def __update_subject_assignments(self, policy_id, perimeter_id=None):
if perimeter_id:
response = requests.get("{}/policies/{}/subject_assignments/{}".format(
self.manager_url, policy_id, perimeter_id))
else:
response = requests.get("{}/policies/{}/subject_assignments".format(
self.manager_url, policy_id))
if 'subject_assignments' in response.json():
if policy_id not in self.subject_assignments:
self.__SUBJECT_ASSIGNMENTS[policy_id] = {}
self.__SUBJECT_ASSIGNMENTS[policy_id] = response.json()['subject_assignments']
else:
raise exceptions.SubjectAssignmentUnknown(
"Cannot find subject assignment within policy_id {}".format(policy_id))
def __update_action_categories(self):
response = requests.get("{}/policies/action_categories".format(self.manager_url))
if 'action_categories' in response.json():
self.__ACTION_CATEGORIES.update(response.json()['action_categories'])
else:
raise exceptions.ActionCategoryUnknown("Cannot find action category")
def __update_object_categories(self):
response = requests.get("{}/policies/object_categories".format(self.manager_url))
if 'object_categories' in response.json():
self.__OBJECT_CATEGORIES.update(response.json()['object_categories'])
else:
raise exceptions.ObjectCategoryUnknown("Cannot find object category")
def __update_action_assignments(self, policy_id, perimeter_id=None):
if perimeter_id:
response = requests.get("{}/policies/{}/action_assignments/{}".format(
self.manager_url, policy_id, perimeter_id))
else:
response = requests.get("{}/policies/{}/action_assignments".format(
self.manager_url, policy_id))
if 'action_assignments' in response.json():
if policy_id not in self.__ACTION_ASSIGNMENTS:
self.__ACTION_ASSIGNMENTS[policy_id] = {}
self.__ACTION_ASSIGNMENTS[policy_id] = response.json()['action_assignments']
else:
raise exceptions.ActionAssignmentUnknown(
"Cannot find action assignment within policy_id {}".format(policy_id))
def __update_meta_rules(self):
response = requests.get("{}/meta_rules".format(self.manager_url))
if 'meta_rules' in response.json():
self.__META_RULES = response.json()['meta_rules']
else:
raise exceptions.MetaRuleUnknown("Cannot find meta rules")
def __update_actions(self, policy_id):
response = requests.get("{}/policies/{}/actions".format(self.manager_url, policy_id))
if 'actions' in response.json():
self.__ACTIONS[policy_id] = response.json()['actions']
else:
raise exceptions.ActionUnknown("Cannot find action within policy_id {}".format(policy_id))
def get_configuration(key):
url = "http://{}:{}/v1/kv/{}".format(CONSUL_HOST, CONSUL_PORT, key)
req = requests.get(url)
if req.status_code != 200:
logger.error("url={}".format(url))
raise exceptions.ConsulComponentNotFound("error={}: {}".format(
req.status_code, req.text))
data = req.json()
if len(data) == 1:
data = data[0]
if all(k in data for k in ("Key", "Value")):
return {
data["Key"]:
json.loads(base64.b64decode(data["Value"]).decode("utf-8"))
}
raise exceptions.ConsulComponentContentError("error={}".format(data))
else:
for item in data:
if not all(k in item for k in ("Key", "Value")):
logger.warning("invalidate content {}".format(item))
raise exceptions.ConsulComponentContentError(
"error={}".format(data))
return [{
item["Key"]:
json.loads(base64.b64decode(item["Value"]).decode("utf-8"))
} for item in data]
def get_components():
url = "http://{}:{}/v1/kv/components?recurse=true".format(
CONSUL_HOST, CONSUL_PORT)
req = requests.get(url)
if req.status_code != 200:
logger.info("url={}".format(url))
raise exceptions.ConsulError
data = req.json()
if len(data) == 1:
data = data[0]
if all(k in data for k in ("Key", "Value")):
return {
data["Key"].replace("components/", ""):
json.loads(base64.b64decode(data["Value"]).decode("utf-8"))
}
raise exceptions.ConsulComponentContentError("error={}".format(data))
else:
for item in data:
if not all(k in item for k in ("Key", "Value")):
logger.warning("invalidate content {}".format(item))
raise exceptions.ConsulComponentContentError(
"error={}".format(data))
return {
item["Key"].replace("components/", ""):
json.loads(base64.b64decode(item["Value"]).decode("utf-8"))
for item in data
}
def __update_models(self):
response = requests.get("{}/models".format(self.manager_url))
models = response.json()
if 'models' in models:
for key, value in models["models"].items():
self.__MODELS[key] = value
else:
raise exceptions.ModelNotFound("Cannot find 'models' key")
def __update_policies(self):
response = requests.get("{}/policies".format(self.manager_url))
policies = response.json()
if 'policies' in policies:
for key, value in policies["policies"].items():
self.__POLICIES[key] = value
else:
raise exceptions.PolicytNotFound("Cannot find 'policies' key")
def __update_container(self):
response = requests.get("{}/pods".format(self.orchestrator_url))
pods = response.json()
if "pods" in pods:
for key, value in pods["pods"].items():
# if key not in self.__CONTAINERS:
self.__CONTAINERS[key] = value
# else:
# for container in value:
# self.__CONTAINERS[key].update(value)
else:
raise exceptions.PodError("Cannot find 'pods' key")
def __update_rules(self):
for policy_id in self.policies:
logger.debug("Get {}".format("{}/policies/{}/rules".format(
self.manager_url, policy_id)))
response = requests.get("{}/policies/{}/rules".format(
self.manager_url, policy_id))
if 'rules' in response.json():
self.__RULES[policy_id] = response.json()['rules']
else:
logger.warning(" no 'rules' found within policy_id: {}".format(policy_id))
logger.debug("UPDATE RULES {}".format(self.__RULES))
def __update_pdp(self):
response = requests.get("{}/pdp".format(self.manager_url))
pdp = response.json()
if 'pdps' in pdp:
for _pdp in pdp["pdps"].values():
if "keystone_project_id" in _pdp and _pdp['keystone_project_id'] not in self.container_chaining:
self.__CONTAINER_CHAINING[_pdp['keystone_project_id']] = {}
# Note (asteroide): force update of chaining
self.__update_container_chaining(_pdp['keystone_project_id'])
for key, value in pdp["pdps"].items():
self.__PDP[key] = value
else:
raise exceptions.PdpError("Cannot find 'pdps' key")
def __update_subjects(self, policy_id):
response = requests.get("{}/policies/{}/subjects".format(self.manager_url, policy_id))
if 'subjects' in response.json():
self.__SUBJECTS[policy_id] = response.json()['subjects']
else:
raise exceptions.SubjectUnknown("Cannot find subject within policy_id {}".format(policy_id))
