Changeset 6731

Timestamp:

16/03/10 10:45:01 (11 years ago)

Author:

pjkersha

Message:

Work on XACML !ETree based parsing. Added first basic unit test.

Location:

TI12-security/trunk/NDGSecurity/python

Files:

• ndg_security_common/ndg/security/common/authz/xacml/combinerparameter.py (added)
• ndg_security_common/ndg/security/common/authz/xacml/environment.py (modified) (1 diff)
• ndg_security_common/ndg/security/common/authz/xacml/etree/__init__.py (modified) (1 diff)
• ndg_security_common/ndg/security/common/authz/xacml/etree/parsers (added)
• ndg_security_common/ndg/security/common/authz/xacml/etree/parsers/__init__.py (added)
• ndg_security_common/ndg/security/common/authz/xacml/etree/parsers/policyreader.py (added)
• ndg_security_common/ndg/security/common/authz/xacml/etree/reader.py (modified) (4 diffs)
• ndg_security_common/ndg/security/common/authz/xacml/etree/targetreader.py (added)
• ndg_security_common/ndg/security/common/authz/xacml/policy.py (modified) (1 diff)
• ndg_security_common/ndg/security/common/authz/xacml/resource.py (modified) (1 diff)
• ndg_security_common/ndg/security/common/authz/xacml/subject.py (modified) (1 diff)
• ndg_security_common/ndg/security/common/authz/xacml/target.py (modified) (1 diff)
• ndg_security_common/ndg/security/common/authz/xacml/variabledefinition.py (added)
• ndg_security_test/ndg/security/test/unit/authz/xacml (added)
• ndg_security_test/ndg/security/test/unit/authz/xacml/__init__.py (added)
• ndg_security_test/ndg/security/test/unit/authz/xacml/rule1.xml (added)
• ndg_security_test/ndg/security/test/unit/authz/xacml/test_xacml.py (added)

TI12-security/trunk/NDGSecurity/python/ndg_security_common/ndg/security/common/authz/xacml/environment.py

@@ -9 +9 @@
 
 class Environment(RequestPropertyBase):
-    MATCH_TYPE = EnviornmentMatch
+    MATCH_TYPE = EnvironmentMatch
     ELEMENT_LOCAL_NAME = 'Environment'
     

TI12-security/trunk/NDGSecurity/python/ndg_security_common/ndg/security/common/authz/xacml/etree/__init__.py

@@ +1 @@
+from xml.etree import ElementTree
+
 # Generic ElementTree Helper classes
 class QName(ElementTree.QName):

TI12-security/trunk/NDGSecurity/python/ndg_security_common/ndg/security/common/authz/xacml/etree/reader.py

@@ -6 +6 @@
 import logging
 log = logging.getLogger(__name__)
+from abc import ABCMeta, abstractmethod
 
 from xml.etree import ElementTree
 
-from ndg.security.common.authz.xacml import PolicyComponent, XMLParseError
-from ndg.security.common.authz.xacml.policy import Policy
-from ndg.security.common.authz.xacml.etree import QName
 
-
-class AbstractReader(object):
-    """ElementTree implementation of XACML reader"""
-    
+class AbstractReader:
+    """Abstract base class for ElementTree implementation of XACML reader"""
+    __metaclass__ = ABCMeta
+     
     def __init__(self):
         self.__namespace_map_backup = ElementTree._namespace_map.copy()
@@ -25 +23 @@
         ElementTree._namespace_map = self.__namespace_map_backup
         
+    @classmethod
+    def __subclasshook__(cls, C):
+        """Derived class must implement __call__"""
+        if cls is AbstractReader:
+            if any("__call__" in B.__dict__ for B in C.__mro__):
+                return True
+            
+        return NotImplemented
+        
+    @abstractmethod
     def __call__(self, obj):
         """Abstract Parse XACML method
@@ -31 +39 @@
         raise NotImplementedError()
     
-    def _parse(self, obj):
+    @classmethod
+    def parse(cls, obj):
+        """Parse from input object and return new XACML object"""
+        reader = cls()
+        return reader(obj)
+    
+    @staticmethod
+    def _parse(obj):
         """Parse helper method
         @param obj: input object to parse
@@ -45 +60 @@
             
         return elem
+                    
     
-    
-class PolicyReader(AbstractReader):
-    """Parse a Polciy Document using ElementTree
-    """
+class RuleReader(object):
     def __call__(self, obj):
-        """Parse policy object"""
-        elem = self._parse(obj)
-        
-        policy = Policy()
-        cls = Policy
-        
-        localName = QName.getLocalPart(elem.tag)
-        if localName != cls.DEFAULT_ELEMENT_LOCAL_NAME:
-            raise XMLParseError("No \"%s\" element found" %
-                                    cls.DEFAULT_ELEMENT_LOCAL_NAME)
-        
-        # Unpack attributes from top-level element
-        attributeValues = []
-        for attributeName in (cls.POLICY_ID_ATTRIB_NAME,
-                              cls.RULE_COMBINING_ALG_ID_ATTRIB_NAME):
-            attributeValue = elem.attrib.get(attributeName)
-            if attributeValue is None:
-                raise XMLParseError('No "%s" attribute found in "%s" '
-                                        'element' %
-                                        (attributeName,
-                                         cls.DEFAULT_ELEMENT_LOCAL_NAME))
-                
-            attributeValues.append(attributeValue) 
-                   
-        # Parse element attributes
-        policy.id, policy.ruleCombiningAlg = attributeValues
-        
-        # Parse sub-elements
-        for childElem in elem:
-            localName = QName.getLocalPart(childElem.tag)
-            
-            if localName == cls.DESCRIPTION_LOCALNAME:
-                policy.description = 
-            elif localName == cls.TARGET_LOCALNAME:
-                pass
-            else:
-                raise XMLParseError("XACML Policy child element name %r not "
-                                    "recognised" % localName)
+        pass
 
-        
-        return policy
+#AbstractReader.register(RuleReader)
+
+class VariableDefinitionReader(object):
+    def __call__(self, obj):
+        pass

TI12-security/trunk/NDGSecurity/python/ndg_security_common/ndg/security/common/authz/xacml/policy.py

@@ -40 +40 @@
 class Policy(PolicyComponent):
     """NDG MSI Policy.""" 
+    DEFAULT_XACML_VERSION = "1.0"
+    ELEMENT_LOCAL_NAME = "Policy"
     POLICY_ID_ATTRIB_NAME = "PolicyId"
     RULE_COMBINING_ALG_ID_ATTRIB_NAME = "RuleCombiningAlgId"
-      
-    DESCRIPTION_LOCALNAME = "Description"
-    TARGET_LOCALNAME = "Target"
-    POLICY_DEFAULTS_LOCALNAME = "PolicyDefaults"
-    OBLIGATIONS_LOCALNAME = "Obligations"
-    RULE_LOCALNAME = "Rule"
+    VERSION_ATTRIB_NAME = "Version"
+
+    DESCRIPTION_LOCAL_NAME = "Description"
+    POLICY_DEFAULTS_LOCAL_NAME = "PolicyDefaults"
+    COMBINER_PARAMETERS_LOCAL_NAME = "CombinerParameters"
+    RULE_COMBINER_PARAMETERS_LOCAL_NAME = "RuleCombinerParameters"
+    OBLIGATIONS_LOCAL_NAME = "Obligations"
     
     # Plan to support permit overrides in a future release

TI12-security/trunk/NDGSecurity/python/ndg_security_common/ndg/security/common/authz/xacml/resource.py

@@ -4 +4 @@
 @author: pjkersha
 '''
-from ndg.security.common.authz.xacml import PolicyComponent
+from ndg.security.common.authz.xacml import RequestPropertyBase
 from ndg.security.common.authz.xacml.match import ResourceMatch
 

TI12-security/trunk/NDGSecurity/python/ndg_security_common/ndg/security/common/authz/xacml/subject.py

@@ -4 +4 @@
 @author: pjkersha
 '''
-from ndg.security.common.authz.xacml import PolicyComponent
+from ndg.security.common.authz.xacml import RequestPropertyBase
 from ndg.security.common.authz.xacml.match import SubjectMatch
 

TI12-security/trunk/NDGSecurity/python/ndg_security_common/ndg/security/common/authz/xacml/target.py

@@ -13 +13 @@
 
 class Target(PolicyComponent):
+    ELEMENT_LOCAL_NAME = "Target"
+    
     __slots__ = ('__actions', '_resources', '__actions', '__environments')