Source Code for Module ndg.xacml.core.policy

  1  """NDG Security Policy type definition 
  2   
  3  NERC DataGrid 
  4  """ 
  5  __author__ = "P J Kershaw" 
  6  __date__ = "24/02/10" 
  7  __copyright__ = "(C) 2010 Science and Technology Facilities Council" 
  8  __contact__ = "Philip.Kershaw@stfc.ac.uk" 
  9  __license__ = "BSD - see LICENSE file in top-level directory" 
 10  __contact__ = "Philip.Kershaw@stfc.ac.uk" 
 11  __revision__ = "$Id: policy.py 7955 2011-12-21 18:29:45Z rwilkinson $" 
 12  import logging 
 13  log = logging.getLogger(__name__) 
 14   
 15  from ndg.xacml.utils import TypedList 
 16  from ndg.xacml.parsers import AbstractReaderFactory, AbstractReader 
 17  from ndg.xacml.core.policybase import PolicyBase 
 18  from ndg.xacml.core.policydefaults import PolicyDefaults 
 19  from ndg.xacml.core.target import Target 
 20  from ndg.xacml.core.rule import Rule 
 21  from ndg.xacml.core.obligation import Obligation 
 22  from ndg.xacml.core.rule_combining_alg import (RuleCombiningAlgClassFactory, 
 23                                                 RuleCombiningAlgInterface) 
 24  from ndg.xacml.core.functions import (UnsupportedStdFunctionError, 
 25                                        UnsupportedFunctionError) 
 26   
 27   
 28 -class PolicyParseError(Exception): 
 29      """Error reading policy attributes from file""" 
 30   
 31   
 32 -class InvalidPolicyXmlNsError(PolicyParseError): 
 33      """Invalid XML namespace for policy document""" 
 34   
 35   
 36 -class Policy(PolicyBase): 
 37      """XACML Policy 
 38       
 39      @cvar DEFAULT_XACML_VERSION: default is 2.0 
 40      @type DEFAULT_XACML_VERSION: string 
 41      @cvar ELEMENT_LOCAL_NAME: XML local name for this element 
 42      @type ELEMENT_LOCAL_NAME: string 
 43      @cvar POLICY_ID_ATTRIB_NAME: policy id XML attribute name 
 44      @type POLICY_ID_ATTRIB_NAME: string 
 45      @cvar RULE_COMBINING_ALG_ID_ATTRIB_NAME: rule combining algorithm id XML 
 46      attribute name 
 47      @type RULE_COMBINING_ALG_ID_ATTRIB_NAME: string 
 48      @cvar VERSION_ATTRIB_NAME: version XML attribute name 
 49      @type VERSION_ATTRIB_NAME: string 
 50      @cvar DESCRIPTION_LOCAL_NAME: description XML element local name 
 51      @type DESCRIPTION_LOCAL_NAME: string 
 52      @cvar POLICY_DEFAULTS_LOCAL_NAME: policy defaults XML element local name 
 53      @type POLICY_DEFAULTS_LOCAL_NAME: string 
 54      @cvar COMBINER_PARAMETERS_LOCAL_NAME: combiner parameter XML element local 
 55      name 
 56      @type COMBINER_PARAMETERS_LOCAL_NAME: string 
 57      @cvar RULE_COMBINER_PARAMETERS_LOCAL_NAME: rule combiner parameter XML 
 58      element local name 
 59      @type RULE_COMBINER_PARAMETERS_LOCAL_NAME: string 
 60      @cvar OBLIGATIONS_LOCAL_NAME: obligations XML element local name 
 61      @type OBLIGATIONS_LOCAL_NAME: string 
 62       
 63      @ivar __policyId: policy id 
 64      @type __policyId: NoneType / basestring 
 65      @ivar __version: policy version 
 66      @type __version: NoneType / basestring 
 67      @ivar __ruleCombiningAlgId: rule combining algorithm ID 
 68      @type __ruleCombiningAlgId: NoneType / basestring 
 69      @ivar __description: policy decription text 
 70      @type __description: NoneType / basestring 
 71      @ivar __target: target element 
 72      @type __target: NoneType / ndg.xacml.core.target.Target 
 73      @ivar __attr: list of rules 
 74      @type __attr: ndg.xacml.utils.TypedList 
 75      @ivar __obligations: obligations 
 76      @type __obligations: ndg.xacml.utils.TypedList 
 77      @ivar __ruleCombiningAlgFactory: rule combining algorithm factory 
 78      @type __ruleCombiningAlgFactory: ndg.xacml.core.rule_combining_alg.RuleCombiningAlgClassFactory 
 79      @ivar __ruleCombiningAlg: rule combining algorithm 
 80      @type __ruleCombiningAlg: NoneType / ndg.xacml.core.rule_combining_alg.RuleCombiningAlgInterface 
 81      """  
 82      DEFAULT_XACML_VERSION = "2.0" 
 83      ELEMENT_LOCAL_NAME = "Policy" 
 84      POLICY_ID_ATTRIB_NAME = "PolicyId" 
 85      RULE_COMBINING_ALG_ID_ATTRIB_NAME = "RuleCombiningAlgId" 
 86      VERSION_ATTRIB_NAME = "Version" 
 87   
 88      DESCRIPTION_LOCAL_NAME = "Description" 
 89      POLICY_DEFAULTS_LOCAL_NAME = "PolicyDefaults" 
 90      COMBINER_PARAMETERS_LOCAL_NAME = "CombinerParameters" 
 91      RULE_COMBINER_PARAMETERS_LOCAL_NAME = "RuleCombinerParameters" 
 92      OBLIGATIONS_LOCAL_NAME = "Obligations" 
 93      POLICY_ID_REFERENCE = "PolicyIdReference" 
 94       
 95      __slots__ = ( 
 96          '__policyId', 
 97          '__version', 
 98          '__ruleCombiningAlgId', 
 99          '__description', 
100          '__policyDefaults', 
101          '__target', 
102          '__attr', 
103          '__obligations', 
104          '__ruleCombiningAlgFactory', 
105          '__ruleCombiningAlg' 
106      ) 
107       
108 -    def __init__(self, ruleCombiningAlgFactory=None): 
109          """Customise rule combining behaviour by passing in a custom combining 
110          algorithm factory.  This is invoked when the combining algorithm Id 
111          property is set in order to create the corresponding combining algorithm 
112          object 
113           
114          @param ruleCombiningAlgFactory: factory object for return a rule  
115          combining algorithm class for a given URI.  Defaults to  
116          @type ruleCombiningAlgFactory: NoneType / defaults to  
117          ndg.xacml.core.rule_combining_alg.RuleCombiningAlgClassFactory 
118          """ 
119          super(Policy, self).__init__() 
120          self.__policyId = None 
121          self.__version = None 
122          self.__ruleCombiningAlgId = None 
123          self.__description = None 
124          self.__target = None 
125          self.__policyDefaults = None 
126           
127          # Attr should eventually allow a choice of Rule, CombinerParameter,  
128          # RuleCombinerParameter and VariableDefinition but only Rule type is  
129          # currently supported 
130          self.__attr = TypedList(Rule) 
131           
132          self.__obligations = TypedList(Obligation) 
133           
134          self.__ruleCombiningAlgFactory = None 
135          if ruleCombiningAlgFactory is None: 
136              self.ruleCombiningAlgFactory = RuleCombiningAlgClassFactory() 
137          else: 
138              self.ruleCombiningAlgFactory = ruleCombiningAlgFactory 
139   
140          self.__ruleCombiningAlg = None 
141   
142 -    def _getRuleCombiningAlgFactory(self): 
143          """ 
144          @return: rule combining algorithm factory 
145          @rtype: NoneType / ndg.xacml.core.rule_combining_alg.RuleCombiningAlgClassFactory 
146          """ 
147          return self.__ruleCombiningAlgFactory 
148   
149 -    def _setRuleCombiningAlgFactory(self, value): 
150          """ 
151          @param value: rule combining algorithm factory 
152          @type value: ndg.xacml.core.rule_combining_alg.RuleCombiningAlgClassFactory 
153          @raise TypeError: incorrect input type 
154          """ 
155          if not isinstance(value, RuleCombiningAlgClassFactory): 
156              raise TypeError('Expecting %r derived type for ' 
157                              '"ruleCombiningAlgFactory" attibute; got %r' %  
158                              (RuleCombiningAlgClassFactory, type(value))) 
159               
160          self.__ruleCombiningAlgFactory = value 
161   
162      ruleCombiningAlgFactory = property(_getRuleCombiningAlgFactory,  
163                                         _setRuleCombiningAlgFactory,  
164                                         doc="Rule Combining Algorithm Factory") 
165       
166      @property 
167 -    def ruleCombiningAlg(self): 
168          """Rule Combining algorithm 
169          @return: rule combining algorithm class instance 
170          @rtype: ndg.xacml.core.rule_combining_alg.RuleCombiningAlgInterface  
171          derived type 
172          """ 
173          return self.__ruleCombiningAlg 
174       
175      @classmethod 
176 -    def fromSource(cls, source, readerFactory): 
177          """Create a new policy from the input source parsing it using a  
178          reader from the required reader factory e.g. ETreeReaderFactory to use 
179          ElementTree based parsing 
180           
181          @param source: source from which to read the policy - file path, 
182          file object, XML node or other dependent on the reader factory selected 
183          @type source: string, file, XML node type 
184          @param readerFactory: factory class returns reader class used to parse  
185          the policy 
186          @type readerFactory: ndg.xacml.parsers.AbstractReaderFactory 
187          @return: new policy instance 
188          @rtype: ndg.xacml.core.policy.Policy 
189          """ 
190          if not issubclass(readerFactory, AbstractReaderFactory): 
191              raise TypeError('Expecting %r derived class for reader factory ' 
192                              'method; got %r' % (AbstractReaderFactory,  
193                                                  readerFactory)) 
194               
195          reader = readerFactory.getReader(cls) 
196          if not issubclass(reader, AbstractReader): 
197              raise TypeError('Expecting %r derived class for reader class; ' 
198                              'got %r' % (AbstractReader, reader)) 
199               
200          return reader.parse(source) 
201           
202 -    def _getPolicyId(self): 
203          ''' 
204          @return: policy id 
205          @rtype: NoneType / basestring 
206          ''' 
207          return self.__policyId 
208   
209 -    def _setPolicyId(self, value): 
210          '''@param value: policy id 
211          @type value: basestring 
212          @raise TypeError: incorrect input type 
213          ''' 
214          if not isinstance(value, basestring): 
215              raise TypeError('Expecting string type for "policyId" ' 
216                              'attribute; got %r' % type(value)) 
217               
218          self.__policyId = value 
219   
220      policyId = property(_getPolicyId, _setPolicyId, None, "Policy Id") 
221      # Generic property for ID of Policy and PolicySet 
222      ident = property(_getPolicyId, None, None, "Policy Id") 
223   
224 -    def _getVersion(self): 
225          '''@return: policy version 
226          @rtype: NoneType / basestring 
227          ''' 
228          return self.__version 
229   
230 -    def _setVersion(self, value): 
231          '''@param value: policy version 
232          @type value: basestring 
233          @raise TypeError: incorrect input type 
234          ''' 
235          if not isinstance(value, basestring): 
236              raise TypeError('Expecting string type for "version" ' 
237                              'attribute; got %r' % type(value)) 
238               
239          self.__version = value 
240   
241      version = property(_getVersion, _setVersion, None, "Policy Version") 
242   
243 -    def _getRuleCombiningAlgId(self): 
244          '''@return: rule combining algorithm ID 
245          @rtype: NoneType / basestring 
246          ''' 
247          return self.__ruleCombiningAlgId 
248   
249 -    def _setRuleCombiningAlgId(self, value): 
250          '''@param value: rule combining algorithm ID 
251          @type value: NoneType / basestring 
252          @raise TypeError: incorrect input type 
253          ''' 
254          if not isinstance(value, basestring): 
255              raise TypeError('Expecting string type for "ruleCombiningAlgId" ' 
256                              'attribute; got %r' % type(value)) 
257               
258          self.__ruleCombiningAlgId = value 
259          self._setRuleCombiningAlgFromId() 
260           
261 -    def _setRuleCombiningAlgFromId(self): 
262          """Set the rule combining algorithm implementation from the Id set in 
263          __ruleCombiningAlgId the attribute 
264           
265          @raise TypeError: incorrect input type 
266          @raise UnsupportedStdFunctionError: no implementation is avaliable for 
267          this XACML rule combining algorithm  
268          @raise UnsupportedFunctionError: the rule combining algorithm is not 
269          recognised as a standard XACML one 
270          """ 
271          # Look-up rule combining algorithm 
272          ruleCombiningAlgClass = self.__ruleCombiningAlgFactory( 
273                                                      self.__ruleCombiningAlgId) 
274          if (not isinstance(ruleCombiningAlgClass, type) or  
275              not issubclass(ruleCombiningAlgClass, RuleCombiningAlgInterface)): 
276              raise TypeError('Expecting %r derived type for rule combining ' 
277                              'algorithm class; got %r type' % 
278                              (RuleCombiningAlgInterface, ruleCombiningAlgClass)) 
279               
280          self.__ruleCombiningAlg = ruleCombiningAlgClass() 
281          if self.__ruleCombiningAlg is NotImplemented: 
282              raise UnsupportedStdFunctionError('The rule combining algorithm %r ' 
283                                                'is not currently implemented' %  
284                                                self.__ruleCombiningAlgId) 
285               
286          elif self.__ruleCombiningAlg is None: 
287              raise UnsupportedFunctionError('%r is not recognised as a valid ' 
288                                             'XACML rule combining algorithm' %  
289                                             self.__ruleCombiningAlgId)  
290   
291      ruleCombiningAlgId = property(_getRuleCombiningAlgId,  
292                                    _setRuleCombiningAlgId, None,  
293                                    doc="Rule Combining Algorithm Id") 
294   
295      @property 
296 -    def combinerParameters(self): 
297          """@raise NotImplementedError: combiner parameters property is not 
298          currently implemented 
299          """ 
300          raise NotImplementedError() 
301       
302      @property 
303 -    def ruleCombinerParameters(self): 
304          """@raise NotImplementedError: rule combiner parameters property is not 
305          currently implemented 
306          """ 
307          raise NotImplementedError() 
308       
309      @property 
310 -    def variableDefinitions(self): 
311          """@raise NotImplementedError: variable definitions parameters property  
312          is not currently implemented 
313          """ 
314          raise NotImplementedError() 
315       
316      @property 
317 -    def rules(self): 
318          """Return the list of rules 
319          @return: list of rules 
320          @rtype: ndg.xacml.utils.TypedList 
321          """ 
322          return self.__attr 
323       
324      @property 
325 -    def obligations(self): 
326          """@return: obligations 
327          @rtype: ndg.xacml.utils.TypedList 
328          """ 
329          return self.__obligations  
330   
331 -    def _getTarget(self): 
332          """@return: target element 
333          @rtype: NoneType / ndg.xacml.core.target.Target 
334          """ 
335          return self.__target 
336   
337 -    def _setTarget(self, value): 
338          """@param value: target element 
339          @type value: ndg.xacml.core.target.Target 
340          @raise TypeError: incorrect input type 
341          """ 
342          if not isinstance(value, Target): 
343              raise TypeError('Expecting Target for "target" ' 
344                              'attribute; got %r' % type(value)) 
345          self.__target = value 
346   
347      target = property(_getTarget, _setTarget, doc="list of Policy targets") 
348   
349 -    def _getDescription(self): 
350          '''@return: policy description text 
351          @rtype: NoneType / basestring 
352          ''' 
353          return self.__description 
354   
355 -    def _setDescription(self, value): 
356          '''@param value: policy description text 
357          @type value: basestring 
358          @raise TypeError: incorrect input type 
359          ''' 
360          if not isinstance(value, basestring): 
361              raise TypeError('Expecting string type for "description" ' 
362                              'attribute; got %r' % type(value)) 
363          self.__description = value 
364   
365      description = property(_getDescription, _setDescription,  
366                             doc="Policy Description text") 
367   
368 -    def _getPolicyDefaults(self): 
369          '''@return: policy defaults 
370          @rtype: NoneType / ndg.xacml.core.policydefaults.PolicyDefaults 
371          ''' 
372          return self.__policyDefaults 
373   
374 -    def _setPolicyDefaults(self, value): 
375          '''@param value: policy defaults 
376          @type value: ndg.xacml.core.policydefaults.PolicyDefaults 
377          @raise TypeError: incorrect input type 
378          ''' 
379          if not isinstance(value, PolicyDefaults): 
380              raise TypeError('Expecting string type for "policyDefaults" ' 
381                              'attribute; got %r' % type(value)) 
382               
383          self.__policyDefaults = value 
384   
385      policyDefaults = property(_getPolicyDefaults,  
386                                _setPolicyDefaults,  
387                                None,  
388                                "Policy PolicyDefaults element")    
389   
390 -    def evaluateCombiningAlgorithm(self, context): 
391          """Evaluates the rule combining algorithm for this policy. 
392          @param context: the request context 
393          @type context: ndg.xacml.core.request.Request 
394          @return: result of the evaluation - the decision for this policy 
395          @rtype: ndg.xacml.core.context.result.Decision 
396          """ 
397          return self.ruleCombiningAlg.evaluate(self.rules, context) 
398