python/qpid_dispatch_internal/policy/policy_manager.py - qpid-dispatch - Git at Google

 #
 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
 #   http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License
 #

 """

 """

 import json
 import traceback
 from policy_local import PolicyLocal
 from ..dispatch import LogAdapter, LOG_INFO, LOG_TRACE, LOG_DEBUG, LOG_ERROR


 """
 Entity implementing the glue between the policy engine and the rest of the system.
 """

 class PolicyManager(object):
     """

     """

     def __init__(self, agent):
         """
         """
         self._agent = agent
         self._policy_local = PolicyLocal(self)
         self.log_adapter = LogAdapter("POLICY")

     def log(self, level, text):
         info = traceback.extract_stack(limit=2)[0] # Caller frame info
         self.log_adapter.log(level, text, info[0], info[1])

     def _log(self, level, text):
         info = traceback.extract_stack(limit=3)[0] # Caller's caller frame info
         self.log_adapter.log(level, text, info[0], info[1])

     def log_debug(self, text):
         self._log(LOG_DEBUG, text)

     def log_info(self, text):
         self._log(LOG_INFO, text)

     def log_trace(self, text):
         self._log(LOG_TRACE, text)

     def log_error(self, text):
         self._log(LOG_ERROR, text)

     def get_agent(self):
         return self._agent

     #
     # Management interface to create a ruleset
     #
     def create_ruleset(self, attributes):
         """
         Create named policy ruleset
         @param[in] attributes: from config
         """
         self._policy_local.create_ruleset(attributes)

     #
     # Management interface to set the default application
     #
     def set_default_vhost(self, name):
         """
         Set default application
         @param name:
         @return:
         """
         self._policy_local.set_default_vhost(name)

     #
     # Runtime query interface
     #
     def lookup_user(self, user, host, app, conn_name, conn_id):
         """
         Lookup function called from C.
         Determine if a user on host accessing app through AMQP Open is allowed
         according to the policy access rules.
         If allowed then return the policy settings name
         @param[in] user connection authId
         @param[in] host connection remote host numeric IP address as string
         @param[in] app application user is accessing
         @param[in] conn_name connection name for accounting purposes
         @param[in] conn_id internal connection id
         @return settings user-group name if allowed; "" if not allowed
         """
         return self._policy_local.lookup_user(user, host, app, conn_name, conn_id)

     def lookup_settings(self, appname, name, upolicy):
         """
         Given a settings name, return the aggregated policy blob.
         @param[in] appname: application user is accessing
         @param[in] name: user group name
         @param[out] upolicy: map that receives the settings
         @return settings were retrieved or not
         """
         return self._policy_local.lookup_settings(appname, name, upolicy)

     def close_connection(self, conn_id):
         """
         The connection identifed is closing. Remove it from the connection
         accounting tables.
         @param facts:
         @return: none
         """
         self._policy_local.close_connection(conn_id)
 #
 #
 #
 def policy_lookup_user(mgr, user, host, app, conn_name, conn_id):
     """
     Look up a user in the policy database
     Called by C code
     @param mgr:
     @param user:
     @param host:
     @param app:
     @param conn_name:
     @return:
     """
     return mgr.lookup_user(user, host, app, conn_name, conn_id)

 #
 #
 #
 def policy_close_connection(mgr, conn_id):
     """
     Close the connection.
     Called by C code
     @param mgr:
     @param conn_id:
     @return:
     """
     mgr.close_connection(conn_id)

 #
 #
 #
 def policy_lookup_settings(mgr, appname, name, upolicy):
     """
     Return settings for <app, usergroup> in upolicy map
     @param mgr:
     @param appname:
     @param name:
     @param upolicy:
     @return:
     """
     return mgr.lookup_settings(appname, name, upolicy)
	#
	# Licensed to the Apache Software Foundation (ASF) under one
	# or more contributor license agreements. See the NOTICE file
	# distributed with this work for additional information
	# regarding copyright ownership. The ASF licenses this file
	# to you under the Apache License, Version 2.0 (the
	# "License"); you may not use this file except in compliance
	# with the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing,
	# software distributed under the License is distributed on an
	# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	# KIND, either express or implied. See the License for the
	# specific language governing permissions and limitations
	# under the License
	#

	"""

	"""

	import json
	import traceback
	from policy_local import PolicyLocal
	from ..dispatch import LogAdapter, LOG_INFO, LOG_TRACE, LOG_DEBUG, LOG_ERROR



	"""
	Entity implementing the glue between the policy engine and the rest of the system.
	"""

	class PolicyManager(object):
	"""

	"""

	def __init__(self, agent):
	"""
	"""
	self._agent = agent
	self._policy_local = PolicyLocal(self)
	self.log_adapter = LogAdapter("POLICY")

	def log(self, level, text):
	info = traceback.extract_stack(limit=2)[0] # Caller frame info
	self.log_adapter.log(level, text, info[0], info[1])

	def _log(self, level, text):
	info = traceback.extract_stack(limit=3)[0] # Caller's caller frame info
	self.log_adapter.log(level, text, info[0], info[1])

	def log_debug(self, text):
	self._log(LOG_DEBUG, text)

	def log_info(self, text):
	self._log(LOG_INFO, text)

	def log_trace(self, text):
	self._log(LOG_TRACE, text)

	def log_error(self, text):
	self._log(LOG_ERROR, text)

	def get_agent(self):
	return self._agent

	#
	# Management interface to create a ruleset
	#
	def create_ruleset(self, attributes):
	"""
	Create named policy ruleset
	@param[in] attributes: from config
	"""
	self._policy_local.create_ruleset(attributes)

	#
	# Management interface to set the default application
	#
	def set_default_vhost(self, name):
	"""
	Set default application
	@param name:
	@return:
	"""
	self._policy_local.set_default_vhost(name)

	#
	# Runtime query interface
	#
	def lookup_user(self, user, host, app, conn_name, conn_id):
	"""
	Lookup function called from C.
	Determine if a user on host accessing app through AMQP Open is allowed
	according to the policy access rules.
	If allowed then return the policy settings name
	@param[in] user connection authId
	@param[in] host connection remote host numeric IP address as string
	@param[in] app application user is accessing
	@param[in] conn_name connection name for accounting purposes
	@param[in] conn_id internal connection id
	@return settings user-group name if allowed; "" if not allowed
	"""
	return self._policy_local.lookup_user(user, host, app, conn_name, conn_id)

	def lookup_settings(self, appname, name, upolicy):
	"""
	Given a settings name, return the aggregated policy blob.
	@param[in] appname: application user is accessing
	@param[in] name: user group name
	@param[out] upolicy: map that receives the settings
	@return settings were retrieved or not
	"""
	return self._policy_local.lookup_settings(appname, name, upolicy)

	def close_connection(self, conn_id):
	"""
	The connection identifed is closing. Remove it from the connection
	accounting tables.
	@param facts:
	@return: none
	"""
	self._policy_local.close_connection(conn_id)
	#
	#
	#
	def policy_lookup_user(mgr, user, host, app, conn_name, conn_id):
	"""
	Look up a user in the policy database
	Called by C code
	@param mgr:
	@param user:
	@param host:
	@param app:
	@param conn_name:
	@return:
	"""
	return mgr.lookup_user(user, host, app, conn_name, conn_id)

	#
	#
	#
	def policy_close_connection(mgr, conn_id):
	"""
	Close the connection.
	Called by C code
	@param mgr:
	@param conn_id:
	@return:
	"""
	mgr.close_connection(conn_id)

	#
	#
	#
	def policy_lookup_settings(mgr, appname, name, upolicy):
	"""
	Return settings for <app, usergroup> in upolicy map
	@param mgr:
	@param appname:
	@param name:
	@param upolicy:
	@return:
	"""
	return mgr.lookup_settings(appname, name, upolicy)