def test_get_uid(self):
pack_1_db = PackDB(ref='test_pack')
pack_2_db = PackDB(ref='examples')
self.assertEqual(pack_1_db.get_uid(), 'pack:test_pack')
self.assertEqual(pack_2_db.get_uid(), 'pack:examples')
action_1_db = ActionDB(pack='examples', name='my_action', ref='examples.my_action')
action_2_db = ActionDB(pack='core', name='local', ref='core.local')
self.assertEqual(action_1_db.get_uid(), 'action:examples:my_action')
self.assertEqual(action_2_db.get_uid(), 'action:core:local')
def test_get_uid(self):
pack_1_db = PackDB(ref='test_pack')
pack_2_db = PackDB(ref='examples')
self.assertEqual(pack_1_db.get_uid(), 'pack:test_pack')
self.assertEqual(pack_2_db.get_uid(), 'pack:examples')
action_1_db = ActionDB(pack='examples', name='my_action', ref='examples.my_action')
action_2_db = ActionDB(pack='core', name='local', ref='core.local')
self.assertEqual(action_1_db.get_uid(), 'action:examples:my_action')
self.assertEqual(action_2_db.get_uid(), 'action:core:local')
def test_get_uid(self):
pack_1_db = PackDB(ref="test_pack")
pack_2_db = PackDB(ref="examples")
self.assertEqual(pack_1_db.get_uid(), "pack:test_pack")
self.assertEqual(pack_2_db.get_uid(), "pack:examples")
action_1_db = ActionDB(pack="examples",
name="my_action",
ref="examples.my_action")
action_2_db = ActionDB(pack="core", name="local", ref="core.local")
self.assertEqual(action_1_db.get_uid(), "action:examples:my_action")
self.assertEqual(action_2_db.get_uid(), "action:core:local")
def test_get_uid(self):
pack_db = PackDB(ref='ma_pack')
self.assertEqual(pack_db.get_uid(), 'pack:ma_pack')
sensor_type_db = SensorTypeDB(name='sname', pack='spack')
self.assertEqual(sensor_type_db.get_uid(), 'sensor_type:spack:sname')
action_db = ActionDB(name='aname', pack='apack', runner_type={})
self.assertEqual(action_db.get_uid(), 'action:apack:aname')
rule_db = RuleDB(name='rname', pack='rpack')
self.assertEqual(rule_db.get_uid(), 'rule:rpack:rname')
trigger_type_db = TriggerTypeDB(name='ttname', pack='ttpack')
self.assertEqual(trigger_type_db.get_uid(), 'trigger_type:ttpack:ttname')
trigger_db = TriggerDB(name='tname', pack='tpack')
self.assertTrue(trigger_db.get_uid().startswith('trigger:tpack:tname:'))
# Verify that same set of parameters always results in the same hash
parameters = {'a': 1, 'b': 'unicode', 'c': [1, 2, 3], 'd': {'g': 1, 'h': 2}}
paramers_hash = json.dumps(parameters, sort_keys=True)
paramers_hash = hashlib.md5(paramers_hash).hexdigest()
parameters = {'a': 1, 'b': 'unicode', 'c': [1, 2, 3], 'd': {'g': 1, 'h': 2}}
trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))
parameters = {'c': [1, 2, 3], 'b': u'unicode', 'd': {'h': 2, 'g': 1}, 'a': 1}
trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))
parameters = {'b': u'unicode', 'c': [1, 2, 3], 'd': {'h': 2, 'g': 1}, 'a': 1}
trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))
parameters = OrderedDict({'c': [1, 2, 3], 'b': u'unicode', 'd': {'h': 2, 'g': 1}, 'a': 1})
trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))
policy_type_db = PolicyTypeDB(resource_type='action', name='concurrency')
self.assertEqual(policy_type_db.get_uid(), 'policy_type:action:concurrency')
policy_db = PolicyDB(pack='dummy', name='policy1')
self.assertEqual(policy_db.get_uid(), 'policy:dummy:policy1')
def test_get_uid(self):
pack_db = PackDB(ref='ma_pack')
self.assertEqual(pack_db.get_uid(), 'pack:ma_pack')
sensor_type_db = SensorTypeDB(name='sname', pack='spack')
self.assertEqual(sensor_type_db.get_uid(), 'sensor_type:spack:sname')
action_db = ActionDB(name='aname', pack='apack', runner_type={})
self.assertEqual(action_db.get_uid(), 'action:apack:aname')
rule_db = RuleDB(name='rname', pack='rpack')
self.assertEqual(rule_db.get_uid(), 'rule:rpack:rname')
trigger_type_db = TriggerTypeDB(name='ttname', pack='ttpack')
self.assertEqual(trigger_type_db.get_uid(), 'trigger_type:ttpack:ttname')
trigger_db = TriggerDB(name='tname', pack='tpack')
self.assertTrue(trigger_db.get_uid().startswith('trigger:tpack:tname:'))
def test_get_uid(self):
pack_db = PackDB(ref='ma_pack')
self.assertEqual(pack_db.get_uid(), 'pack:ma_pack')
sensor_type_db = SensorTypeDB(name='sname', pack='spack')
self.assertEqual(sensor_type_db.get_uid(), 'sensor_type:spack:sname')
action_db = ActionDB(name='aname', pack='apack', runner_type={})
self.assertEqual(action_db.get_uid(), 'action:apack:aname')
rule_db = RuleDB(name='rname', pack='rpack')
self.assertEqual(rule_db.get_uid(), 'rule:rpack:rname')
trigger_type_db = TriggerTypeDB(name='ttname', pack='ttpack')
self.assertEqual(trigger_type_db.get_uid(), 'trigger_type:ttpack:ttname')
trigger_db = TriggerDB(name='tname', pack='tpack')
self.assertTrue(trigger_db.get_uid().startswith('trigger:tpack:tname:'))
# Verify that same set of parameters always results in the same hash
parameters = {'a': 1, 'b': 2, 'c': [1, 2, 3], 'd': {'g': 1, 'h': 2}, 'b': u'unicode'}
paramers_hash = json.dumps(parameters, sort_keys=True)
paramers_hash = hashlib.md5(paramers_hash).hexdigest()
parameters = {'a': 1, 'b': 2, 'c': [1, 2, 3], 'b': u'unicode', 'd': {'g': 1, 'h': 2}}
trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))
parameters = {'c': [1, 2, 3], 'b': u'unicode', 'd': {'h': 2, 'g': 1}, 'a': 1}
trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))
parameters = {'b': u'unicode', 'c': [1, 2, 3], 'd': {'h': 2, 'g': 1}, 'a': 1}
trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))
parameters = OrderedDict({'c': [1, 2, 3], 'b': u'unicode', 'd': {'h': 2, 'g': 1}, 'a': 1})
trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))
def user_has_resource_db_permission(self, user_db, resource_db,
permission_type):
log_context = {
'user_db': user_db,
'resource_db': resource_db,
'permission_type': permission_type,
'resolver': self.__class__.__name__
}
self._log('Checking user resource permissions', extra=log_context)
# First check the system role permissions
has_system_role_permission = self._user_has_system_role_permission(
user_db=user_db, permission_type=permission_type)
if has_system_role_permission:
self._log('Found a matching grant via system role',
extra=log_context)
return True
# Check custom roles
action = resource_db['action']
# TODO: Add utility methods for constructing uids from parts
pack_db = PackDB(ref=action['pack'])
action_uid = action['uid']
action_pack_uid = pack_db.get_uid()
# Note: "action_execute" also grants / implies "execution_re_run" and "execution_stop"
if permission_type == PermissionType.EXECUTION_VIEW:
action_permission_type = PermissionType.ACTION_VIEW
elif permission_type in [
PermissionType.EXECUTION_RE_RUN, PermissionType.EXECUTION_STOP
]:
action_permission_type = PermissionType.ACTION_EXECUTE
elif permission_type == PermissionType.EXECUTION_ALL:
action_permission_type = PermissionType.ACTION_ALL
else:
raise ValueError('Invalid permission type: %s' % (permission_type))
# Check grants on the pack of the action to which execution belongs to
resource_types = [ResourceType.PACK]
permission_types = [PermissionType.ACTION_ALL, action_permission_type]
permission_grants = get_all_permission_grants_for_user(
user_db=user_db,
resource_uid=action_pack_uid,
resource_types=resource_types,
permission_types=permission_types)
if len(permission_grants) >= 1:
self._log('Found a grant on the execution action parent pack',
extra=log_context)
return True
# Check grants on the action the execution belongs to
resource_types = [ResourceType.ACTION]
permission_types = [PermissionType.ACTION_ALL, action_permission_type]
permission_grants = get_all_permission_grants_for_user(
user_db=user_db,
resource_uid=action_uid,
resource_types=resource_types,
permission_types=permission_types)
if len(permission_grants) >= 1:
self._log('Found a grant on the execution action',
extra=log_context)
return True
self._log('No matching grants found', extra=log_context)
return False
def user_has_resource_db_permission(self, user_db, resource_db,
permission_type):
log_context = {
'user_db': user_db,
'resource_db': resource_db,
'permission_type': permission_type,
'resolver': self.__class__.__name__
}
self._log('Checking user resource permissions', extra=log_context)
# First check the system role permissions
has_system_role_permission = self._user_has_system_role_permission(
user_db=user_db, permission_type=permission_type)
if has_system_role_permission:
self._log('Found a matching grant via system role',
extra=log_context)
return True
# Check custom roles
rule_spec = getattr(resource_db, 'rule', None)
rule_uid = rule_spec.uid
rule_id = rule_spec.id
rule_pack = ResourceReference.get_pack(rule_spec.ref)
if not rule_uid or not rule_id or not rule_pack:
LOG.error(
'Rule UID or ID or PACK not present in enforcement object. ' +
('UID = %s, ID = %s, PACK = %s' %
(rule_uid, rule_id, rule_pack)) +
'Cannot assess access permissions without it. Defaulting to DENY.'
)
return False
# TODO: Add utility methods for constructing uids from parts
pack_db = PackDB(ref=rule_pack)
rule_pack_uid = pack_db.get_uid()
rule_permission_type = None
if permission_type == PermissionType.RULE_ENFORCEMENT_VIEW:
rule_permission_type = PermissionType.RULE_VIEW
elif permission_type == PermissionType.RULE_ENFORCEMENT_LIST:
rule_permission_type = PermissionType.RULE_LIST
else:
raise ValueError('Invalid permission type: %s' % (permission_type))
permission_types = [PermissionType.RULE_ALL, rule_permission_type]
view_permission_type = PermissionType.get_permission_type(
resource_type=ResourceType.RULE, permission_name='view')
if rule_permission_type == view_permission_type:
permission_types = (
RulePermissionsResolver.view_grant_permission_types[:] +
[rule_permission_type])
# Check grants on the pack of the rule to which enforcement belongs to
resource_types = [ResourceType.PACK]
permission_grants = get_all_permission_grants_for_user(
user_db=user_db,
resource_uid=rule_pack_uid,
resource_types=resource_types,
permission_types=permission_types)
if len(permission_grants) >= 1:
self._log('Found a grant on the enforcement rule parent pack',
extra=log_context)
return True
# Check grants on the rule the enforcement belongs to
resource_types = [ResourceType.RULE]
permission_grants = get_all_permission_grants_for_user(
user_db=user_db,
resource_uid=rule_uid,
resource_types=resource_types,
permission_types=permission_types)
if len(permission_grants) >= 1:
self._log('Found a grant on the enforcement\'s rule.',
extra=log_context)
return True
self._log('No matching grants found', extra=log_context)
return False
def user_has_resource_db_permission(self, user_db, resource_db, permission_type):
log_context = {
'user_db': user_db,
'resource_db': resource_db,
'permission_type': permission_type,
'resolver': self.__class__.__name__
}
self._log('Checking user resource permissions', extra=log_context)
# First check the system role permissions
has_system_role_permission = self._user_has_system_role_permission(
user_db=user_db, permission_type=permission_type)
if has_system_role_permission:
self._log('Found a matching grant via system role', extra=log_context)
return True
# Check custom roles
action = resource_db['action']
# TODO: Add utility methods for constructing uids from parts
pack_db = PackDB(ref=action['pack'])
action_uid = action['uid']
action_pack_uid = pack_db.get_uid()
# Note: "action_execute" also grants / implies "execution_re_run" and "execution_stop"
if permission_type == PermissionType.EXECUTION_VIEW:
action_permission_type = PermissionType.ACTION_VIEW
elif permission_type in [PermissionType.EXECUTION_RE_RUN,
PermissionType.EXECUTION_STOP]:
action_permission_type = PermissionType.ACTION_EXECUTE
elif permission_type == PermissionType.EXECUTION_ALL:
action_permission_type = PermissionType.ACTION_ALL
else:
raise ValueError('Invalid permission type: %s' % (permission_type))
# Check grants on the pack of the action to which execution belongs to
resource_types = [ResourceType.PACK]
permission_types = [PermissionType.ACTION_ALL, action_permission_type]
permission_grants = get_all_permission_grants_for_user(user_db=user_db,
resource_uid=action_pack_uid,
resource_types=resource_types,
permission_types=permission_types)
if len(permission_grants) >= 1:
self._log('Found a grant on the execution action parent pack', extra=log_context)
return True
# Check grants on the action the execution belongs to
resource_types = [ResourceType.ACTION]
permission_types = [PermissionType.ACTION_ALL, action_permission_type]
permission_grants = get_all_permission_grants_for_user(user_db=user_db,
resource_uid=action_uid,
resource_types=resource_types,
permission_types=permission_types)
if len(permission_grants) >= 1:
self._log('Found a grant on the execution action', extra=log_context)
return True
self._log('No matching grants found', extra=log_context)
return False
def test_get_uid(self):
pack_db = PackDB(ref="ma_pack")
self.assertEqual(pack_db.get_uid(), "pack:ma_pack")
self.assertTrue(pack_db.has_valid_uid())
sensor_type_db = SensorTypeDB(name="sname", pack="spack")
self.assertEqual(sensor_type_db.get_uid(), "sensor_type:spack:sname")
self.assertTrue(sensor_type_db.has_valid_uid())
action_db = ActionDB(name="aname", pack="apack", runner_type={})
self.assertEqual(action_db.get_uid(), "action:apack:aname")
self.assertTrue(action_db.has_valid_uid())
rule_db = RuleDB(name="rname", pack="rpack")
self.assertEqual(rule_db.get_uid(), "rule:rpack:rname")
self.assertTrue(rule_db.has_valid_uid())
trigger_type_db = TriggerTypeDB(name="ttname", pack="ttpack")
self.assertEqual(trigger_type_db.get_uid(), "trigger_type:ttpack:ttname")
self.assertTrue(trigger_type_db.has_valid_uid())
trigger_db = TriggerDB(name="tname", pack="tpack")
self.assertTrue(trigger_db.get_uid().startswith("trigger:tpack:tname:"))
# Verify that same set of parameters always results in the same hash
parameters = {"a": 1, "b": "unicode", "c": [1, 2, 3], "d": {"g": 1, "h": 2}}
paramers_hash = json.dumps(parameters, sort_keys=True)
paramers_hash = hashlib.md5(paramers_hash.encode()).hexdigest()
parameters = {"a": 1, "b": "unicode", "c": [1, 2, 3], "d": {"g": 1, "h": 2}}
trigger_db = TriggerDB(name="tname", pack="tpack", parameters=parameters)
self.assertEqual(
trigger_db.get_uid(), "trigger:tpack:tname:%s" % (paramers_hash)
)
self.assertTrue(trigger_db.has_valid_uid())
parameters = {"c": [1, 2, 3], "b": "unicode", "d": {"h": 2, "g": 1}, "a": 1}
trigger_db = TriggerDB(name="tname", pack="tpack", parameters=parameters)
self.assertEqual(
trigger_db.get_uid(), "trigger:tpack:tname:%s" % (paramers_hash)
)
self.assertTrue(trigger_db.has_valid_uid())
parameters = {"b": "unicode", "c": [1, 2, 3], "d": {"h": 2, "g": 1}, "a": 1}
trigger_db = TriggerDB(name="tname", pack="tpack", parameters=parameters)
self.assertEqual(
trigger_db.get_uid(), "trigger:tpack:tname:%s" % (paramers_hash)
)
self.assertTrue(trigger_db.has_valid_uid())
parameters = OrderedDict(
{"c": [1, 2, 3], "b": "unicode", "d": {"h": 2, "g": 1}, "a": 1}
)
trigger_db = TriggerDB(name="tname", pack="tpack", parameters=parameters)
self.assertEqual(
trigger_db.get_uid(), "trigger:tpack:tname:%s" % (paramers_hash)
)
self.assertTrue(trigger_db.has_valid_uid())
policy_type_db = PolicyTypeDB(resource_type="action", name="concurrency")
self.assertEqual(policy_type_db.get_uid(), "policy_type:action:concurrency")
self.assertTrue(policy_type_db.has_valid_uid())
policy_db = PolicyDB(pack="dummy", name="policy1")
self.assertEqual(policy_db.get_uid(), "policy:dummy:policy1")
api_key_db = ApiKeyDB(key_hash="valid")
self.assertEqual(api_key_db.get_uid(), "api_key:valid")
self.assertTrue(api_key_db.has_valid_uid())
api_key_db = ApiKeyDB()
self.assertEqual(api_key_db.get_uid(), "api_key:")
self.assertFalse(api_key_db.has_valid_uid())
def test_get_uid(self):
pack_db = PackDB(ref='ma_pack')
self.assertEqual(pack_db.get_uid(), 'pack:ma_pack')
self.assertTrue(pack_db.has_valid_uid())
sensor_type_db = SensorTypeDB(name='sname', pack='spack')
self.assertEqual(sensor_type_db.get_uid(), 'sensor_type:spack:sname')
self.assertTrue(sensor_type_db.has_valid_uid())
action_db = ActionDB(name='aname', pack='apack', runner_type={})
self.assertEqual(action_db.get_uid(), 'action:apack:aname')
self.assertTrue(action_db.has_valid_uid())
rule_db = RuleDB(name='rname', pack='rpack')
self.assertEqual(rule_db.get_uid(), 'rule:rpack:rname')
self.assertTrue(rule_db.has_valid_uid())
trigger_type_db = TriggerTypeDB(name='ttname', pack='ttpack')
self.assertEqual(trigger_type_db.get_uid(), 'trigger_type:ttpack:ttname')
self.assertTrue(trigger_type_db.has_valid_uid())
trigger_db = TriggerDB(name='tname', pack='tpack')
self.assertTrue(trigger_db.get_uid().startswith('trigger:tpack:tname:'))
# Verify that same set of parameters always results in the same hash
parameters = {'a': 1, 'b': 'unicode', 'c': [1, 2, 3], 'd': {'g': 1, 'h': 2}}
paramers_hash = json.dumps(parameters, sort_keys=True)
paramers_hash = hashlib.md5(paramers_hash.encode()).hexdigest()
parameters = {'a': 1, 'b': 'unicode', 'c': [1, 2, 3], 'd': {'g': 1, 'h': 2}}
trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))
self.assertTrue(trigger_db.has_valid_uid())
parameters = {'c': [1, 2, 3], 'b': u'unicode', 'd': {'h': 2, 'g': 1}, 'a': 1}
trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))
self.assertTrue(trigger_db.has_valid_uid())
parameters = {'b': u'unicode', 'c': [1, 2, 3], 'd': {'h': 2, 'g': 1}, 'a': 1}
trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))
self.assertTrue(trigger_db.has_valid_uid())
parameters = OrderedDict({'c': [1, 2, 3], 'b': u'unicode', 'd': {'h': 2, 'g': 1}, 'a': 1})
trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))
self.assertTrue(trigger_db.has_valid_uid())
policy_type_db = PolicyTypeDB(resource_type='action', name='concurrency')
self.assertEqual(policy_type_db.get_uid(), 'policy_type:action:concurrency')
self.assertTrue(policy_type_db.has_valid_uid())
policy_db = PolicyDB(pack='dummy', name='policy1')
self.assertEqual(policy_db.get_uid(), 'policy:dummy:policy1')
api_key_db = ApiKeyDB(key_hash='valid')
self.assertEqual(api_key_db.get_uid(), 'api_key:valid')
self.assertTrue(api_key_db.has_valid_uid())
api_key_db = ApiKeyDB()
self.assertEqual(api_key_db.get_uid(), 'api_key:')
self.assertFalse(api_key_db.has_valid_uid())
def user_has_resource_db_permission(self, user_db, resource_db, permission_type):
log_context = {
'user_db': user_db,
'resource_db': resource_db,
'permission_type': permission_type,
'resolver': self.__class__.__name__
}
self._log('Checking user resource permissions', extra=log_context)
# First check the system role permissions
has_system_role_permission = self._user_has_system_role_permission(
user_db=user_db, permission_type=permission_type)
if has_system_role_permission:
self._log('Found a matching grant via system role', extra=log_context)
return True
# Check custom roles
rule_spec = getattr(resource_db, 'rule', None)
rule_uid = rule_spec.uid
rule_id = rule_spec.id
rule_pack = ResourceReference.get_pack(rule_spec.ref)
if not rule_uid or not rule_id or not rule_pack:
LOG.error('Rule UID or ID or PACK not present in enforcement object. ' +
('UID = %s, ID = %s, PACK = %s' % (rule_uid, rule_id, rule_pack)) +
'Cannot assess access permissions without it. Defaulting to DENY.')
return False
# TODO: Add utility methods for constructing uids from parts
pack_db = PackDB(ref=rule_pack)
rule_pack_uid = pack_db.get_uid()
rule_permission_type = None
if permission_type == PermissionType.RULE_ENFORCEMENT_VIEW:
rule_permission_type = PermissionType.RULE_VIEW
elif permission_type == PermissionType.RULE_ENFORCEMENT_LIST:
rule_permission_type = PermissionType.RULE_LIST
else:
raise ValueError('Invalid permission type: %s' % (permission_type))
permission_types = [PermissionType.RULE_ALL, rule_permission_type]
view_permission_type = PermissionType.get_permission_type(resource_type=ResourceType.RULE,
permission_name='view')
if rule_permission_type == view_permission_type:
permission_types = (RulePermissionsResolver.view_grant_permission_types[:] +
[rule_permission_type])
# Check grants on the pack of the rule to which enforcement belongs to
resource_types = [ResourceType.PACK]
permission_grants = get_all_permission_grants_for_user(user_db=user_db,
resource_uid=rule_pack_uid,
resource_types=resource_types,
permission_types=permission_types)
if len(permission_grants) >= 1:
self._log('Found a grant on the enforcement rule parent pack', extra=log_context)
return True
# Check grants on the rule the enforcement belongs to
resource_types = [ResourceType.RULE]
permission_grants = get_all_permission_grants_for_user(user_db=user_db,
resource_uid=rule_uid,
resource_types=resource_types,
permission_types=permission_types)
if len(permission_grants) >= 1:
self._log('Found a grant on the enforcement\'s rule.', extra=log_context)
return True
self._log('No matching grants found', extra=log_context)
return False
