Source Code for Module ndg.xacml.core.policyset

  1  """NDG Security Policy Set type definition 
  2   
  3  NERC DataGrid 
  4  """ 
  5  __author__ = "R B Wilkinson" 
  6  __date__ = "01/11/11" 
  7  __copyright__ = "(C) 2011 Science and Technology Facilities Council" 
  8  __contact__ = "Philip.Kershaw@stfc.ac.uk" 
  9  __license__ = "BSD - see LICENSE file in top-level directory" 
 10  __contact__ = "Philip.Kershaw@stfc.ac.uk" 
 11  __revision__ = "$Id$" 
 12   
 13  import logging 
 14  log = logging.getLogger(__name__) 
 15   
 16  from ndg.xacml.utils import TypedList 
 17  from ndg.xacml.parsers import AbstractReaderFactory, AbstractReader 
 18  from ndg.xacml.core.policybase import PolicyBase 
 19  from ndg.xacml.core.policydefaults import PolicyDefaults 
 20  from ndg.xacml.core.target import Target 
 21  from ndg.xacml.core.obligation import Obligation 
 22  from ndg.xacml.core.policy_combining_alg import (PolicyCombiningAlgClassFactory, 
 23                                                   PolicyCombiningAlgInterface) 
 24  from ndg.xacml.core.functions import (UnsupportedStdFunctionError, 
 25                                        UnsupportedFunctionError) 
 26   
 27   
 28 -class PolicySet(PolicyBase): 
 29      """XACML Policy Set 
 30       
 31      @cvar DEFAULT_XACML_VERSION: default is 2.0 
 32      @type DEFAULT_XACML_VERSION: string 
 33      @cvar ELEMENT_LOCAL_NAME: XML local name for this element 
 34      @type ELEMENT_LOCAL_NAME: string 
 35      @cvar POLICY_SET_ID_ATTRIB_NAME: policy set id XML attribute name 
 36      @type POLICY_SET_ID_ATTRIB_NAME: string 
 37      @cvar POLICY_COMBINING_ALG_ID_ATTRIB_NAME: policy combining algorithm id 
 38      XML attribute name 
 39      @type POLICY_COMBINING_ALG_ID_ATTRIB_NAME: string 
 40      @cvar VERSION_ATTRIB_NAME: version XML attribute name 
 41      @type VERSION_ATTRIB_NAME: string 
 42      @cvar DESCRIPTION_LOCAL_NAME: description XML element local name 
 43      @type DESCRIPTION_LOCAL_NAME: string 
 44      @cvar POLICY_SET_DEFAULTS_LOCAL_NAME: policy set defaults XML element local 
 45      name 
 46      @type POLICY_SET_DEFAULTS_LOCAL_NAME: string 
 47      @cvar COMBINER_PARAMETERS_LOCAL_NAME: combiner parameter XML element local 
 48      name 
 49      @type COMBINER_PARAMETERS_LOCAL_NAME: string 
 50      @cvar POLICY_COMBINER_PARAMETERS_LOCAL_NAME: policy combiner parameter XML 
 51      element local name 
 52      @type POLICY_COMBINER_PARAMETERS_LOCAL_NAME: string 
 53      @cvar POLICY_SET_COMBINER_PARAMETERS_LOCAL_NAME: policy set combiner 
 54      parameter XML element local name 
 55      @type POLICY_SET_COMBINER_PARAMETERS_LOCAL_NAME: string 
 56      @cvar OBLIGATIONS_LOCAL_NAME: obligations XML element local name 
 57      @type OBLIGATIONS_LOCAL_NAME: string 
 58       
 59      @ivar __policySetId: policy set id 
 60      @type __policySetId: NoneType / basestring 
 61      @ivar __version: policy version 
 62      @type __version: NoneType / basestring 
 63      @ivar __policyCombiningAlgId: policy combining algorithm ID 
 64      @type __policyCombiningAlgId: NoneType / basestring 
 65      @ivar __description: policy decription text 
 66      @type __description: NoneType / basestring 
 67      @ivar __target: target element 
 68      @type __target: NoneType / ndg.xacml.core.target.Target 
 69      @ivar __policies: list of policies and/or policy sets 
 70      @type __policies: ndg.xacml.utils.TypedList 
 71      @ivar __obligations: obligations 
 72      @type __obligations: ndg.xacml.utils.TypedList 
 73      @ivar __policyCombiningAlgFactory: policy combining algorithm factory 
 74      @type __policyCombiningAlgFactory: ndg.xacml.core.policy_combining_alg.PolicyCombiningAlgClassFactory 
 75      @ivar __policyCombiningAlg: policy combining algorithm 
 76      @type __policyCombiningAlg: NoneType / ndg.xacml.core.policy_combining_alg.PolicyCombiningAlgInterface 
 77      """  
 78   
 79      DEFAULT_XACML_VERSION = "2.0" 
 80      ELEMENT_LOCAL_NAME = "PolicySet" 
 81      POLICY_SET_ID_ATTRIB_NAME = "PolicySetId" 
 82      POLICY_COMBINING_ALG_ID_ATTRIB_NAME = "PolicyCombiningAlgId" 
 83      VERSION_ATTRIB_NAME = "Version" 
 84   
 85      DESCRIPTION_LOCAL_NAME = "Description" 
 86      POLICY_SET_DEFAULTS_LOCAL_NAME = "PolicySetDefaults" 
 87      COMBINER_PARAMETERS_LOCAL_NAME = "CombinerParameters" 
 88      POLICY_COMBINER_PARAMETERS_LOCAL_NAME = "PolicyCombinerParameters" 
 89      POLICY_SET_COMBINER_PARAMETERS_LOCAL_NAME = "PolicySetCombinerParameters" 
 90      OBLIGATIONS_LOCAL_NAME = "Obligations" 
 91      POLICY_SET_ID_REFERENCE = "PolicySetIdReference" 
 92   
 93      __slots__ = ( 
 94          '__policySetId', 
 95          '__version', 
 96          '__policyCombiningAlgId', 
 97          '__description', 
 98          '__policySetDefaults', 
 99          '__target', 
100          '__policies', 
101          '__obligations', 
102          '__policyCombiningAlgFactory', 
103          '__policyCombiningAlg' 
104      ) 
105   
106 -    def __init__(self, policyCombiningAlgFactory=None): 
107          ''' 
108          Constructor 
109          ''' 
110          super(PolicySet, self).__init__() 
111          self.__policySetId = None 
112          self.__version = None 
113          self.__policyCombiningAlgId = None 
114          self.__description = None 
115          self.__target = None 
116          self.__policySetDefaults = None 
117   
118          # Attr should eventually allow a choice of Rule, CombinerParameter, 
119          # RuleCombinerParameter and VariableDefinition but only Rule type is 
120          # currently supported 
121          self.__policies = TypedList(PolicyBase) 
122   
123          self.__obligations = TypedList(Obligation) 
124   
125          self.__policyCombiningAlgFactory = None 
126          if policyCombiningAlgFactory is None: 
127              self.policyCombiningAlgFactory = PolicyCombiningAlgClassFactory() 
128          else: 
129              self.policyCombiningAlgFactory = policyCombiningAlgFactory 
130   
131          self.__policyCombiningAlg = None 
132   
133      @classmethod 
134 -    def fromSource(cls, source, readerFactory): 
135          """Create a new policy from the input source parsing it using a 
136          reader from the required reader factory e.g. ETreeReaderFactory to use 
137          ElementTree based parsing 
138   
139          @param source: source from which to read the policy - file path, 
140          file object, XML node or other dependent on the reader factory selected 
141          @type source: string, file, XML node type 
142          @param readerFactory: factory class returns reader class used to parse 
143          the policy 
144          @type readerFactory: ndg.xacml.parsers.AbstractReaderFactory 
145          @return: new policy instance 
146          @rtype: ndg.xacml.core.policy.Policy 
147          """ 
148          if not issubclass(readerFactory, AbstractReaderFactory): 
149              raise TypeError('Expecting %r derived class for reader factory ' 
150                              'method; got %r' % (AbstractReaderFactory, 
151                                                  readerFactory)) 
152   
153          reader = readerFactory.getReader(cls) 
154          if not issubclass(reader, AbstractReader): 
155              raise TypeError('Expecting %r derived class for reader class; ' 
156                              'got %r' % (AbstractReader, reader)) 
157   
158          return reader.parse(source) 
159   
160 -    def _getPolicyCombiningAlgFactory(self): 
161          """ 
162          @return: policy combining algorithm factory 
163          @rtype: NoneType / ndg.xacml.core.policy_combining_alg.PolicyCombiningAlgClassFactory 
164          """ 
165          return self.__policyCombiningAlgFactory 
166   
167 -    def _setPolicyCombiningAlgFactory(self, value): 
168          """ 
169          @param value: policy combining algorithm factory 
170          @type value: ndg.xacml.core.policy_combining_alg.PolicyCombiningAlgClassFactory 
171          @raise TypeError: incorrect input type 
172          """ 
173          if not isinstance(value, PolicyCombiningAlgClassFactory): 
174              raise TypeError('Expecting %r derived type for ' 
175                              '"policyCombiningAlgFactory" attibute; got %r' % 
176                              (PolicyCombiningAlgClassFactory, type(value))) 
177   
178          self.__policyCombiningAlgFactory = value 
179   
180      policyCombiningAlgFactory = property(_getPolicyCombiningAlgFactory, 
181                                         _setPolicyCombiningAlgFactory, 
182                                         doc="Policy Combining Algorithm Factory") 
183   
184      @property 
185 -    def policyCombiningAlg(self): 
186          """Policy Combining algorithm 
187          @return: policy combining algorithm class instance 
188          @rtype: ndg.xacml.core.policy_combining_alg.PolicyCombiningAlgInterface 
189          derived type 
190          """ 
191          return self.__policyCombiningAlg 
192   
193 -    def _getPolicySetId(self): 
194          ''' 
195          @return: policy set id 
196          @rtype: NoneType / basestring 
197          ''' 
198          return self.__policySetId 
199   
200 -    def _setPolicySetId(self, value): 
201          '''@param value: policy set id 
202          @type value: basestring 
203          @raise TypeError: incorrect input type 
204          ''' 
205          if not isinstance(value, basestring): 
206              raise TypeError('Expecting string type for "policySetId" ' 
207                              'attribute; got %r' % type(value)) 
208   
209          self.__policySetId = value 
210   
211      policySetId = property(_getPolicySetId, _setPolicySetId, None, "Policy Set Id") 
212      # Generic property for ID of Policy and PolicySet 
213      ident = property(_getPolicySetId, None, None, "Policy Set Id") 
214   
215 -    def _getVersion(self): 
216          '''@return: policy set version 
217          @rtype: NoneType / basestring 
218          ''' 
219          return self.__version 
220   
221 -    def _setVersion(self, value): 
222          '''@param value: policy set version 
223          @type value: basestring 
224          @raise TypeError: incorrect input type 
225          ''' 
226          if not isinstance(value, basestring): 
227              raise TypeError('Expecting string type for "version" ' 
228                              'attribute; got %r' % type(value)) 
229   
230          self.__version = value 
231   
232      version = property(_getVersion, _setVersion, None, "Policy Set Version") 
233   
234 -    def _getPolicyCombiningAlgId(self): 
235          '''@return: policy combining algorithm ID 
236          @rtype: NoneType / basestring 
237          ''' 
238          return self.__policyCombiningAlgId 
239   
240 -    def _setPolicyCombiningAlgId(self, value): 
241          '''@param value: policy combining algorithm ID 
242          @type value: NoneType / basestring 
243          @raise TypeError: incorrect input type 
244          ''' 
245          if not isinstance(value, basestring): 
246              raise TypeError('Expecting string type for "policyCombiningAlgId" ' 
247                              'attribute; got %r' % type(value)) 
248   
249          self.__policyCombiningAlgId = value 
250          self._setPolicyCombiningAlgFromId() 
251   
252 -    def _setPolicyCombiningAlgFromId(self): 
253          """Set the policy combining algorithm implementation from the Id set in 
254          __policyCombiningAlgId the attribute 
255   
256          @raise TypeError: incorrect input type 
257          @raise UnsupportedStdFunctionError: no implementation is avaliable for 
258          this XACML policy combining algorithm 
259          @raise UnsupportedFunctionError: the policy combining algorithm is not 
260          recognised as a standard XACML one 
261          """ 
262          # Look up policy combining algorithm 
263          policyCombiningAlgClass = self.__policyCombiningAlgFactory( 
264                                                      self.__policyCombiningAlgId) 
265          if (not isinstance(policyCombiningAlgClass, type) or 
266              not issubclass(policyCombiningAlgClass, 
267                             PolicyCombiningAlgInterface)): 
268              raise TypeError('Expecting %r derived type for policy combining ' 
269                              'algorithm class; got %r type' % 
270                              (PolicyCombiningAlgInterface, 
271                               policyCombiningAlgClass)) 
272   
273          self.__policyCombiningAlg = policyCombiningAlgClass() 
274          if self.__policyCombiningAlg is NotImplemented: 
275              raise UnsupportedStdFunctionError('The policy combining algorithm ' 
276                                                '%r is not currently implemented' 
277                                                 % self.__policyCombiningAlgId) 
278   
279          elif self.__policyCombiningAlg is None: 
280              raise UnsupportedFunctionError('%r is not recognised as a valid ' 
281                                             'XACML policy combining algorithm' % 
282                                             self.__policyCombiningAlgId) 
283   
284      policyCombiningAlgId = property(_getPolicyCombiningAlgId, 
285                                      _setPolicyCombiningAlgId, None, 
286                                      doc="Policy Combining Algorithm Id") 
287   
288      @property 
289 -    def combinerParameters(self): 
290          """@raise NotImplementedError: combiner parameters property is not 
291          currently implemented 
292          """ 
293          raise NotImplementedError() 
294   
295      @property 
296 -    def policyCombinerParameters(self): 
297          """@raise NotImplementedError: policy combiner parameters property is 
298          not currently implemented 
299          """ 
300          raise NotImplementedError() 
301   
302      @property 
303 -    def variableDefinitions(self): 
304          """@raise NotImplementedError: variable definitions parameters property 
305          is not currently implemented 
306          """ 
307          raise NotImplementedError() 
308   
309      @property 
310 -    def policies(self): 
311          """Return the list of policies / policy sets 
312          @return: list of policies / policy sets 
313          @rtype: ndg.xacml.utils.TypedList 
314          """ 
315          return self.__policies 
316   
317      @property 
318 -    def obligations(self): 
319          """@return: obligations 
320          @rtype: ndg.xacml.utils.TypedList 
321          """ 
322          return self.__obligations 
323   
324 -    def _getTarget(self): 
325          """@return: target element 
326          @rtype: NoneType / ndg.xacml.core.target.Target 
327          """ 
328          return self.__target 
329   
330 -    def _setTarget(self, value): 
331          """@param value: target element 
332          @type value: ndg.xacml.core.target.Target 
333          @raise TypeError: incorrect input type 
334          """ 
335          if not isinstance(value, Target): 
336              raise TypeError('Expecting Target for "target" ' 
337                              'attribute; got %r' % type(value)) 
338          self.__target = value 
339   
340      target = property(_getTarget, _setTarget, doc="list of Policy targets") 
341   
342 -    def _getDescription(self): 
343          '''@return: policy description text 
344          @rtype: NoneType / basestring 
345          ''' 
346          return self.__description 
347   
348 -    def _setDescription(self, value): 
349          '''@param value: policy description text 
350          @type value: basestring 
351          @raise TypeError: incorrect input type 
352          ''' 
353          if not isinstance(value, basestring): 
354              raise TypeError('Expecting string type for "description" ' 
355                              'attribute; got %r' % type(value)) 
356          self.__description = value 
357   
358      description = property(_getDescription, _setDescription, 
359                             doc="Policy Description text") 
360   
361 -    def _getPolicySetDefaults(self): 
362          '''@return: policy set defaults 
363          @rtype: NoneType / ndg.xacml.core.policydefaults.PolicyDefaults 
364          ''' 
365          return self.__policySetDefaults 
366   
367 -    def _setPolicySetDefaults(self, value): 
368          '''@param value: policy set defaults 
369          @type value: ndg.xacml.core.policydefaults.PolicyDefaults 
370          @raise TypeError: incorrect input type 
371          ''' 
372          if not isinstance(value, PolicyDefaults): 
373              raise TypeError('Expecting string type for "policyDefaults" ' 
374                              'attribute; got %r' % type(value)) 
375   
376          self.__policySetDefaults = value 
377   
378      policySetDefaults = property(_getPolicySetDefaults, 
379                                   _setPolicySetDefaults, 
380                                   None, 
381                                   "Policy Set PolicyDefaults element") 
382   
383 -    def evaluateCombiningAlgorithm(self, context): 
384          """Evaluates the policy combining algorithm for this policy set. 
385          @param context: the request context 
386          @type context: ndg.xacml.core.request.Request 
387          @return: result of the evaluation - the decision for this policy set 
388          @rtype: ndg.xacml.core.context.result.Decision 
389          """ 
390          return self.policyCombiningAlg.evaluate(self.policies, context) 
391