def _export_subject_object_action(self, type_element, json_content): export_method = getattr(PolicyManager, 'get_' + type_element + 's') policies = PolicyManager.get_policies(self._user_id) element_dict = dict() elements_array = [] for policy_key in policies: elements = export_method(self._user_id, policy_key) for element_key in elements: # logger.info("Exporting {}".format(elements[element_key])) element = dict() JsonUtils.copy_field_if_exists(elements[element_key], element, "name", str) JsonUtils.copy_field_if_exists(elements[element_key], element, "description", str) JsonUtils.copy_field_if_exists(elements[element_key], element, "extra", dict) if element["name"] not in element_dict: element["policies"] = [] element_dict[element["name"]] = element current_element = element_dict[element["name"]] current_element["policies"].append({ "name": JsonUtils.convert_id_to_name_string( policy_key, "policy", PolicyManager, self._user_id) }) for key in element_dict: logger.info("Exporting {} {}".format(type_element, element_dict[key])) elements_array.append(element_dict[key]) if len(elements_array) > 0: json_content[type_element + 's'] = elements_array
def add_pod(uuid, data): if not data.get("keystone_project_id"): return logger.info("Add a new pod {}".format(data)) if "pdp_id" not in data: data["pdp_id"] = uuid data['policies'] = PolicyManager.get_policies(user_id="admin") data['models'] = ModelManager.get_models(user_id="admin") conf = configuration.get_configuration("components/orchestrator") hostname = conf["components/orchestrator"].get("hostname", "orchestrator") port = conf["components/orchestrator"].get("port", 80) proto = conf["components/orchestrator"].get("protocol", "http") while True: try: req = requests.post( "{}://{}:{}/pods".format(proto, hostname, port), json=data, headers={"content-type": "application/json"}) except requests.exceptions.ConnectionError as e: logger.warning("add_pod: Orchestrator is not ready, standby...") logger.exception(e) time.sleep(1) else: break logger.info("Pod add request answer : {}".format(req.text))
def _export_subject_object_action_assignments(self, type_element, json_content): export_method_data = getattr(PolicyManager, 'get_' + type_element + '_assignments') policies = PolicyManager.get_policies(self._user_id) element_assignments_array = [] for policy_key in policies: assignments = export_method_data(self._user_id, policy_key) # logger.info(assignments) for assignment_key in assignments: assignment_dict = dict() JsonUtils.convert_id_to_name( assignments[assignment_key][type_element + "_id"], assignment_dict, type_element, type_element, PolicyManager, self._user_id, policy_key) JsonUtils.convert_id_to_name( assignments[assignment_key]["category_id"], assignment_dict, "category", type_element + "_category", ModelManager, self._user_id, policy_key) JsonUtils.convert_ids_to_names( assignments[assignment_key]["assignments"], assignment_dict, "assignments", type_element + "_data", PolicyManager, self._user_id, policy_key) element_assignments_array.append(assignment_dict) logger.info("Exporting {} assignment {}".format( type_element, assignment_dict)) if len(element_assignments_array) > 0: json_content[type_element + '_assignments'] = element_assignments_array
def _export_rules(self, json_content): policies = PolicyManager.get_policies(self._user_id) rules_array = [] for policy_key in policies: rules = PolicyManager.get_rules(self._user_id, policy_key) rules = rules["rules"] # logger.info(rules) for rule in rules: rule_dict = dict() JsonUtils.copy_field_if_exists(rule, rule_dict, "instructions", dict) JsonUtils.copy_field_if_exists(rule, rule_dict, "enabled", True) JsonUtils.convert_id_to_name(rule["meta_rule_id"], rule_dict, "meta_rule", "meta_rule", ModelManager, self._user_id) JsonUtils.convert_id_to_name(policy_key, rule_dict, "policy", "policy", PolicyManager, self._user_id) ids = rule["rule"] rule_description = dict() meta_rule = ModelManager.get_meta_rules( self._user_id, rule["meta_rule_id"]) meta_rule = [v for v in meta_rule.values()] meta_rule = meta_rule[0] index_subject_data = len(meta_rule["subject_categories"]) - 1 index_object_data = len(meta_rule["subject_categories"]) + len( meta_rule["object_categories"]) - 1 index_action_data = len(meta_rule["subject_categories"]) + len( meta_rule["object_categories"]) + len( meta_rule["action_categories"]) - 1 ids_subject_data = [ids[0]] if len( meta_rule["subject_categories"] ) == 1 else ids[0:index_subject_data] ids_object_data = [ids[index_object_data]] if len( meta_rule["object_categories"] ) == 1 else ids[index_subject_data + 1:index_object_data] ids_action_date = [ids[index_action_data]] if len( meta_rule["action_categories"] ) == 1 else ids[index_object_data + 1:index_action_data] JsonUtils.convert_ids_to_names(ids_subject_data, rule_description, "subject_data", "subject_data", PolicyManager, self._user_id, policy_key) JsonUtils.convert_ids_to_names(ids_object_data, rule_description, "object_data", "object_data", PolicyManager, self._user_id, policy_key) JsonUtils.convert_ids_to_names(ids_action_date, rule_description, "action_data", "action_data", PolicyManager, self._user_id, policy_key) rule_dict["rule"] = rule_description rules_array.append(rule_dict) if len(rules_array) > 0: json_content['rules'] = rules_array
def _export_policies(self, json_content): policies = PolicyManager.get_policies(self._user_id) policies_array = [] for policy_key in policies: policy = dict() JsonUtils.copy_field_if_exists(policies[policy_key], policy, "name", str) JsonUtils.copy_field_if_exists(policies[policy_key], policy, "genre", str) JsonUtils.copy_field_if_exists(policies[policy_key], policy, "description", str) JsonUtils.convert_id_to_name(policies[policy_key]["model_id"], policy, "model", "model", ModelManager, self._user_id) logger.info("Exporting policy {}".format(policy)) policies_array.append(policy) if len(policies_array) > 0: json_content["policies"] = policies_array
def _export_subject_object_action_datas(self, type_element, json_content): export_method_data = getattr(PolicyManager, 'get_' + type_element + '_data') policies = PolicyManager.get_policies(self._user_id) element_datas_array = [] for policy_key in policies: datas = export_method_data(self._user_id, policy_key) # logger.info("data found : {}".format(datas)) for data_group in datas: policy_id = data_group["policy_id"] category_id = data_group["category_id"] # logger.info(data_group["data"]) for data_key in data_group["data"]: data_dict = dict() if type_element == 'subject': JsonUtils.copy_field_if_exists( data_group["data"][data_key], data_dict, "name", str) JsonUtils.copy_field_if_exists( data_group["data"][data_key], data_dict, "description", str) else: JsonUtils.copy_field_if_exists( data_group["data"][data_key], data_dict, "name", str) JsonUtils.copy_field_if_exists( data_group["data"][data_key], data_dict, "description", str) JsonUtils.convert_id_to_name(policy_id, data_dict, "policy", "policy", PolicyManager, self._user_id) JsonUtils.convert_id_to_name(category_id, data_dict, "category", type_element + "_category", ModelManager, self._user_id, policy_key) logger.info("Exporting {} data {}".format( type_element, data_dict)) element_datas_array.append(data_dict) if len(element_datas_array) > 0: json_content[type_element + '_data'] = element_datas_array
def get(self, uuid=None, user_id=None): """Retrieve all policies :param uuid: uuid of the policy :param user_id: user ID who do the request :return: { "policy_id1": { "name": "name of the policy (mandatory)", "model_id": "ID of the model linked to this policy", "genre": "authz of admin (optional, default to authz)", "description": "description of the policy (optional)", } } :internal_api: get_policies """ data = PolicyManager.get_policies(user_id=user_id, policy_id=uuid) return {"policies": data}
def get(self, uuid=None, user_id=None): """Retrieve all policies :param uuid: uuid of the policy :param user_id: user ID who do the request :return: { "policy_id1": { "name": "...", "model_id": "...", "genre": "...", "description": "...", } } :internal_api: get_policies """ try: data = PolicyManager.get_policies(user_id=user_id, policy_id=uuid) except Exception as e: logger.error(e, exc_info=True) return {"result": False, "error": str(e)}, 500 return {"policies": data}
def get_policies(): from python_moondb.core import PolicyManager return PolicyManager.get_policies("admin")
def _import_policies(self, json_policies): policy_mandatory_ids = [] if not isinstance(json_policies, list): raise InvalidJson("policies shall be a list!") for json_policy in json_policies: # TODO put this in moondb # policy_in_db = PolicyManager.get_policies_by_name(json_without_model_name["name"]) policies = PolicyManager.get_policies(self._user_id) policy_in_db = None policy_id = None for policy_key in policies: if policies[policy_key]["name"] == json_policy["name"]: policy_in_db = policies[policy_key] policy_id = policy_key # end TODO if policy_in_db is None: policy_does_exist = False else: policy_does_exist = True policy_override = JsonUtils.get_override(json_policy) policy_mandatory = JsonUtils.get_mandatory(json_policy) if policy_override is False and policy_does_exist: if policy_id: policy_mandatory_ids.append(policy_id) logger.warning( "Existing policy not updated because of the override option is not set !" ) continue json_without_model_name = dict() JsonUtils.copy_field_if_exists(json_policy, json_without_model_name, "name", str) JsonUtils.copy_field_if_exists(json_policy, json_without_model_name, "description", str) JsonUtils.copy_field_if_exists(json_policy, json_without_model_name, "genre", str) JsonUtils.convert_name_to_id(json_policy, json_without_model_name, "model", "model_id", "model", ModelManager, self._user_id, field_mandatory=False) if not policy_does_exist: logger.debug( "Creating policy {} ".format(json_without_model_name)) added_policy = PolicyManager.add_policy( self._user_id, None, json_without_model_name) if policy_mandatory is True: keys = list(added_policy.keys()) policy_mandatory_ids.append(keys[0]) elif policy_override is True: logger.debug( "Updating policy {} ".format(json_without_model_name)) updated_policy = PolicyManager.update_policy( self._user_id, policy_id, json_without_model_name) if policy_mandatory is True: policy_mandatory_ids.append(policy_id) return policy_mandatory_ids
def _import_subject_object_action_assignments(self, json_item_assignments, type_element): import_method = getattr(PolicyManager, 'add_' + type_element + '_assignment') get_method = getattr(PolicyManager, 'get_' + type_element + '_data') if not isinstance(json_item_assignments, list): raise InvalidJson(type_element + " assignments shall be a list!") # get the policy id related to the user policies = PolicyManager.get_policies(self._user_id) for json_item_assignment in json_item_assignments: item_override = JsonUtils.get_override(json_item_assignment) if item_override is True: raise ForbiddenOverride( "{} assignments do not support override flag !".format( type_element)) json_assignment = dict() JsonUtils.convert_name_to_id(json_item_assignment, json_assignment, "category", "category_id", type_element + "_category", ModelManager, self._user_id) has_found_data = False # loop over policies for policy_id in policies: json_data = dict() try: JsonUtils.convert_name_to_id(json_item_assignment, json_assignment, type_element, "id", type_element, PolicyManager, self._user_id, policy_id) JsonUtils.convert_names_to_ids( json_item_assignment, json_data, "assignments", "data_id", type_element + "_data", PolicyManager, self._user_id, policy_id, json_assignment["category_id"]) has_found_data = True except UnknownName: # the category or data has not been found in this policy : we look into the next one continue for data_id in json_data["data_id"]: # find the policy related to the current data data = get_method(self._user_id, policy_id, data_id, json_assignment["category_id"]) if data is not None and len(data) == 1: logger.debug( "Adding / updating a {} assignment from json {}". format(type_element, json_assignment)) import_method(self._user_id, policy_id, json_assignment["id"], json_assignment["category_id"], data_id) else: raise UnknownData( "Unknown data with id {}".format(data_id)) # case the data has not been found in any policies if has_found_data is False: raise InvalidJson( "The json contains unknown {} data or category : {}". format(type_element, json_item_assignment))