Python pdp.PDP类代码示例

    def load_org_policy_rules(self, rules_text):
        log.debug("Loading policies for org")

        #Simply create a new PDP object for the service
        #TODO - make sure this is thread safe with the evaluation that uses it.
        input_source = StringIO(rules_text)
        self.org_pdp = PDP.fromPolicySource(input_source, ReaderFactory)

    def load_policy_rules(self, resource_policy, rules_text):
        log.debug("Loading rules for service: %s" % resource_policy)

        #Simply create a new PDP object for the service
        #TODO - make sure this is thread safe with the evaluation that uses it.
        input_source = StringIO(rules_text)
        self.policy_decision_point[resource_policy] = PDP.fromPolicySource(input_source, ReaderFactory)

    def initialise(self, prefix='', **kw):
        '''Initialise object from keyword settings
        
        :type prefix: basestring
        :param prefix: prefix for configuration items
        :type kw: dict        
        :param kw: configuration settings
        dictionary
        :raise SamlPepFilterConfigError: missing option setting(s)
        '''
        # Parse other options
        for name in SamlPepFilter.PARAM_NAMES:
            paramName = prefix + name
            value = kw.get(paramName)
            
            if value is not None:
                setattr(self, name, value)
                
            elif name != self.__class__.LOCAL_POLICY_FILEPATH_PARAM_NAME:
                # Policy file setting is optional
                raise SamlPepFilterConfigError('Missing option %r' % paramName)
            

        # Parse authorisation decision query options
        queryPrefix = prefix + self.__class__.AUTHZ_DECISION_QUERY_PARAMS_PREFIX
        self.client.parseKeywords(prefix=queryPrefix, **kw)

        # Initialise the local PDP  
        if self.localPolicyFilePath:
            self.__localPdp = PDP.fromPolicySource(self.localPolicyFilePath, 
                                                   XacmlPolicyReaderFactory)

    def __init__(self, governance_controller):
        self.resource_policy_decision_point = dict()
        self.service_policy_decision_point = dict()

        self.empty_pdp = PDP.fromPolicySource(path.join(THIS_DIR, XACML_EMPTY_POLICY_FILENAME), ReaderFactory)
        self.load_common_service_policy_rules('')

        self.governance_controller = governance_controller


        #Create and register an Attribute Value derived class to handle a dict type used for the messages
        _className = 'Dict' + AttributeValue.CLASS_NAME_SUFFIX
        _classVars = {'TYPE': dict, 'IDENTIFIER': DICT_TYPE_URI}
        _attributeValueClass = type(_className, (AttributeValue, ), _classVars)
        AttributeValue.register(_attributeValueClass)
        attributeValueFactory.addClass(DICT_TYPE_URI, _attributeValueClass)

        self.DictAttributeValue = attributeValueFactory(DICT_TYPE_URI)


        #Create and register an Attribute Value derived class to handle any object
        _className = 'Object' + AttributeValue.CLASS_NAME_SUFFIX
        _classVars = {'TYPE': object, 'IDENTIFIER': OBJECT_TYPE_URI}
        _attributeValueClass = type(_className, (AttributeValue, ), _classVars)
        AttributeValue.register(_attributeValueClass)
        attributeValueFactory.addClass(OBJECT_TYPE_URI, _attributeValueClass)

        self.ObjectAttributeValue = attributeValueFactory(OBJECT_TYPE_URI)

        #Create and add new function for evaluating functions that take the message as a dict
        from pyon.core.governance.policy.evaluate import EvaluateCode, EvaluateFunction
        functionMap['urn:oasis:names:tc:xacml:1.0:function:evaluate-code'] = EvaluateCode
        functionMap['urn:oasis:names:tc:xacml:1.0:function:evaluate-function'] = EvaluateFunction

    def __init__(self, governance_controller):
        self.resource_policy_decision_point = dict()
        self.service_policy_decision_point = dict()

        self.empty_pdp = PDP.fromPolicySource(path.join(THIS_DIR, XACML_EMPTY_POLICY_FILENAME), ReaderFactory)
        self.load_common_service_policy_rules('')

        self.governance_controller = governance_controller

    def __init__(self, *args, **kwargs):
        self.policy_decision_point = dict()
        self.org_pdp = PDP.fromPolicySource(path.join(THIS_DIR, XACML_EMPTY_POLICY_FILENAME), ReaderFactory)

        #Adding an not function to XACML
        from pyon.core.governance.policy.xacml.not_function import Not
        from pyon.core.governance.policy.xacml.and_function import And
        functionMap['urn:oasis:names:tc:xacml:ooi:function:not'] = Not
        functionMap['urn:oasis:names:tc:xacml:ooi:function:and'] = And

 def test02_03And1ArgFalse(self):
     self.pdp = PDP.fromPolicySource(XACML_ANDTEST_FILEPATH, ReaderFactory)
     request = self._createRequestCtx(
                         self.__class__.RESOURCE3_ID,
                         subjectRoles=('role1',))
     response = self.pdp.evaluate(request)
     self.failIf(response is None, "Null response")
     for result in response.results:
         self.failIf(result.decision != Decision.DENY,
                     "Expecting Deny decision")

 def test02_04And2ArgsTrue(self):
     self.pdp = PDP.fromPolicySource(XACML_ANDTEST_FILEPATH, ReaderFactory)
     request = self._createRequestCtx(
                         self.__class__.RESOURCE4_ID,
                         subjectRoles=('role1', 'role2'))
     response = self.pdp.evaluate(request)
     self.failIf(response is None, "Null response")
     for result in response.results:
         self.failIf(result.decision != Decision.PERMIT,
                     "Expecting Permit decision")

    def get_pdp(self, resource_id):

        if self.policy_decision_point.has_key(resource_id):
            return self.policy_decision_point[resource_id]

        # If a PDP does not exist for this resource - then return default.
        if self.default_pdp is None:
            # Loads a blank policy set as the default or an unknown resource_policy
            self.default_pdp = PDP.fromPolicySource(path.join(THIS_DIR, XACML_EMPTY_POLICY_FILENAME), ReaderFactory)

        return self.default_pdp

    def createPDP(self):
        """Create PDP from ion agents policy file"""

        log.debug("Creating a new PDP")
        # TODO - May need to implement a not function here.
        #from pyon.core.governance.ndg_xacml.ooi_and import And
        #functionMap['urn:oasis:names:tc:xacml:ooi:function:and'] = And

        self.policy_decision_point = PDP.fromPolicySource(path.join(THIS_DIR, XACML_ION_POLICY_FILENAME), ReaderFactory)

        return self.policy_decision_point

 def test02_02AnyUriUrlencode(self):
     """Test URL encoding of a URI value resulting in a deny decision.
     """
     self.pdp = PDP.fromPolicySource(XACML_CUSTOM_FUNCTION_TEST_FILEPATH,
                                     ReaderFactory)
     request = self._createRequestCtx(self.__class__.RESOURCE4_ID,
                                      subjectRoles=('role1',))
     response = self.pdp.evaluate(request)
     self.failIf(response is None, "Null response")
     for result in response.results:
         self.failIf(result.decision != Decision.DENY,
                     "Expecting Deny decision")

 def test01_01StringUrlencode(self):
     """Test URL encoding of a string value resulting in a permit decision.
     """
     self.pdp = PDP.fromPolicySource(XACML_CUSTOM_FUNCTION_TEST_FILEPATH,
                                     ReaderFactory)
     request = self._createRequestCtx(self.__class__.RESOURCE1_ID,
                                      subjectRoles=('role1',))
     response = self.pdp.evaluate(request)
     self.failIf(response is None, "Null response")
     for result in response.results:
         self.failIf(result.decision != Decision.PERMIT,
                     "Expecting Permit decision")

    def load_resource_policy_rules(self, resource_key, rules_text):

        if not rules_text and not self.resource_policy_decision_point.has_key(resource_key):
            return

        log.info("Loading policies for resource: %s" % resource_key)

        self.clear_resource_policy(resource_key)

        #Simply create a new PDP object for the service
        input_source = StringIO(self.create_policy_from_rules(resource_key, rules_text))
        self.resource_policy_decision_point[resource_key] = PDP.fromPolicySource(input_source, ReaderFactory)

 def test01_04StringConcatenate4Values(self):
     """Test concatenation of 4 string values resulting in deny decision.
     """
     self.pdp = PDP.fromPolicySource(XACML_CONCATENATE_TEST_FILEPATH,
                                     ReaderFactory)
     request = self._createRequestCtx(self.__class__.RESOURCE4_ID,
                                      subjectRoles=('role1',))
     response = self.pdp.evaluate(request)
     self.failIf(response is None, "Null response")
     for result in response.results:
         self.failIf(result.decision != Decision.DENY,
                     "Expecting Deny decision")

    def set_resource_policy_rules(self, resource_key, policy_list):
        log.debug("Loading policies for resource: %s" % resource_key)

        self.clear_resource_policy(resource_key)

        if not policy_list:
            self.resource_policy_decision_point[resource_key] = None
            return

        # Create a new PDP object for the resource
        rules_text = self._get_rules_text(policy_list)
        input_source = StringIO(self.create_resource_policy_from_rules(resource_key, rules_text))
        self.resource_policy_decision_point[resource_key] = PDP.fromPolicySource(input_source, ReaderFactory)