source: TI12-security/trunk/NDG_XACML/ndg/xacml/core/policy.py @ 6823

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/NDG_XACML/ndg/xacml/core/policy.py@6823
Revision 6823, 9.4 KB checked in by pjkersha, 10 years ago (diff)

Working XACML implementation with permit-overrides rule combining algorithm.

Line 
1"""NDG Security Policy type definition
2
3NERC DataGrid Project
4"""
5__author__ = "P J Kershaw"
6__date__ = "24/02/10"
7__copyright__ = "(C) 2010 Science and Technology Facilities Council"
8__contact__ = "Philip.Kershaw@stfc.ac.uk"
9__license__ = "BSD - see LICENSE file in top-level directory"
10__contact__ = "Philip.Kershaw@stfc.ac.uk"
11__revision__ = "$Id: $"
12from ndg.xacml.utils import TypedList
13from ndg.xacml.parsers import AbstractReaderFactory, AbstractReader
14from ndg.xacml.core import XacmlCoreBase
15from ndg.xacml.core.policydefaults import PolicyDefaults
16from ndg.xacml.core.target import Target
17from ndg.xacml.core.rule import Rule
18from ndg.xacml.core.obligation import Obligation
19from ndg.xacml.core.rule_combining_alg import (RuleCombiningAlgClassFactory,
20                                               RuleCombiningAlgInterface)
21from ndg.xacml.core.exceptions import (UnsupportedStdFunctionError,
22                                       UnsupportedFunctionError)
23
24
25class PolicyParseError(Exception):
26    """Error reading policy attributes from file"""
27
28
29class InvalidPolicyXmlNsError(PolicyParseError):
30    """Invalid XML namespace for policy document"""
31
32
33class Policy(XacmlCoreBase):
34    """NDG MSI Policy.""" 
35    DEFAULT_XACML_VERSION = "1.0"
36    ELEMENT_LOCAL_NAME = "Policy"
37    POLICY_ID_ATTRIB_NAME = "PolicyId"
38    RULE_COMBINING_ALG_ID_ATTRIB_NAME = "RuleCombiningAlgId"
39    VERSION_ATTRIB_NAME = "Version"
40
41    DESCRIPTION_LOCAL_NAME = "Description"
42    POLICY_DEFAULTS_LOCAL_NAME = "PolicyDefaults"
43    COMBINER_PARAMETERS_LOCAL_NAME = "CombinerParameters"
44    RULE_COMBINER_PARAMETERS_LOCAL_NAME = "RuleCombinerParameters"
45    OBLIGATIONS_LOCAL_NAME = "Obligations"
46   
47    __slots__ = (
48        '__policyId',
49        '__version',
50        '__ruleCombiningAlgId',
51        '__description',
52        '__policyDefaults',
53        '__target',
54        '__attr',
55        '__obligations',
56        '__ruleCombiningAlgFactory',
57        '__ruleCombiningAlg'
58    )
59   
60    def __init__(self, ruleCombiningAlgFactory=None):
61        """Customise rule combining behaviour by passing in a custom combining
62        algorithm factory.  This is invoked when the combining algorithm Id
63        property is set in order to create the corresponding combining algorithm
64        object
65        """
66        super(Policy, self).__init__()
67        self.__policyId = None
68        self.__version = None
69        self.__ruleCombiningAlgId = None
70        self.__description = None
71        self.__target = None
72       
73        # Attr should eventually allow a choice of Rule, CombinerParameter,
74        # RuleCombinerParameter and VariableDefinition but only Rule type is
75        # currently supported
76        self.__attr = TypedList(Rule)
77       
78        self.__obligations = TypedList(Obligation)
79       
80        self.__ruleCombiningAlgFactory = None
81        if ruleCombiningAlgFactory is None:
82            self.ruleCombiningAlgFactory = RuleCombiningAlgClassFactory()
83        else:
84            self.ruleCombiningAlgFactory = ruleCombiningAlgFactory
85
86        self.__ruleCombiningAlg = None
87
88    def _getRuleCombiningAlgFactory(self):
89        return self.__ruleCombiningAlgFactory
90
91    def _setRuleCombiningAlgFactory(self, value):
92        if not isinstance(value, RuleCombiningAlgClassFactory):
93            raise TypeError('Expecting %r derived type for '
94                            '"ruleCombiningAlgFactory" attibute; got %r' % 
95                            (RuleCombiningAlgClassFactory, type(value)))
96           
97        self.__ruleCombiningAlgFactory = value
98
99    ruleCombiningAlgFactory = property(_getRuleCombiningAlgFactory, 
100                                       _setRuleCombiningAlgFactory, 
101                                       doc="Rule Combining Algorithm Factory")
102   
103    @property
104    def ruleCombiningAlg(self):
105        "Rule Combining algorithm"
106        return self.__ruleCombiningAlg
107   
108    @classmethod
109    def fromSource(cls, source, readerFactory):
110        """Create a new policy from the input source parsing it using a
111        reader from the required reader factory e.g. ETreeReaderFactory to use
112        ElementTree based parsing
113       
114        @param source: source from which to read the policy - file path,
115        file object, XML node or other dependent on the reader factory selected
116        @type source: string, file, XML node type
117        @param readerFactory: factory class returns reader class used to parse
118        the policy
119        @type readerFactory: ndg.xacml.parsers.AbstractReaderFactory
120        @return: new policy instance
121        @rtype: ndg.xacml.core.policy.Policy
122        """
123        if not issubclass(readerFactory, AbstractReaderFactory):
124            raise TypeError('Expecting %r derived class for reader factory '
125                            'method; got %r' % (AbstractReaderFactory, 
126                                                readerFactory))
127           
128        reader = readerFactory.getReader(cls)
129        if not issubclass(reader, AbstractReader):
130            raise TypeError('Expecting %r derived class for reader class; '
131                            'got %r' % (AbstractReader, reader))
132           
133        return reader.parse(source)
134       
135    def _getPolicyId(self):
136        return self.__policyId
137
138    def _setPolicyId(self, value):
139        if not isinstance(value, basestring):
140            raise TypeError('Expecting string type for "policyId" '
141                            'attribute; got %r' % type(value))
142           
143        self.__policyId = value
144
145    policyId = property(_getPolicyId, _setPolicyId, None, "Policy Id")
146
147    def _getVersion(self):
148        return self.__version
149
150    def _setVersion(self, value):
151        if not isinstance(value, basestring):
152            raise TypeError('Expecting string type for "version" '
153                            'attribute; got %r' % type(value))
154           
155        self.__version = value
156
157    version = property(_getVersion, _setVersion, None, "Policy Version")
158
159    def _getRuleCombiningAlgId(self):
160        return self.__ruleCombiningAlgId
161
162    def _setRuleCombiningAlgId(self, value):
163        if not isinstance(value, basestring):
164            raise TypeError('Expecting string type for "ruleCombiningAlgId" '
165                            'attribute; got %r' % type(value))
166           
167        self.__ruleCombiningAlgId = value
168        self._setRuleCombiningAlgFromId()
169       
170    def _setRuleCombiningAlgFromId(self):
171        """Set the rule combining algorithm implementation from the Id set
172        """
173        # Look-up rule combining algorithm
174        ruleCombiningAlgClass = self.__ruleCombiningAlgFactory(
175                                                    self.__ruleCombiningAlgId)
176        if not issubclass(ruleCombiningAlgClass, RuleCombiningAlgInterface):
177            raise TypeError('Expecting %r derived type for rule combining '
178                            'algorithm class; got %r' %
179                            (RuleCombiningAlgInterface, ruleCombiningAlgClass))
180           
181        self.__ruleCombiningAlg = ruleCombiningAlgClass()
182        if self.__ruleCombiningAlg is NotImplemented:
183            raise UnsupportedStdFunctionError('The rule combining algorithm %r '
184                                              'is not currently implemented' % 
185                                              self.__ruleCombiningAlgId)
186           
187        elif self.__ruleCombiningAlg is None:
188            raise UnsupportedFunctionError('%r is not recognised as a valid '
189                                           'XACML rule combining algorithm' % 
190                                           self.__ruleCombiningAlgId) 
191
192    ruleCombiningAlgId = property(_getRuleCombiningAlgId, 
193                                  _setRuleCombiningAlgId, None, 
194                                  doc="Rule Combining Algorithm Id")
195
196    @property
197    def combinerParameters(self):
198        raise NotImplementedError()
199   
200    @property
201    def ruleCombinerParameters(self):
202        raise NotImplementedError()
203   
204    @property
205    def variableDefinitions(self):
206        raise NotImplementedError()
207   
208    @property
209    def rules(self):
210        return self.__attr
211   
212    @property
213    def obligations(self):
214        return self.__obligations
215
216    def _getTarget(self):
217        return self.__target
218
219    def _setTarget(self, value):
220        if not isinstance(value, Target):
221            raise TypeError('Expecting Target for "target" '
222                            'attribute; got %r' % type(value))
223        self.__target = value
224
225    target = property(_getTarget, _setTarget, doc="list of Policy targets")
226
227    def _getDescription(self):
228        return self.__description
229
230    def _setDescription(self, value):
231        if not isinstance(value, basestring):
232            raise TypeError('Expecting string type for "description" '
233                            'attribute; got %r' % type(value))
234        self.__description = value
235
236    description = property(_getDescription, _setDescription, 
237                           doc="Policy Description text")
238
239    def _getPolicyDefaults(self):
240        return self.__policyDefaults
241
242    def _setPolicyDefaults(self, value):
243        if not isinstance(value, PolicyDefaults):
244            raise TypeError('Expecting string type for "policyDefaults" '
245                            'attribute; got %r' % type(value))
246           
247        self.__policyDefaults = value
248
249    policyDefaults = property(_getPolicyDefaults, 
250                              _setPolicyDefaults, 
251                              None, 
252                              "Policy PolicyDefaults element")   
253
254
Note: See TracBrowser for help on using the repository browser.