def new_getPolicy(param, only_active=True):
'''
Function to retrieve the list of policies.
attributes:
- name: (optional) will only return the policy with the name
- user: (optional) will only return the policies for this user
- realm: (optional) will only return the policies of this realm
- scope: (optional) will only return the policies within this scope
- action: (optional) will only return the policies with this action
The action can also be something like "otppin" and will
return policies containing "otppin = 2"
:return: a dictionary with the policies. The name of the policy being
the key
'''
#
# filter the policies with the new engine
policy_elve = PolicyEvaluator(get_policies())
#
# install the filters
policy_elve.set_filters(params=param)
#
# add the special filter for activ or inactive policies
if only_active:
policy_elve.filter_for_active(state=True)
if (('user' in param and param['user'] is not None)
or ('action' in param and param['action'] is not None)):
policy_elve.filter_for_time()
#
# finally we apply the filter
new_pols = policy_elve.evaluate()
return new_pols
def new_getPolicy(param, only_active=True):
'''
Function to retrieve the list of policies.
attributes:
- name: (optional) will only return the policy with the name
- user: (optional) will only return the policies for this user
- realm: (optional) will only return the policies of this realm
- scope: (optional) will only return the policies within this scope
- action: (optional) will only return the policies with this action
The action can also be something like "otppin" and will
return policies containing "otppin = 2"
:return: a dictionary with the policies. The name of the policy being
the key
'''
#
# filter the policies with the new engine
policy_elve = PolicyEvaluator(get_policies())
#
# install the filters
policy_elve.set_filters(params=param)
#
# add the special filter for activ or inactive policies
if only_active:
policy_elve.filter_for_active(state=True)
if (('user' in param and param['user'] is not None) or
('action' in param and param['action'] is not None)):
policy_elve.filter_for_time()
#
# finally we apply the filter
new_pols = policy_elve.evaluate()
return new_pols
def _getAuthorization(scope, action):
"""
This internal function returns the Authrorizaition within some
the scope=system(or audit, monitoring, tools). for the currently
authenticated administrativ user.
This does not take into account the REALMS!
arguments:
action - this is the action
scope = system/audit/monitoring/tools
read
write
returns:
a dictionary with the following keys:
active (if policies are used)
admin (the name of the authenticated admin user)
auth (True if admin is authorized for this action)
"""
active = True
auth = False
policy_elve = PolicyEvaluator(get_policies())
p_at_all = policy_elve.has_policy({"scope": scope})
if len(p_at_all) == 0:
LOG.info(
"No policies in scope %s found. Checking "
"of scope %s be disabled.",
scope,
scope,
)
active = False
auth = True
# TODO: We may change this later to other authentication schemes
LOG.debug("[getAuthorization] now getting the admin user name")
admin_user = _getAuthenticatedUser()
LOG.debug("Evaluating policies for the user: %r", admin_user)
param = {"user": admin_user, "scope": scope, "action": action}
policies = policy_elve.set_filters(param).evaluate(policy_set=p_at_all)
LOG.debug("Found the following policies: %r", policies)
if len(list(policies.keys())) > 0:
auth = True
return {"active": active, "auth": auth, "admin": admin_user}
def new_getAuthorization(scope, action):
"""
This internal function returns the Authrorizaition within some
the scope=system(or audit, monitoring, tools). for the currently
authenticated administrativ user.
This does not take into account the REALMS!
arguments:
action - this is the action
scope = system/audit/monitoring/tools
read
write
returns:
a dictionary with the following keys:
active (if policies are used)
admin (the name of the authenticated admin user)
auth (True if admin is authorized for this action)
"""
active = True
auth = False
policy_elve = PolicyEvaluator(get_policies())
p_at_all = policy_elve.has_policy({'scope': scope})
if len(p_at_all) == 0:
LOG.info("No policies in scope %s found. Checking "
"of scope %s be disabled.", scope, scope)
active = False
auth = True
# TODO: We may change this later to other authentication schemes
LOG.debug("[getAuthorization] now getting the admin user name")
admin_user = _getAuthenticatedUser()
LOG.debug("Evaluating policies for the user: %s", admin_user['login'])
param = {'user': admin_user['login'],
'scope': scope,
'action': action}
policies = policy_elve.set_filters(param).evaluate(policy_set=p_at_all)
LOG.debug("Found the following policies: %r", policies)
if len(policies.keys()) > 0:
auth = True
return {'active': active,
'auth': auth,
'admin': admin_user['login']}
