except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"subject_assignments": data}
@check_auth
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"subject_assignments": data}
@check_auth
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"result": True}
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"object_assignments": data}
@check_auth
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"object_assignments": data}
@check_auth
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"result": True}
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"action_assignments": data}
@check_auth
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"action_assignments": data}
@check_auth
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"result": True}
"/policies/<string:uuid>/subject_data",
"/policies/<string:uuid>/subject_data/",
"/policies/<string:uuid>/subject_data/<string:category_id>",
- "/policies/<string:uuid>/subject_data/<string:category_id>/<string:data_id>",
+ "/policies/<string:uuid>/subject_data/<string:category_id>/"
+ "<string:data_id>",
)
@check_auth
def get(self, uuid=None, category_id=None, data_id=None, user_id=None):
- """Retrieve all subject categories or a specific one if sid is given for a given policy
+ """Retrieve all subject categories or a specific one if sid is given
+ for a given policy
:param uuid: uuid of the policy
:param category_id: uuid of the subject category
:internal_api: get_subject_data
"""
try:
- data = PolicyManager.get_subject_data(user_id=user_id, policy_id=uuid,
- category_id=category_id, data_id=data_id)
+ data = PolicyManager.get_subject_data(user_id=user_id,
+ policy_id=uuid,
+ category_id=category_id,
+ data_id=data_id)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"subject_data": data}
@check_auth
:internal_api: add_subject_data
"""
try:
- data = PolicyManager.set_subject_data(user_id=user_id, policy_id=uuid,
- category_id=category_id, value=request.json)
+ data = PolicyManager.set_subject_data(user_id=user_id,
+ policy_id=uuid,
+ category_id=category_id,
+ value=request.json)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"subject_data": data}
@check_auth
:internal_api: delete_subject_data
"""
try:
- data = PolicyManager.delete_subject_data(user_id=user_id, policy_id=uuid,
+ data = PolicyManager.delete_subject_data(user_id=user_id,
+ policy_id=uuid,
data_id=data_id)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"result": True}
"/policies/<string:uuid>/object_data",
"/policies/<string:uuid>/object_data/",
"/policies/<string:uuid>/object_data/<string:category_id>",
- "/policies/<string:uuid>/object_data/<string:category_id>/<string:data_id>",
+ "/policies/<string:uuid>/object_data/<string:category_id>/"
+ "<string:data_id>",
)
@check_auth
def get(self, uuid=None, category_id=None, data_id=None, user_id=None):
- """Retrieve all object categories or a specific one if sid is given for a given policy
+ """Retrieve all object categories or a specific one if sid is given
+ for a given policy
:param uuid: uuid of the policy
:param category_id: uuid of the object category
:internal_api: get_object_data
"""
try:
- data = PolicyManager.get_object_data(user_id=user_id, policy_id=uuid,
- category_id=category_id, data_id=data_id)
+ data = PolicyManager.get_object_data(user_id=user_id,
+ policy_id=uuid,
+ category_id=category_id,
+ data_id=data_id)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"object_data": data}
@check_auth
:internal_api: add_object_data
"""
try:
- data = PolicyManager.add_object_data(user_id=user_id, policy_id=uuid,
- category_id=category_id, value=request.json)
+ data = PolicyManager.add_object_data(user_id=user_id,
+ policy_id=uuid,
+ category_id=category_id,
+ value=request.json)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"object_data": data}
@check_auth
:internal_api: delete_object_data
"""
try:
- data = PolicyManager.delete_object_data(user_id=user_id, policy_id=uuid,
- data_id=data_id)
+ data = PolicyManager.delete_object_data(user_id=user_id,
+ policy_id=uuid,
+ data_id=data_id)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"result": True}
"/policies/<string:uuid>/action_data",
"/policies/<string:uuid>/action_data/",
"/policies/<string:uuid>/action_data/<string:category_id>",
- "/policies/<string:uuid>/action_data/<string:category_id>/<string:data_id>",
+ "/policies/<string:uuid>/action_data/<string:category_id>/"
+ "<string:data_id>",
)
@check_auth
def get(self, uuid=None, category_id=None, data_id=None, user_id=None):
- """Retrieve all action categories or a specific one if sid is given for a given policy
+ """Retrieve all action categories or a specific one if sid is given
+ for a given policy
:param uuid: uuid of the policy
:param category_id: uuid of the action category
:internal_api: get_action_data
"""
try:
- data = PolicyManager.get_action_data(user_id=user_id, policy_id=uuid,
- category_id=category_id, data_id=data_id)
+ data = PolicyManager.get_action_data(user_id=user_id,
+ policy_id=uuid,
+ category_id=category_id,
+ data_id=data_id)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"action_data": data}
@check_auth
:internal_api: add_action_data
"""
try:
- data = PolicyManager.add_action_data(user_id=user_id, policy_id=uuid,
- category_id=category_id, value=request.json)
+ data = PolicyManager.add_action_data(user_id=user_id,
+ policy_id=uuid,
+ category_id=category_id,
+ value=request.json)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"action_data": data}
@check_auth
:internal_api: delete_action_data
"""
try:
- data = PolicyManager.delete_action_data(user_id=user_id, policy_id=uuid,
+ data = PolicyManager.delete_action_data(user_id=user_id,
+ policy_id=uuid,
data_id=data_id)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"result": True}
:internal_api: get_subject_categories
"""
try:
- data = ModelManager.get_subject_categories(user_id=user_id, category_id=category_id)
+ data = ModelManager.get_subject_categories(
+ user_id=user_id, category_id=category_id)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"subject_categories": data}
@check_auth
:internal_api: add_subject_category
"""
try:
- data = ModelManager.add_subject_category(user_id=user_id, value=request.json)
+ data = ModelManager.add_subject_category(
+ user_id=user_id, value=request.json)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"subject_categories": data}
@check_auth
:internal_api: delete_subject_category
"""
try:
- data = ModelManager.delete_subject_category(user_id=user_id, category_id=category_id)
+ data = ModelManager.delete_subject_category(
+ user_id=user_id, category_id=category_id)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"result": True}
:internal_api: get_object_categories
"""
try:
- data = ModelManager.get_object_categories(user_id=user_id, category_id=category_id)
+ data = ModelManager.get_object_categories(
+ user_id=user_id, category_id=category_id)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"object_categories": data}
@check_auth
:internal_api: add_object_category
"""
try:
- data = ModelManager.add_object_category(user_id=user_id, value=request.json)
+ data = ModelManager.add_object_category(
+ user_id=user_id, value=request.json)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"object_categories": data}
@check_auth
:internal_api: delete_object_category
"""
try:
- data = ModelManager.delete_object_category(user_id=user_id, category_id=category_id)
+ data = ModelManager.delete_object_category(
+ user_id=user_id, category_id=category_id)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"result": True}
:internal_api: get_action_categories
"""
try:
- data = ModelManager.get_action_categories(user_id=user_id, category_id=category_id)
+ data = ModelManager.get_action_categories(
+ user_id=user_id, category_id=category_id)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"action_categories": data}
@check_auth
:internal_api: add_action_category
"""
try:
- data = ModelManager.add_action_category(user_id=user_id, value=request.json)
+ data = ModelManager.add_action_category(
+ user_id=user_id, value=request.json)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"action_categories": data}
@check_auth
:internal_api: delete_action_category
"""
try:
- data = ModelManager.delete_action_category(user_id=user_id, category_id=category_id)
+ data = ModelManager.delete_action_category(
+ user_id=user_id, category_id=category_id)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"result": True}
"meta_rule_id1": {
"name": "name of the meta rule",
"algorithm": "name of the meta rule algorithm",
- "subject_categories": ["subject_category_id1", "subject_category_id2"],
+ "subject_categories": ["subject_category_id1",
+ "subject_category_id2"],
"object_categories": ["object_category_id1"],
"action_categories": ["action_category_id1"]
},
:internal_api: get_meta_rules
"""
try:
- data = ModelManager.get_meta_rules(user_id=user_id, meta_rule_id=meta_rule_id)
+ data = ModelManager.get_meta_rules(
+ user_id=user_id, meta_rule_id=meta_rule_id)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"meta_rules": data}
@check_auth
:param user_id: user ID who do the request
:request body: post = {
"name": "name of the meta rule",
- "subject_categories": ["subject_category_id1", "subject_category_id2"],
+ "subject_categories": ["subject_category_id1",
+ "subject_category_id2"],
"object_categories": ["object_category_id1"],
"action_categories": ["action_category_id1"]
}
"meta_rules": {
"meta_rule_id1": {
"name": "name of the meta rule",
- "subject_categories": ["subject_category_id1", "subject_category_id2"],
+ "subject_categories": ["subject_category_id1",
+ "subject_category_id2"],
"object_categories": ["object_category_id1"],
"action_categories": ["action_category_id1"]
},
:internal_api: add_meta_rules
"""
try:
- data = ModelManager.add_meta_rule(user_id=user_id, meta_rule_id=None, value=request.json)
+ data = ModelManager.add_meta_rule(
+ user_id=user_id, meta_rule_id=None, value=request.json)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"meta_rules": data}
@check_auth
:param user_id: user ID who do the request
:request body: patch = {
"name": "name of the meta rule",
- "subject_categories": ["subject_category_id1", "subject_category_id2"],
+ "subject_categories": ["subject_category_id1",
+ "subject_category_id2"],
"object_categories": ["object_category_id1"],
"action_categories": ["action_category_id1"]
}
"meta_rules": {
"meta_rule_id1": {
"name": "name of the meta rule",
- "subject_categories": ["subject_category_id1", "subject_category_id2"],
+ "subject_categories": ["subject_category_id1",
+ "subject_category_id2"],
"object_categories": ["object_category_id1"],
"action_categories": ["action_category_id1"]
},
:internal_api: set_meta_rules
"""
try:
- data = ModelManager.set_meta_rule(user_id=user_id, meta_rule_id=meta_rule_id, value=request.json)
+ data = ModelManager.set_meta_rule(
+ user_id=user_id, meta_rule_id=meta_rule_id, value=request.json)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"meta_rules": data}
@check_auth
:param user_id: user ID who do the request
:request body: delete = {
"name": "name of the meta rule",
- "subject_categories": ["subject_category_id1", "subject_category_id2"],
+ "subject_categories": ["subject_category_id1",
+ "subject_category_id2"],
"object_categories": ["object_category_id1"],
"action_categories": ["action_category_id1"]
}
"meta_rules": {
"meta_rule_id1": {
"name": "name of the meta rule",
- "subject_categories": ["subject_category_id1", "subject_category_id2"],
+ "subject_categories": ["subject_category_id1",
+ "subject_category_id2"],
"object_categories": ["object_category_id1"],
"action_categories": ["action_category_id1"]
},
:internal_api: delete_meta_rules
"""
try:
- data = ModelManager.delete_meta_rule(user_id=user_id, meta_rule_id=meta_rule_id)
+ data = ModelManager.delete_meta_rule(
+ user_id=user_id, meta_rule_id=meta_rule_id)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"result": True}
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"models": data}
@check_auth
:internal_api: add_model
"""
try:
- data = ModelManager.add_model(user_id=user_id, model_id=uuid, value=request.json)
+ data = ModelManager.add_model(
+ user_id=user_id, model_id=uuid, value=request.json)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"models": data}
@check_auth
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"result": True}
@check_auth
:internal_api: update_model
"""
try:
- data = ModelManager.update_model(user_id=user_id, model_id=uuid, value=request.json)
+ data = ModelManager.update_model(
+ user_id=user_id, model_id=uuid, value=request.json)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"models": data}
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"pdps": data}
@check_auth
:internal_api: add_pdp
"""
try:
- data = PDPManager.add_pdp(user_id=user_id, pdp_id=None, value=request.json)
+ data = PDPManager.add_pdp(
+ user_id=user_id, pdp_id=None, value=request.json)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"pdps": data}
@check_auth
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"result": True}
@check_auth
:internal_api: update_pdp
"""
try:
- data = PDPManager.update_pdp(user_id=user_id, pdp_id=uuid, value=request.json)
+ data = PDPManager.update_pdp(
+ user_id=user_id, pdp_id=uuid, value=request.json)
add_container(uuid=uuid, pipeline=data[uuid]['security_pipeline'])
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"pdps": data}
# license which can be found in the file 'LICENSE' in this package distribution
# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
"""
-* Subjects are the source of an action on an object (examples : users, virtual machines)
-* Objects are the destination of an action (examples virtual machines, virtual Routers)
+* Subjects are the source of an action on an object
+ (examples : users, virtual machines)
+* Objects are the destination of an action
+ (examples virtual machines, virtual Routers)
* Actions are what subject wants to do on an object
"""
@check_auth
def get(self, uuid=None, perimeter_id=None, user_id=None):
- """Retrieve all subjects or a specific one if perimeter_id is given for a given policy
+ """Retrieve all subjects or a specific one if perimeter_id is
+ given for a given policy
:param uuid: uuid of the policy
:param perimeter_id: uuid of the subject
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"subjects": data}
@check_auth
"""
try:
if not perimeter_id:
- data = PolicyManager.get_subjects(user_id=user_id, policy_id=None)
+ data = PolicyManager.get_subjects(user_id=user_id,
+ policy_id=None)
if 'name' in request.json:
for data_id, data_value in data.items():
if data_value['name'] == request.json['name']:
perimeter_id = data_id
break
- data = PolicyManager.add_subject(user_id=user_id, policy_id=uuid,
- perimeter_id=perimeter_id, value=request.json)
+ data = PolicyManager.add_subject(
+ user_id=user_id, policy_id=uuid,
+ perimeter_id=perimeter_id, value=request.json)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"subjects": data}
@check_auth
"""
try:
if not perimeter_id:
- data = PolicyManager.get_subjects(user_id=user_id, policy_id=None)
+ data = PolicyManager.get_subjects(user_id=user_id,
+ policy_id=None)
if 'name' in request.json:
for data_id, data_value in data.items():
if data_value['name'] == request.json['name']:
perimeter_id = data_id
break
- data = PolicyManager.add_subject(user_id=user_id, policy_id=uuid,
- perimeter_id=perimeter_id, value=request.json)
+ data = PolicyManager.add_subject(
+ user_id=user_id, policy_id=uuid,
+ perimeter_id=perimeter_id, value=request.json)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"subjects": data}
@check_auth
:internal_api: delete_subject
"""
try:
- data = PolicyManager.delete_subject(user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id)
+ data = PolicyManager.delete_subject(
+ user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"result": True}
@check_auth
def get(self, uuid=None, perimeter_id=None, user_id=None):
- """Retrieve all objects or a specific one if perimeter_id is given for a given policy
+ """Retrieve all objects or a specific one if perimeter_id is
+ given for a given policy
:param uuid: uuid of the policy
:param perimeter_id: uuid of the object
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"objects": data}
@check_auth
if data_value['name'] == request.json['name']:
perimeter_id = data_id
break
- data = PolicyManager.add_object(user_id=user_id, policy_id=uuid,
- perimeter_id=perimeter_id, value=request.json)
+ data = PolicyManager.add_object(
+ user_id=user_id, policy_id=uuid,
+ perimeter_id=perimeter_id, value=request.json)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"objects": data}
@check_auth
if data_value['name'] == request.json['name']:
perimeter_id = data_id
break
- data = PolicyManager.add_object(user_id=user_id, policy_id=uuid,
- perimeter_id=perimeter_id, value=request.json)
+ data = PolicyManager.add_object(
+ user_id=user_id, policy_id=uuid,
+ perimeter_id=perimeter_id, value=request.json)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"objects": data}
@check_auth
:internal_api: delete_object
"""
try:
- data = PolicyManager.delete_object(user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id)
+ data = PolicyManager.delete_object(
+ user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"result": True}
@check_auth
def get(self, uuid=None, perimeter_id=None, user_id=None):
- """Retrieve all actions or a specific one if perimeter_id is given for a given policy
+ """Retrieve all actions or a specific one if perimeter_id
+ is given for a given policy
:param uuid: uuid of the policy
:param perimeter_id: uuid of the action
:internal_api: get_actions
"""
try:
- data = PolicyManager.get_actions(user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id)
+ data = PolicyManager.get_actions(
+ user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"actions": data}
@check_auth
if data_value['name'] == request.json['name']:
perimeter_id = data_id
break
- data = PolicyManager.add_action(user_id=user_id, policy_id=uuid,
- perimeter_id=perimeter_id, value=request.json)
+ data = PolicyManager.add_action(
+ user_id=user_id, policy_id=uuid,
+ perimeter_id=perimeter_id, value=request.json)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"actions": data}
@check_auth
if data_value['name'] == request.json['name']:
perimeter_id = data_id
break
- data = PolicyManager.add_action(user_id=user_id, policy_id=uuid,
- perimeter_id=perimeter_id, value=request.json)
+ data = PolicyManager.add_action(
+ user_id=user_id, policy_id=uuid,
+ perimeter_id=perimeter_id, value=request.json)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"actions": data}
@check_auth
:internal_api: delete_action
"""
try:
- data = PolicyManager.delete_action(user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id)
+ data = PolicyManager.delete_action(
+ user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"result": True}
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"policies": data}
@check_auth
:internal_api: add_policy
"""
try:
- data = PolicyManager.add_policy(user_id=user_id, policy_id=uuid, value=request.json)
+ data = PolicyManager.add_policy(
+ user_id=user_id, policy_id=uuid, value=request.json)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"policies": data}
@check_auth
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"result": True}
@check_auth
:internal_api: update_policy
"""
try:
- data = PolicyManager.update_policy(user_id=user_id, policy_id=uuid, value=request.json)
+ data = PolicyManager.update_policy(
+ user_id=user_id, policy_id=uuid, value=request.json)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"policies": data}
from flask import request
from flask_restful import Resource
from oslo_log import log as logging
-from moon_utilities.security_functions import call
from moon_utilities.security_functions import check_auth
from moon_db.core import PolicyManager
"rules": [
"policy_id": "policy_id1",
"meta_rule_id": "meta_rule_id1",
- "rule_id1": ["subject_data_id1", "object_data_id1", "action_data_id1"],
- "rule_id2": ["subject_data_id2", "object_data_id2", "action_data_id2"],
+ "rule_id1":
+ ["subject_data_id1", "object_data_id1", "action_data_id1"],
+ "rule_id2":
+ ["subject_data_id2", "object_data_id2", "action_data_id2"],
]
}
:internal_api: get_rules
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"rules": data}
@check_auth
"rules": [
"meta_rule_id": "meta_rule_id1",
"rule_id1": {
- "rule": ["subject_data_id1", "object_data_id1", "action_data_id1"],
+ "rule": ["subject_data_id1",
+ "object_data_id1",
+ "action_data_id1"],
"instructions": (
- {"decision": "grant"}, # "grant" to immediately exit,
- # "continue" to wait for the result of next policy
- # "deny" to deny the request
+ {"decision": "grant"},
+ # "grant" to immediately exit,
+ # "continue" to wait for the result of next policy
+ # "deny" to deny the request
)
}
"rule_id2": {
- "rule": ["subject_data_id2", "object_data_id2", "action_data_id2"],
+ "rule": ["subject_data_id2",
+ "object_data_id2",
+ "action_data_id2"],
"instructions": (
{
"update": {
- "operation": "add", # operations may be "add" or "delete"
- "target": "rbac:role:admin" # add the role admin to the current user
+ "operation": "add",
+ # operations may be "add" or "delete"
+ "target": "rbac:role:admin"
+ # add the role admin to the current user
}
},
- {"chain": {"name": "rbac"}} # chain with the policy named rbac
+ {"chain": {"name": "rbac"}}
+ # chain with the policy named rbac
)
}
]
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"rules": data}
@check_auth
:internal_api: delete_rule
"""
try:
- data = PolicyManager.delete_rule(user_id=user_id, policy_id=uuid, rule_id=rule_id)
+ data = PolicyManager.delete_rule(
+ user_id=user_id, policy_id=uuid, rule_id=rule_id)
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
- "error": str(e)}
+ "error": str(e)}, 500
return {"result": True}
from moon_manager.api.data import SubjectData, ObjectData, ActionData
from moon_manager.api.assignments import SubjectAssignments, ObjectAssignments, ActionAssignments
from moon_manager.api.rules import Rules
-from moon_manager.api.containers import Container
+# from moon_manager.api.containers import Container
from moon_utilities import configuration, exceptions
logger = logging.getLogger("moon.manager.http")
Subjects, Objects, Actions,
SubjectAssignments, ObjectAssignments, ActionAssignments,
SubjectData, ObjectData, ActionData,
- Rules, Container,
+ Rules, #Container,
Models, Policies, PDP
)
Code Review / moon.git / commitdiff