def _set_policy(data, context):
new_policy = Policy()
new_policy.ParseFromString(data)
if not new_policy.entries:
raise InvalidTransaction("Atleast one entry must be in a policy.")
if not new_policy.name:
raise InvalidTransaction("The name must be set in a policy.")
# check entries in the policy
for entry in new_policy.entries:
if not entry.key:
raise InvalidTransaction("Every policy entry must have a key.")
address = _get_policy_address(new_policy.name)
entries_list = _get_data(address, context)
policy_list = PolicyList()
policies = []
if entries_list != []:
policy_list.ParseFromString(entries_list[0].data)
# sort all roles by using sorted(roles, policy.name)
# if a policy with the same name exists, replace that policy
policies = [
x for x in policy_list.policies if x.name != new_policy.name
]
policies.append(new_policy)
policies = sorted(policies, key=lambda role: role.name)
else:
policies.append(new_policy)
address = _get_policy_address(new_policy.name)
# Store policy in a PolicyList incase of hash collisions
new_policy_list = PolicyList(policies=policies)
addresses = context.set_state([
StateEntry(address=address, data=new_policy_list.SerializeToString())
])
if not addresses:
LOGGER.warning('Failed to set policy %s at %s', new_policy.name,
address)
raise InternalError('Unable to save policy {}'.format(new_policy.name))
context.add_event(event_type="identity_update",
attributes=[("updated", new_policy.name)])
LOGGER.debug("Set policy : \n%s", new_policy)
def create_policy_transaction(self, name, rules):
rules_list = rules.split("\n")
entries = []
for rule in rules_list:
rule = rule.split(" ")
if rule[0] == "PERMIT_KEY":
entry = Policy.Entry(type=Policy.PERMIT_KEY, key=rule[1])
entries.append(entry)
elif rule[0] == "DENY_KEY":
entry = Policy.Entry(type=Policy.DENY_KEY, key=rule[1])
entries.append(entry)
policy = Policy(name=name, entries=entries)
payload = IdentityPayload(type=IdentityPayload.POLICY,
data=policy.SerializeToString())
return self._create_tp_process_request(payload)
def create_set_policy_request(self, name, rules=None):
rules_list = rules.split("\n")
entries = []
for rule in rules_list:
rule = rule.split(" ")
if rule[0] == "PERMIT_KEY":
entry = Policy.Entry(type=Policy.PERMIT_KEY, key=rule[1])
entries.append(entry)
elif rule[0] == "DENY_KEY":
entry = Policy.Entry(type=Policy.DENY_KEY, key=rule[1])
entries.append(entry)
policy = Policy(name=name, entries=entries)
policy_list = PolicyList(policies=[policy])
return self._factory.create_set_request(
{self._policy_to_address(name): policy_list.SerializeToString()})
def _create_tp_process_request(self, payload):
inputs = []
outputs = []
if payload.type == IdentityPayload.ROLE:
role = Role()
role.ParseFromString(payload.data)
inputs = [self._role_to_address(role.name),
self._policy_to_address(role.policy_name)]
outputs = [self._role_to_address(role.name)]
else:
policy = Policy()
policy.ParseFromString(payload.data)
inputs = [self._policy_to_address(policy.name)]
outputs = [self._role_to_address(policy.name)]
return self._factory.create_tp_process_request(
payload.SerializeToString(), inputs, outputs, [])
