def _set_role(data, context): role = Role() role.ParseFromString(data) if not role.name: raise InvalidTransaction("The name must be set in a role") if not role.policy_name: raise InvalidTransaction("A role must contain a policy name.") # Check that the policy refernced exists policy_address = _get_policy_address(role.policy_name) entries_list = _get_data(policy_address, context) if entries_list == []: raise InvalidTransaction( "Cannot set Role: {}, the Policy: {} is not set.".format( role.name, role.policy_name)) else: policy_list = PolicyList() policy_list.ParseFromString(entries_list[0].data) exist = False for policy in policy_list.policies: if policy.name == role.policy_name: exist = True break if not exist: raise InvalidTransaction( "Cannot set Role {}, the Policy {} is not set.".format( role.name, role.policy_name)) address = _get_role_address(role.name) entries_list = _get_data(address, context) # Store role in a Roleist incase of hash collisions role_list = RoleList() if entries_list != []: role_list.ParseFromString(entries_list[0].data) # sort all roles by using sorted(roles, Role.name) roles = [x for x in role_list.roles if x.name != role.name] roles.append(role) roles = sorted(roles, key=lambda role: role.name) # set RoleList at the address above. addresses = context.set_state([ StateEntry(address=address, data=RoleList(roles=roles).SerializeToString()) ]) if not addresses: LOGGER.warning('Failed to set role %s at %s', role.name, address) raise InternalError('Unable to save role {}'.format(role.name)) context.add_event(event_type="identity_update", attributes=[("updated", role.name)]) LOGGER.debug("Set role: \n%s", role)
def create_set_policy_request(self, name, rules=None): rules_list = rules.split("\n") entries = [] for rule in rules_list: rule = rule.split(" ") if rule[0] == "PERMIT_KEY": entry = Policy.Entry(type=Policy.PERMIT_KEY, key=rule[1]) entries.append(entry) elif rule[0] == "DENY_KEY": entry = Policy.Entry(type=Policy.DENY_KEY, key=rule[1]) entries.append(entry) policy = Policy(name=name, entries=entries) policy_list = PolicyList(policies=[policy]) return self._factory.create_set_request( {self._policy_to_address(name): policy_list.SerializeToString()})
def _set_policy(data, context): new_policy = Policy() new_policy.ParseFromString(data) if not new_policy.entries: raise InvalidTransaction("Atleast one entry must be in a policy.") if not new_policy.name: raise InvalidTransaction("The name must be set in a policy.") # check entries in the policy for entry in new_policy.entries: if not entry.key: raise InvalidTransaction("Every policy entry must have a key.") address = _get_policy_address(new_policy.name) entries_list = _get_data(address, context) policy_list = PolicyList() policies = [] if entries_list != []: policy_list.ParseFromString(entries_list[0].data) # sort all roles by using sorted(roles, policy.name) # if a policy with the same name exists, replace that policy policies = [ x for x in policy_list.policies if x.name != new_policy.name ] policies.append(new_policy) policies = sorted(policies, key=lambda role: role.name) else: policies.append(new_policy) address = _get_policy_address(new_policy.name) # Store policy in a PolicyList incase of hash collisions new_policy_list = PolicyList(policies=policies) addresses = context.set_state([ StateEntry(address=address, data=new_policy_list.SerializeToString()) ]) if not addresses: LOGGER.warning('Failed to set policy %s at %s', new_policy.name, address) raise InternalError('Unable to save policy {}'.format(new_policy.name)) context.add_event(event_type="identity_update", attributes=[("updated", new_policy.name)]) LOGGER.debug("Set policy : \n%s", new_policy)