def _set_policy(data, context):
new_policy = Policy()
new_policy.ParseFromString(data)
if not new_policy.entries:
raise InvalidTransaction("Atleast one entry must be in a policy.")
if not new_policy.name:
raise InvalidTransaction("The name must be set in a policy.")
# check entries in the policy
for entry in new_policy.entries:
if not entry.key:
raise InvalidTransaction("Every policy entry must have a key.")
address = _get_policy_address(new_policy.name)
entries_list = _get_data(address, context)
policy_list = PolicyList()
policies = []
if entries_list != []:
policy_list.ParseFromString(entries_list[0].data)
# sort all roles by using sorted(roles, policy.name)
# if a policy with the same name exists, replace that policy
policies = [
x for x in policy_list.policies if x.name != new_policy.name
]
policies.append(new_policy)
policies = sorted(policies, key=lambda role: role.name)
else:
policies.append(new_policy)
address = _get_policy_address(new_policy.name)
# Store policy in a PolicyList incase of hash collisions
new_policy_list = PolicyList(policies=policies)
addresses = context.set_state([
StateEntry(address=address, data=new_policy_list.SerializeToString())
])
if not addresses:
LOGGER.warning('Failed to set policy %s at %s', new_policy.name,
address)
raise InternalError('Unable to save policy {}'.format(new_policy.name))
context.add_event(event_type="identity_update",
attributes=[("updated", new_policy.name)])
LOGGER.debug("Set policy : \n%s", new_policy)
def _set_role(data, context):
role = Role()
role.ParseFromString(data)
if not role.name:
raise InvalidTransaction("The name must be set in a role")
if not role.policy_name:
raise InvalidTransaction("A role must contain a policy name.")
# Check that the policy refernced exists
policy_address = _get_policy_address(role.policy_name)
entries_list = _get_data(policy_address, context)
if entries_list == []:
raise InvalidTransaction(
"Cannot set Role: {}, the Policy: {} is not set.".format(
role.name, role.policy_name))
else:
policy_list = PolicyList()
policy_list.ParseFromString(entries_list[0].data)
exist = False
for policy in policy_list.policies:
if policy.name == role.policy_name:
exist = True
break
if not exist:
raise InvalidTransaction(
"Cannot set Role {}, the Policy {} is not set.".format(
role.name, role.policy_name))
address = _get_role_address(role.name)
entries_list = _get_data(address, context)
# Store role in a Roleist incase of hash collisions
role_list = RoleList()
if entries_list != []:
role_list.ParseFromString(entries_list[0].data)
# sort all roles by using sorted(roles, Role.name)
roles = [x for x in role_list.roles if x.name != role.name]
roles.append(role)
roles = sorted(roles, key=lambda role: role.name)
# set RoleList at the address above.
addresses = context.set_state([
StateEntry(address=address,
data=RoleList(roles=roles).SerializeToString())
])
if not addresses:
LOGGER.warning('Failed to set role %s at %s', role.name, address)
raise InternalError('Unable to save role {}'.format(role.name))
context.add_event(event_type="identity_update",
attributes=[("updated", role.name)])
LOGGER.debug("Set role: \n%s", role)
def create_set_policy_request(self, name, rules=None):
rules_list = rules.split("\n")
entries = []
for rule in rules_list:
rule = rule.split(" ")
if rule[0] == "PERMIT_KEY":
entry = Policy.Entry(type=Policy.PERMIT_KEY, key=rule[1])
entries.append(entry)
elif rule[0] == "DENY_KEY":
entry = Policy.Entry(type=Policy.DENY_KEY, key=rule[1])
entries.append(entry)
policy = Policy(name=name, entries=entries)
policy_list = PolicyList(policies=[policy])
return self._factory.create_set_request(
{self._policy_to_address(name): policy_list.SerializeToString()})