def _import_models_with_new_meta_rules(self, json_models):
if not isinstance(json_models, list):
raise InvalidJson("models shall be a list!")
for json_model in json_models:
logger.debug("json_model {}".format(json_model))
models = ModelManager.get_models(self._user_id)
model_in_db = None
model_id = None
for model_key in models:
if ("id" in json_model and model_key == json_model["id"]) or (
"name" in json_model
and models[model_key]["name"] == json_model["name"]):
model_in_db = models[model_key]
model_id = model_key
# this should not occur as the model has been put in db previously in _import_models_without_new_meta_rules
if model_in_db is None:
raise UnknownModel("Unknown model ")
json_key = dict()
JsonUtils.convert_names_to_ids(json_model, json_key, "meta_rules",
"meta_rule_id", "meta_rule",
ModelManager, self._user_id)
for meta_rule_id in json_key["meta_rule_id"]:
if meta_rule_id not in model_in_db["meta_rules"]:
model_in_db["meta_rules"].append(meta_rule_id)
ModelManager.update_model(self._user_id, model_id, model_in_db)
def _import_meta_rules(self, json_meta_rules):
logger.info("Input meta rules : {}".format(json_meta_rules))
for json_meta_rule in json_meta_rules:
json_to_use = dict()
JsonUtils.copy_field_if_exists(json_meta_rule, json_to_use, "name",
str)
JsonUtils.copy_field_if_exists(json_meta_rule, json_to_use,
"description", str)
JsonUtils.convert_names_to_ids(json_meta_rule, json_to_use,
"subject_categories",
"subject_categories",
"subject_category", ModelManager,
self._user_id)
JsonUtils.convert_names_to_ids(json_meta_rule, json_to_use,
"object_categories",
"object_categories",
"object_category", ModelManager,
self._user_id)
JsonUtils.convert_names_to_ids(json_meta_rule, json_to_use,
"action_categories",
"action_categories",
"action_category", ModelManager,
self._user_id)
logger.debug("Adding / updating a metarule from json {}".format(
json_meta_rule))
meta_rule = ModelManager.add_meta_rule(self._user_id,
meta_rule_id=None,
value=json_to_use)
logger.debug("Added / updated meta rule : {}".format(meta_rule))
def _import_rules(self, json_rules):
if not isinstance(json_rules, list):
raise InvalidJson("rules shall be a list!")
for json_rule in json_rules:
json_to_use = dict()
JsonUtils.copy_field_if_exists(json_rule, json_to_use,
"instructions", str)
JsonUtils.copy_field_if_exists(json_rule,
json_to_use,
"enabled",
bool,
default_value=True)
json_ids = dict()
JsonUtils.convert_name_to_id(json_rule, json_ids, "policy",
"policy_id", "policy", PolicyManager,
self._user_id)
JsonUtils.convert_name_to_id(json_rule, json_to_use, "meta_rule",
"meta_rule_id", "meta_rule",
ModelManager, self._user_id)
json_subject_ids = dict()
json_object_ids = dict()
json_action_ids = dict()
JsonUtils.convert_names_to_ids(json_rule["rule"], json_subject_ids,
"subject_data", "subject",
"subject_data", PolicyManager,
self._user_id,
json_ids["policy_id"])
JsonUtils.convert_names_to_ids(json_rule["rule"], json_object_ids,
"object_data", "object",
"object_data", PolicyManager,
self._user_id,
json_ids["policy_id"])
JsonUtils.convert_names_to_ids(json_rule["rule"], json_action_ids,
"action_data", "action",
"action_data", PolicyManager,
self._user_id,
json_ids["policy_id"])
meta_rule = ModelManager.get_meta_rules(
self._user_id, json_to_use["meta_rule_id"])
meta_rule = [v for v in meta_rule.values()]
meta_rule = meta_rule[0]
json_to_use_rule = self._reorder_rules_ids(
json_rule, meta_rule["subject_categories"],
json_subject_ids["subject"], json_ids["policy_id"],
PolicyManager.get_subject_data)
json_to_use_rule = json_to_use_rule + self._reorder_rules_ids(
json_rule, meta_rule["object_categories"],
json_object_ids["object"], json_ids["policy_id"],
PolicyManager.get_object_data)
json_to_use_rule = json_to_use_rule + self._reorder_rules_ids(
json_rule, meta_rule["action_categories"],
json_action_ids["action"], json_ids["policy_id"],
PolicyManager.get_action_data)
json_to_use["rule"] = json_to_use_rule
try:
logger.debug("Adding / updating a rule from json {}".format(
json_to_use))
PolicyManager.add_rule(self._user_id, json_ids["policy_id"],
json_to_use["meta_rule_id"],
json_to_use)
except exceptions.RuleExisting:
pass
except exceptions.PolicyUnknown:
raise UnknownPolicy("Unknown policy with id {}".format(
json_ids["policy_id"]))
def _import_subject_object_action(self, json_items, mandatory_policy_ids,
type_element):
import_method = getattr(PolicyManager, 'add_' + type_element)
get_method = getattr(PolicyManager, 'get_' + type_element + 's')
if not isinstance(json_items, list):
raise InvalidJson(type_element + " items shall be a list!")
for json_item in json_items:
json_without_policy_name = dict()
JsonUtils.copy_field_if_exists(json_item, json_without_policy_name,
"name", str)
JsonUtils.copy_field_if_exists(json_item, json_without_policy_name,
"description", str)
JsonUtils.copy_field_if_exists(json_item, json_without_policy_name,
"extra", dict)
JsonUtils.convert_names_to_ids(json_item,
json_without_policy_name,
"policies",
"policy_list",
"policy",
PolicyManager,
self._user_id,
field_mandatory=False)
policy_ids = json_without_policy_name["policy_list"]
for mandatory_policy_id in mandatory_policy_ids:
if mandatory_policy_id not in policy_ids:
policy_ids.append(mandatory_policy_id)
# policy_ids and json_without_policy_name are references to the same array...
# json_without_policy_name["policy_list"].append(mandatory_policy_id)
item_override = JsonUtils.get_override(json_item)
if item_override is True:
raise ForbiddenOverride(
"{} does not support override flag !".format(type_element))
if len(policy_ids) == 0:
raise MissingPolicy(
"a {} needs at least one policy to be created or updated : {}"
.format(type_element, json.dumps(json_item)))
for policy_id in policy_ids:
try:
items_in_db = get_method(self._user_id, policy_id)
key = None
for key_in_db in items_in_db:
if items_in_db[key_in_db][
"name"] == json_without_policy_name["name"]:
key = key_in_db
break
element = import_method(self._user_id,
policy_id,
perimeter_id=key,
value=json_without_policy_name)
logger.debug("Added / updated {} : {}".format(
type_element, element))
except exceptions.PolicyUnknown:
raise UnknownPolicy(
"Unknown policy when adding a {}!".format(
type_element))
except Exception as e:
logger.exception(str(e))
raise BaseException(str(e))
def _import_subject_object_action_datas(self, json_items_data,
mandatory_policy_ids,
type_element):
if type_element == "subject":
import_method = getattr(PolicyManager,
'set_' + type_element + '_data')
else:
import_method = getattr(PolicyManager,
'add_' + type_element + '_data')
# get_method = getattr(PolicyManager, 'get_' + type_element + '_data')
if not isinstance(json_items_data, list):
raise InvalidJson(type_element + " data shall be a list!")
for json_item_data in json_items_data:
item_override = JsonUtils.get_override(json_items_data)
if item_override is True:
raise ForbiddenOverride(
"{} datas do not support override flag !".format(
type_element))
json_to_use = dict()
JsonUtils.copy_field_if_exists(json_item_data, json_to_use, "name",
str)
JsonUtils.copy_field_if_exists(json_item_data, json_to_use,
"description", str)
json_policy = dict()
# field_mandatory : not mandatory if there is some mandatory policies
JsonUtils.convert_names_to_ids(
json_item_data,
json_policy,
"policies",
"policy_id",
"policy",
PolicyManager,
self._user_id,
field_mandatory=len(mandatory_policy_ids) == 0)
json_category = dict()
JsonUtils.convert_name_to_id(json_item_data, json_category,
"category", "category_id",
type_element + "_category",
ModelManager, self._user_id)
policy_ids = []
if "policy_id" in json_policy:
policy_ids = json_policy["policy_id"]
for policy_id in policy_ids:
if policy_id is not None and policy_id not in mandatory_policy_ids:
mandatory_policy_ids.append(policy_id)
if len(mandatory_policy_ids) == 0:
raise InvalidJson(
"Invalid data, the policy shall be set when importing {}".
format(json_item_data))
category_id = None
if "category_id" in json_category:
category_id = json_category["category_id"]
if category_id is None:
raise InvalidJson(
"Invalid data, the category shall be set when importing {}"
.format(json_item_data))
for policy_id in mandatory_policy_ids:
try:
data = import_method(self._user_id,
policy_id,
category_id=category_id,
value=json_to_use)
except exceptions.PolicyUnknown:
raise UnknownPolicy(
"Unknown policy with id {}".format(policy_id))
except Exception as e:
logger.exception(str(e))
raise e
def _import_subject_object_action_assignments(self, json_item_assignments,
type_element):
import_method = getattr(PolicyManager,
'add_' + type_element + '_assignment')
get_method = getattr(PolicyManager, 'get_' + type_element + '_data')
if not isinstance(json_item_assignments, list):
raise InvalidJson(type_element + " assignments shall be a list!")
# get the policy id related to the user
policies = PolicyManager.get_policies(self._user_id)
for json_item_assignment in json_item_assignments:
item_override = JsonUtils.get_override(json_item_assignment)
if item_override is True:
raise ForbiddenOverride(
"{} assignments do not support override flag !".format(
type_element))
json_assignment = dict()
JsonUtils.convert_name_to_id(json_item_assignment, json_assignment,
"category", "category_id",
type_element + "_category",
ModelManager, self._user_id)
has_found_data = False
# loop over policies
for policy_id in policies:
json_data = dict()
try:
JsonUtils.convert_name_to_id(json_item_assignment,
json_assignment, type_element,
"id", type_element,
PolicyManager, self._user_id,
policy_id)
JsonUtils.convert_names_to_ids(
json_item_assignment, json_data, "assignments",
"data_id", type_element + "_data", PolicyManager,
self._user_id, policy_id,
json_assignment["category_id"])
has_found_data = True
except UnknownName:
# the category or data has not been found in this policy : we look into the next one
continue
for data_id in json_data["data_id"]:
# find the policy related to the current data
data = get_method(self._user_id, policy_id, data_id,
json_assignment["category_id"])
if data is not None and len(data) == 1:
logger.debug(
"Adding / updating a {} assignment from json {}".
format(type_element, json_assignment))
import_method(self._user_id, policy_id,
json_assignment["id"],
json_assignment["category_id"], data_id)
else:
raise UnknownData(
"Unknown data with id {}".format(data_id))
# case the data has not been found in any policies
if has_found_data is False:
raise InvalidJson(
"The json contains unknown {} data or category : {}".
format(type_element, json_item_assignment))