def _load_rules(self): try: conf_file = CONF.find_file(CONF.property_protection_file) CONFIG.read(conf_file) except Exception as e: msg = (_("Couldn't find property protection file %s:%s.") % (CONF.property_protection_file, e)) LOG.error(msg) raise exception.InvalidPropertyProtectionConfiguration() if self.prop_prot_rule_format not in ['policies', 'roles']: msg = _("Invalid value '%s' for 'property_protection_rule_format'" ". The permitted values are 'roles' and 'policies'" % self.prop_prot_rule_format) LOG.error(msg) raise exception.InvalidPropertyProtectionConfiguration() operations = ['create', 'read', 'update', 'delete'] properties = CONFIG.sections() for property_exp in properties: property_dict = {} compiled_rule = self._compile_rule(property_exp) for operation in operations: permissions = CONFIG.get(property_exp, operation) if permissions: if self.prop_prot_rule_format == 'policies': if ',' in permissions: msg = _("Multiple policies '%s' not allowed for a" " given operation. Policies can be " "combined in the policy file" % permissions) LOG.error(msg) raise exception.\ InvalidPropertyProtectionConfiguration() self.prop_exp_mapping[compiled_rule] = property_exp self._add_policy_rules(property_exp, operation, permissions) permissions = [permissions] else: permissions = [ permission.strip() for permission in permissions.split(',') ] property_dict[operation] = permissions else: property_dict[operation] = [] msg = _(('Property protection on operation %s for rule ' '%s is not found. No role will be allowed to ' 'perform this operation.' % (operation, property_exp))) LOG.warn(msg) self.rules.append((compiled_rule, property_dict))
def _compile_rule(self, rule): try: return re.compile(rule) except Exception as e: msg = (_("Encountered a malformed property protection rule %s:%s.") % (rule, e)) LOG.error(msg) raise exception.InvalidPropertyProtectionConfiguration()