1 """NDG Security Policy type definition
2
3 NERC DataGrid
4 """
5 __author__ = "P J Kershaw"
6 __date__ = "24/02/10"
7 __copyright__ = "(C) 2010 Science and Technology Facilities Council"
8 __contact__ = "Philip.Kershaw@stfc.ac.uk"
9 __license__ = "BSD - see LICENSE file in top-level directory"
10 __contact__ = "Philip.Kershaw@stfc.ac.uk"
11 __revision__ = "$Id: policy.py 7955 2011-12-21 18:29:45Z rwilkinson $"
12 import logging
13 log = logging.getLogger(__name__)
14
15 from ndg.xacml.utils import TypedList
16 from ndg.xacml.parsers import AbstractReaderFactory, AbstractReader
17 from ndg.xacml.core.policybase import PolicyBase
18 from ndg.xacml.core.policydefaults import PolicyDefaults
19 from ndg.xacml.core.target import Target
20 from ndg.xacml.core.rule import Rule
21 from ndg.xacml.core.obligation import Obligation
22 from ndg.xacml.core.rule_combining_alg import (RuleCombiningAlgClassFactory,
23 RuleCombiningAlgInterface)
24 from ndg.xacml.core.functions import (UnsupportedStdFunctionError,
25 UnsupportedFunctionError)
29 """Error reading policy attributes from file"""
30
33 """Invalid XML namespace for policy document"""
34
37 """XACML Policy
38
39 @cvar DEFAULT_XACML_VERSION: default is 2.0
40 @type DEFAULT_XACML_VERSION: string
41 @cvar ELEMENT_LOCAL_NAME: XML local name for this element
42 @type ELEMENT_LOCAL_NAME: string
43 @cvar POLICY_ID_ATTRIB_NAME: policy id XML attribute name
44 @type POLICY_ID_ATTRIB_NAME: string
45 @cvar RULE_COMBINING_ALG_ID_ATTRIB_NAME: rule combining algorithm id XML
46 attribute name
47 @type RULE_COMBINING_ALG_ID_ATTRIB_NAME: string
48 @cvar VERSION_ATTRIB_NAME: version XML attribute name
49 @type VERSION_ATTRIB_NAME: string
50 @cvar DESCRIPTION_LOCAL_NAME: description XML element local name
51 @type DESCRIPTION_LOCAL_NAME: string
52 @cvar POLICY_DEFAULTS_LOCAL_NAME: policy defaults XML element local name
53 @type POLICY_DEFAULTS_LOCAL_NAME: string
54 @cvar COMBINER_PARAMETERS_LOCAL_NAME: combiner parameter XML element local
55 name
56 @type COMBINER_PARAMETERS_LOCAL_NAME: string
57 @cvar RULE_COMBINER_PARAMETERS_LOCAL_NAME: rule combiner parameter XML
58 element local name
59 @type RULE_COMBINER_PARAMETERS_LOCAL_NAME: string
60 @cvar OBLIGATIONS_LOCAL_NAME: obligations XML element local name
61 @type OBLIGATIONS_LOCAL_NAME: string
62
63 @ivar __policyId: policy id
64 @type __policyId: NoneType / basestring
65 @ivar __version: policy version
66 @type __version: NoneType / basestring
67 @ivar __ruleCombiningAlgId: rule combining algorithm ID
68 @type __ruleCombiningAlgId: NoneType / basestring
69 @ivar __description: policy decription text
70 @type __description: NoneType / basestring
71 @ivar __target: target element
72 @type __target: NoneType / ndg.xacml.core.target.Target
73 @ivar __attr: list of rules
74 @type __attr: ndg.xacml.utils.TypedList
75 @ivar __obligations: obligations
76 @type __obligations: ndg.xacml.utils.TypedList
77 @ivar __ruleCombiningAlgFactory: rule combining algorithm factory
78 @type __ruleCombiningAlgFactory: ndg.xacml.core.rule_combining_alg.RuleCombiningAlgClassFactory
79 @ivar __ruleCombiningAlg: rule combining algorithm
80 @type __ruleCombiningAlg: NoneType / ndg.xacml.core.rule_combining_alg.RuleCombiningAlgInterface
81 """
82 DEFAULT_XACML_VERSION = "2.0"
83 ELEMENT_LOCAL_NAME = "Policy"
84 POLICY_ID_ATTRIB_NAME = "PolicyId"
85 RULE_COMBINING_ALG_ID_ATTRIB_NAME = "RuleCombiningAlgId"
86 VERSION_ATTRIB_NAME = "Version"
87
88 DESCRIPTION_LOCAL_NAME = "Description"
89 POLICY_DEFAULTS_LOCAL_NAME = "PolicyDefaults"
90 COMBINER_PARAMETERS_LOCAL_NAME = "CombinerParameters"
91 RULE_COMBINER_PARAMETERS_LOCAL_NAME = "RuleCombinerParameters"
92 OBLIGATIONS_LOCAL_NAME = "Obligations"
93 POLICY_ID_REFERENCE = "PolicyIdReference"
94
95 __slots__ = (
96 '__policyId',
97 '__version',
98 '__ruleCombiningAlgId',
99 '__description',
100 '__policyDefaults',
101 '__target',
102 '__attr',
103 '__obligations',
104 '__ruleCombiningAlgFactory',
105 '__ruleCombiningAlg'
106 )
107
108 - def __init__(self, ruleCombiningAlgFactory=None):
141
143 """
144 @return: rule combining algorithm factory
145 @rtype: NoneType / ndg.xacml.core.rule_combining_alg.RuleCombiningAlgClassFactory
146 """
147 return self.__ruleCombiningAlgFactory
148
161
162 ruleCombiningAlgFactory = property(_getRuleCombiningAlgFactory,
163 _setRuleCombiningAlgFactory,
164 doc="Rule Combining Algorithm Factory")
165
166 @property
168 """Rule Combining algorithm
169 @return: rule combining algorithm class instance
170 @rtype: ndg.xacml.core.rule_combining_alg.RuleCombiningAlgInterface
171 derived type
172 """
173 return self.__ruleCombiningAlg
174
175 @classmethod
177 """Create a new policy from the input source parsing it using a
178 reader from the required reader factory e.g. ETreeReaderFactory to use
179 ElementTree based parsing
180
181 @param source: source from which to read the policy - file path,
182 file object, XML node or other dependent on the reader factory selected
183 @type source: string, file, XML node type
184 @param readerFactory: factory class returns reader class used to parse
185 the policy
186 @type readerFactory: ndg.xacml.parsers.AbstractReaderFactory
187 @return: new policy instance
188 @rtype: ndg.xacml.core.policy.Policy
189 """
190 if not issubclass(readerFactory, AbstractReaderFactory):
191 raise TypeError('Expecting %r derived class for reader factory '
192 'method; got %r' % (AbstractReaderFactory,
193 readerFactory))
194
195 reader = readerFactory.getReader(cls)
196 if not issubclass(reader, AbstractReader):
197 raise TypeError('Expecting %r derived class for reader class; '
198 'got %r' % (AbstractReader, reader))
199
200 return reader.parse(source)
201
203 '''
204 @return: policy id
205 @rtype: NoneType / basestring
206 '''
207 return self.__policyId
208
210 '''@param value: policy id
211 @type value: basestring
212 @raise TypeError: incorrect input type
213 '''
214 if not isinstance(value, basestring):
215 raise TypeError('Expecting string type for "policyId" '
216 'attribute; got %r' % type(value))
217
218 self.__policyId = value
219
220 policyId = property(_getPolicyId, _setPolicyId, None, "Policy Id")
221
222 ident = property(_getPolicyId, None, None, "Policy Id")
223
225 '''@return: policy version
226 @rtype: NoneType / basestring
227 '''
228 return self.__version
229
231 '''@param value: policy version
232 @type value: basestring
233 @raise TypeError: incorrect input type
234 '''
235 if not isinstance(value, basestring):
236 raise TypeError('Expecting string type for "version" '
237 'attribute; got %r' % type(value))
238
239 self.__version = value
240
241 version = property(_getVersion, _setVersion, None, "Policy Version")
242
244 '''@return: rule combining algorithm ID
245 @rtype: NoneType / basestring
246 '''
247 return self.__ruleCombiningAlgId
248
250 '''@param value: rule combining algorithm ID
251 @type value: NoneType / basestring
252 @raise TypeError: incorrect input type
253 '''
254 if not isinstance(value, basestring):
255 raise TypeError('Expecting string type for "ruleCombiningAlgId" '
256 'attribute; got %r' % type(value))
257
258 self.__ruleCombiningAlgId = value
259 self._setRuleCombiningAlgFromId()
260
262 """Set the rule combining algorithm implementation from the Id set in
263 __ruleCombiningAlgId the attribute
264
265 @raise TypeError: incorrect input type
266 @raise UnsupportedStdFunctionError: no implementation is avaliable for
267 this XACML rule combining algorithm
268 @raise UnsupportedFunctionError: the rule combining algorithm is not
269 recognised as a standard XACML one
270 """
271
272 ruleCombiningAlgClass = self.__ruleCombiningAlgFactory(
273 self.__ruleCombiningAlgId)
274 if (not isinstance(ruleCombiningAlgClass, type) or
275 not issubclass(ruleCombiningAlgClass, RuleCombiningAlgInterface)):
276 raise TypeError('Expecting %r derived type for rule combining '
277 'algorithm class; got %r type' %
278 (RuleCombiningAlgInterface, ruleCombiningAlgClass))
279
280 self.__ruleCombiningAlg = ruleCombiningAlgClass()
281 if self.__ruleCombiningAlg is NotImplemented:
282 raise UnsupportedStdFunctionError('The rule combining algorithm %r '
283 'is not currently implemented' %
284 self.__ruleCombiningAlgId)
285
286 elif self.__ruleCombiningAlg is None:
287 raise UnsupportedFunctionError('%r is not recognised as a valid '
288 'XACML rule combining algorithm' %
289 self.__ruleCombiningAlgId)
290
291 ruleCombiningAlgId = property(_getRuleCombiningAlgId,
292 _setRuleCombiningAlgId, None,
293 doc="Rule Combining Algorithm Id")
294
295 @property
297 """@raise NotImplementedError: combiner parameters property is not
298 currently implemented
299 """
300 raise NotImplementedError()
301
302 @property
304 """@raise NotImplementedError: rule combiner parameters property is not
305 currently implemented
306 """
307 raise NotImplementedError()
308
309 @property
311 """@raise NotImplementedError: variable definitions parameters property
312 is not currently implemented
313 """
314 raise NotImplementedError()
315
316 @property
318 """Return the list of rules
319 @return: list of rules
320 @rtype: ndg.xacml.utils.TypedList
321 """
322 return self.__attr
323
324 @property
326 """@return: obligations
327 @rtype: ndg.xacml.utils.TypedList
328 """
329 return self.__obligations
330
332 """@return: target element
333 @rtype: NoneType / ndg.xacml.core.target.Target
334 """
335 return self.__target
336
338 """@param value: target element
339 @type value: ndg.xacml.core.target.Target
340 @raise TypeError: incorrect input type
341 """
342 if not isinstance(value, Target):
343 raise TypeError('Expecting Target for "target" '
344 'attribute; got %r' % type(value))
345 self.__target = value
346
347 target = property(_getTarget, _setTarget, doc="list of Policy targets")
348
350 '''@return: policy description text
351 @rtype: NoneType / basestring
352 '''
353 return self.__description
354
356 '''@param value: policy description text
357 @type value: basestring
358 @raise TypeError: incorrect input type
359 '''
360 if not isinstance(value, basestring):
361 raise TypeError('Expecting string type for "description" '
362 'attribute; got %r' % type(value))
363 self.__description = value
364
365 description = property(_getDescription, _setDescription,
366 doc="Policy Description text")
367
369 '''@return: policy defaults
370 @rtype: NoneType / ndg.xacml.core.policydefaults.PolicyDefaults
371 '''
372 return self.__policyDefaults
373
375 '''@param value: policy defaults
376 @type value: ndg.xacml.core.policydefaults.PolicyDefaults
377 @raise TypeError: incorrect input type
378 '''
379 if not isinstance(value, PolicyDefaults):
380 raise TypeError('Expecting string type for "policyDefaults" '
381 'attribute; got %r' % type(value))
382
383 self.__policyDefaults = value
384
385 policyDefaults = property(_getPolicyDefaults,
386 _setPolicyDefaults,
387 None,
388 "Policy PolicyDefaults element")
389
391 """Evaluates the rule combining algorithm for this policy.
392 @param context: the request context
393 @type context: ndg.xacml.core.request.Request
394 @return: result of the evaluation - the decision for this policy
395 @rtype: ndg.xacml.core.context.result.Decision
396 """
397 return self.ruleCombiningAlg.evaluate(self.rules, context)
398