def get_meta_rule_ids_from_pdp_value(self, pdp_value): meta_rules = [] if "security_pipeline" in pdp_value: for policy_id in pdp_value["security_pipeline"]: if policy_id not in self.policies or "model_id" not in self.policies[policy_id]: raise exceptions.PolicyUnknown("Cannot find 'models' key") model_id = self.policies[policy_id]["model_id"] if model_id not in self.models or 'meta_rules' not in self.models[model_id]: raise exceptions.ModelNotFound("Cannot find 'models' key") for meta_rule in self.models[model_id]["meta_rules"]: meta_rules.append(meta_rule) return meta_rules raise exceptions.PdpContentError
def get_action_assignments(self, policy_id, perimeter_id, category_id): if not policy_id: raise exceptions.PolicyUnknown("Cannot find policy within policy_id {}".format(policy_id)) if policy_id not in self.action_assignments: self.__update_action_assignments(policy_id, perimeter_id) for key, value in self.action_assignments[policy_id].items(): if all(k in value for k in ("action_id", "category_id", "assignments")): if perimeter_id == value['action_id'] and category_id == value['category_id']: return value['assignments'] else: logger.warning("'action_id' or 'category_id' or'assignments'" " keys are not found in action_assignments") return []
def get_action(self, policy_id, name): if not policy_id: raise exceptions.PolicyUnknown("Cannot find policy within policy_id {}".format(policy_id)) if policy_id in self.actions: for _action_id, _action_dict in self.__ACTIONS[policy_id].items(): if _action_id == name or _action_dict.get("name") == name: return _action_id self.__update_actions(policy_id) for _action_id, _action_dict in self.__ACTIONS[policy_id].items(): if _action_id == name or _action_dict.get("name") == name: return _action_id raise exceptions.ActionUnknown("Cannot find action {}".format(name))
def get_subject(self, policy_id, name): if not policy_id: raise exceptions.PolicyUnknown("Cannot find policy within policy_id {}".format(policy_id)) if policy_id in self.subjects: for _subject_id, _subject_dict in self.subjects[policy_id].items(): if _subject_id == name or _subject_dict.get("name") == name: return _subject_id self.__update_subjects(policy_id) if policy_id in self.subjects: for _subject_id, _subject_dict in self.subjects[policy_id].items(): if _subject_id == name or _subject_dict.get("name") == name: return _subject_id raise exceptions.SubjectUnknown("Cannot find subject {}".format(name))
def get_object(self, policy_id, name): if not policy_id: raise exceptions.PolicyUnknown("Cannot find policy within policy_id {}".format(policy_id)) if policy_id in self.objects: for _object_id, _object_dict in self.__OBJECTS[policy_id].items(): if "name" in _object_dict and _object_dict["name"] == name: return _object_id self.__update_objects(policy_id) if policy_id in self.objects: for _object_id, _object_dict in self.__OBJECTS[policy_id].items(): if "name" in _object_dict and _object_dict["name"] == name: return _object_id raise exceptions.ObjectUnknown("Cannot find object {}".format(name))
def __update_container_chaining(self, keystone_project_id): container_ids = [] for pdp_id, pdp_value, in self.__PDP.items(): if pdp_value: if all(k in pdp_value for k in ("keystone_project_id", "security_pipeline")) \ and pdp_value["keystone_project_id"] == keystone_project_id: for policy_id in pdp_value["security_pipeline"]: if policy_id in self.policies and "model_id" in self.policies[policy_id]: model_id = self.policies[policy_id]['model_id'] if model_id in self.models and "meta_rules" in self.models[model_id]: for meta_rule_id in self.models[model_id]["meta_rules"]: for container_id, container_value in self.get_containers_from_keystone_project_id( keystone_project_id, meta_rule_id ): if "name" in container_value: if all(k in container_value for k in ("genre", "port")): container_ids.append( { "container_id": container_value["name"], "genre": container_value["genre"], "policy_id": policy_id, "meta_rule_id": meta_rule_id, "hostname": container_value["name"], "hostip": "127.0.0.1", "port": container_value["port"], } ) else: logger.warning("Container content keys not found {}", container_value) else: logger.warning("Container content keys not found {}", container_value) else: raise exceptions.ModelUnknown("Cannot find model_id: {} in models and " "may not contains 'meta_rules' key".format(model_id)) else: raise exceptions.PolicyUnknown("Cannot find policy within policy_id: {}, " "and may not contains 'model_id' key".format(policy_id)) self.__CONTAINER_CHAINING[keystone_project_id] = container_ids