 0:
raise InvalidJson(
"Invalid data, the policy shall be set when importing {}".
format(json_item_data))
category_id = None
if "category_id" in json_category:
category_id = json_category["category_id"]
if category_id is None:
raise InvalidJson(
"Invalid data, the category shall be set when importing {}"
.format(json_item_data))
for policy_id in mandatory_policy_ids:
try:
data = import_method(self._user_id,
policy_id,
category_id=category_id,
value=json_to_use)
except exceptions.PolicyUnknown:
raise UnknownPolicy(
"Unknown policy with id {}".format(policy_id))
except Exception as e:
logger.exception(str(e))
raise e