Changeset 7108 for TI12-security

Timestamp:

28/06/10 10:19:26 (11 years ago)

Author:

pjkersha

Message:

Incomplete - task 2: XACML-Security Integration

• updating epydoc ready for release.

Location:

TI12-security/trunk/ndg_xacml/ndg/xacml/core

Files:

• context/result.py (modified) (2 diffs)
• policy.py (modified) (12 diffs)
• policydefaults.py (modified) (2 diffs)
• rule.py (modified) (14 diffs)
• rule_combining_alg.py (modified) (3 diffs)
• subject.py (modified) (1 diff)
• target.py (modified) (4 diffs)
• variabledefinition.py (modified) (1 diff)
• variablereference.py (modified) (1 diff)

TI12-security/trunk/ndg_xacml/ndg/xacml/core/context/result.py

@@ -258 +258 @@
     @type TYPES: tuple
     
-    @ivar value: decision value
-    @type value: string
+    @ivar __value: decision value
+    @type __value: string
     """
     
@@ -357 +357 @@
         """
         @param decision: decision value to compare with self's
-        @type param: string or ndg.xacml.core.context.result.Decision
+        @type decision: string or ndg.xacml.core.context.result.Decision
         @return: True if the decision values match, False otherwise
         @rtype: bool

TI12-security/trunk/ndg_xacml/ndg/xacml/core/policy.py

@@ -76 +76 @@
     @type __description: NoneType / basestring
     @ivar __target: target element
-    @type __target: NoneType / basestring
-    @ivar __attr: attribute
-    @type __attr: NoneType / basestring
+    @type __target: NoneType / ndg.xacml.core.target.Target
+    @ivar __attr: list of rules
+    @type __attr: ndg.xacml.utils.TypedList
     @ivar __obligations: obligations
-    @type __obligations: NoneType / basestring
+    @type __obligations: ndg.xacml.utils.TypedList
     @ivar __ruleCombiningAlgFactory: rule combining algorithm factory
-    @type __ruleCombiningAlgFactory: NoneType / basestring
+    @type __ruleCombiningAlgFactory: ndg.xacml.core.rule_combining_alg.RuleCombiningAlgClassFactory
     @ivar __ruleCombiningAlg: rule combining algorithm
-    @type __ruleCombiningAlg: NoneType / basestring
+    @type __ruleCombiningAlg: NoneType / ndg.xacml.core.rule_combining_alg.RuleCombiningAlgInterface
 
     """ 
@@ -129 +129 @@
         self.__description = None
         self.__target = None
+        self.__policyDefaults = None
         
         # Attr should eventually allow a choice of Rule, CombinerParameter, 
@@ -146 +147 @@
 
     def _getRuleCombiningAlgFactory(self):
+        """
+        @return: rule combining algorithm factory
+        @rtype: NoneType / ndg.xacml.core.rule_combining_alg.RuleCombiningAlgClassFactory
+        """
         return self.__ruleCombiningAlgFactory
 
     def _setRuleCombiningAlgFactory(self, value):
+        """
+        @param value: rule combining algorithm factory
+        @type value: ndg.xacml.core.rule_combining_alg.RuleCombiningAlgClassFactory
+        @raise TypeError: incorrect input type
+        """
         if not isinstance(value, RuleCombiningAlgClassFactory):
             raise TypeError('Expecting %r derived type for '
@@ -162 +172 @@
     @property
     def ruleCombiningAlg(self):
-        "Rule Combining algorithm"
+        """Rule Combining algorithm
+        @return: rule combining algorithm class instance
+        @rtype: ndg.xacml.core.rule_combining_alg.RuleCombiningAlgInterface 
+        derived type
+        """
         return self.__ruleCombiningAlg
     
@@ -193 +207 @@
         
     def _getPolicyId(self):
+        '''
+        @return: policy id
+        @type basestring: NoneType / basestring
+        '''
         return self.__policyId
 
     def _setPolicyId(self, value):
+        '''@param value: policy id
+        @type value: basestring
+        @raise TypeError: incorrect input type
+        '''
         if not isinstance(value, basestring):
             raise TypeError('Expecting string type for "policyId" '
@@ -205 +227 @@
 
     def _getVersion(self):
+        '''@return: policy version
+        @rtype: NoneType / basestring
+        '''
         return self.__version
 
     def _setVersion(self, value):
+        '''@param value: policy version
+        @type value: basestring
+        @raise TypeError: incorrect input type
+        '''
         if not isinstance(value, basestring):
             raise TypeError('Expecting string type for "version" '
@@ -217 +246 @@
 
     def _getRuleCombiningAlgId(self):
+        '''@return: rule combining algorithm ID
+        @rtype: NoneType / basestring
+        '''
         return self.__ruleCombiningAlgId
 
     def _setRuleCombiningAlgId(self, value):
+        '''@param value: rule combining algorithm ID
+        @type value: NoneType / basestring
+        @raise TypeError: incorrect input type
+        '''
         if not isinstance(value, basestring):
             raise TypeError('Expecting string type for "ruleCombiningAlgId" '
@@ -228 +264 @@
         
     def _setRuleCombiningAlgFromId(self):
-        """Set the rule combining algorithm implementation from the Id set
+        """Set the rule combining algorithm implementation from the Id set in
+        __ruleCombiningAlgId the attribute
+        
+        @raise TypeError: incorrect input type
+        @raise UnsupportedStdFunctionError: no implementation is avaliable for
+        this XACML rule combining algorithm 
+        @raise UnsupportedFunctionError: the rule combining algorithm is not
+        recognised as a standard XACML one
         """
         # Look-up rule combining algorithm
@@ -256 +299 @@
     @property
     def combinerParameters(self):
+        """@raise NotImplementedError: combiner parameters property is not
+        currently implemented
+        """
         raise NotImplementedError()
     
     @property
     def ruleCombinerParameters(self):
+        """@raise NotImplementedError: rule combiner parameters property is not
+        currently implemented
+        """
         raise NotImplementedError()
     
     @property
     def variableDefinitions(self):
+        """@raise NotImplementedError: variable definitions parameters property 
+        is not currently implemented
+        """
         raise NotImplementedError()
     
     @property
     def rules(self):
+        """Return the list of rules
+        @return: list of rules
+        @rtype: ndg.xacml.utils.TypedList
+        """
         return self.__attr
     
     @property
     def obligations(self):
+        """@ivar __obligations: obligations
+        @type __obligations: ndg.xacml.utils.TypedList
+        """
         return self.__obligations 
 
     def _getTarget(self):
+        """@return: target element
+        @rtype: NoneType / ndg.xacml.core.target.Target
+        """
         return self.__target
 
     def _setTarget(self, value):
+        """@param value: target element
+        @type value: ndg.xacml.core.target.Target
+        @raise TypeError: incorrect input type
+        """
         if not isinstance(value, Target):
             raise TypeError('Expecting Target for "target" '
@@ -286 +352 @@
 
     def _getDescription(self):
+        '''@return: policy description text
+        @rtype: NoneType / basestring
+        '''
         return self.__description
 
     def _setDescription(self, value):
+        '''@param value: policy description text
+        @type value: basestring
+        @raise TypeError: incorrect input type
+        '''
         if not isinstance(value, basestring):
             raise TypeError('Expecting string type for "description" '
@@ -298 +371 @@
 
     def _getPolicyDefaults(self):
+        '''@return: policy defaults
+        @rtype: NoneType / ndg.xacml.core.policydefaults.PolicyDefaults
+        '''
         return self.__policyDefaults
 
     def _setPolicyDefaults(self, value):
+        '''@param value: policy defaults
+        @type value: ndg.xacml.core.policydefaults.PolicyDefaults
+        @raise TypeError: incorrect input type
+        '''
         if not isinstance(value, PolicyDefaults):
             raise TypeError('Expecting string type for "policyDefaults" '
@@ -320 +400 @@
         @return: XACML response instance
         @rtype: ndg.xacml.core.context.response.Response
+        @raise XacmlContextError: error evaluating input request context
         """
         response = Response()

TI12-security/trunk/ndg_xacml/ndg/xacml/core/policydefaults.py

@@ -14 +14 @@
 
 class PolicyDefaults(XacmlCoreBase):
-    """XACML PolicyDefaults type"""
+    """XACML PolicyDefaults type
+    
+    @cvar ELEMENT_LOCAL_NAME: XML local name for this element
+    @type ELEMENT_LOCAL_NAME: string
+    @cvar XPATH_VERSION_ELEMENT_NAME: XML local name for XPath version element
+    @type XPATH_VERSION_ELEMENT_NAME: string
+   
+    @ivar __xpathVersion: XPath version
+    @type __xpathVersion: basestring / NoneType
+    """
     ELEMENT_LOCAL_NAME = 'PolicyDefaults'
     XPATH_VERSION_ELEMENT_NAME = 'XPathVersion'
@@ -21 +30 @@
     
     def __init__(self):
+        """Initialise attributes"""
         super(PolicyDefaults, self).__init__()
         self.__xpathVersion = None
         
     def _get_xpathVersion(self):
+        """@return: XPath version
+        @rtype: basestring / NoneType
+        """
         return self.__xpathVersion
 
     def _set_xpathVersion(self, value):
+        """@param value: XPath version
+        @type value: basestring / NoneType
+        @raise TypeError: incorrect input type
+        """
         if not isinstance(value, basestring):
             raise TypeError('Expecting %r type for "xpathVersion" '

TI12-security/trunk/ndg_xacml/ndg/xacml/core/rule.py

@@ -21 +21 @@
 
 class Effect(object):
-    """Rule Effect"""
+    """Rule Effect
+    
+    @cvar PERMIT_STR: permit decision string
+    @type PERMIT_STR: string
+    
+    @cvar DENY_STR: deny decision string
+    @type DENY_STR: string
+    
+    @cvar TYPES: list of valid effect strings
+    @type TYPES: tuple
+    
+    @ivar value: effect value
+    @type value: string
+    """
     DENY_STR = 'Deny'
     PERMIT_STR = 'Permit'
@@ -28 +41 @@
     
     def __init__(self, effect=DENY_STR):
+        """@param effect: initialise effect value, defaults to deny
+        @type effect: basestring / ndg.xacml.core.rule.Effect
+        """
         self.__value = None
         self.value = effect
 
     def __getstate__(self):
-        '''Enable pickling'''
+        '''Enable pickling
+        
+        @return: class instance attributes dictionary
+        @rtype: dict
+        '''
         _dict = {}
         for attrName in Effect.__slots__:
@@ -45 +65 @@
   
     def __setstate__(self, attrDict):
-        '''Enable pickling'''
+        '''Enable pickling
+        
+        @param attrDict: class instance attributes dictionary
+        @type attrDict: dict
+        '''
         for attrName, val in attrDict.items():
             setattr(self, attrName, val)
             
     def _setValue(self, value):
+        """Set effect value
+        
+        @param value: effect value - constrained vocabulary to Effect.TYPES
+        @type value: string or ndg.xacml.core.rule.Effect
+        @raise AttributeError: invalid decision string value input
+        @raise TypeError: invalid type for input decision value
+        """
         if isinstance(value, Effect):
             # Cast to string
@@ -64 +95 @@
         
     def _getValue(self):
+        """Get effect value
+        
+        @return: effect value 
+        @rtype: string
+        """
         return self.__value
     
@@ -69 +105 @@
     
     def __str__(self):
+        """represent decision as a string
+        
+        @return: decision value 
+        @rtype: string 
+        """
         return self.__value
 
     def __eq__(self, effect):
+        """
+        @param effect: effect value to compare with self's
+        @type effect: string or ndg.xacml.core.rule.Effect
+        @return: True if the decision values match, False otherwise
+        @rtype: bool
+        @raise AttributeError: invalid decision string value input
+        @raise TypeError: invalid type for input decision value
+        """
         if isinstance(effect, Effect):
             # Cast to string
@@ -91 +140 @@
     def __nonzero__(self):
         """Boolean evaluation of a rule effect - True = Allow; False = Deny
+        
+        @return: True if the effect value is permit, False otherwise
+        @rtype: bool
         """
         return self.__value == Effect.PERMIT_STR       
@@ -100 +152 @@
 
     def __init__(self):
+        """Initialise set with Permit value"""
         super(PermitEffect, self).__init__(Effect.PERMIT_STR)
         
-    def _setValue(self):  
+    def _setValue(self, value):  
+        """Make value read-only
+        @raise AttributeError: value can't be set
+        """
         raise AttributeError("can't set attribute")
 
@@ -111 +167 @@
     
     def __init__(self):
+        """Initialise set with Permit value"""
         super(DenyEffect, self).__init__(Effect.DENY_STR)
         
     def _setValue(self, value):  
+        """Make value read-only
+        @raise AttributeError: value can't be set
+        """
         raise AttributeError("can't set attribute")
 
@@ -122 +182 @@
 
 class Rule(XacmlCoreBase):
-    """XACML Policy Rule"""
+    """XACML Policy Rule
+    
+    @cvar ELEMENT_LOCAL_NAME: XML local name for this element
+    @type ELEMENT_LOCAL_NAME: string
+    @cvar DESCRIPTION_LOCAL_NAME: XML local name for the description element
+    @type DESCRIPTION_LOCAL_NAME: string
+    @cvar RULE_ID_ATTRIB_NAME: rule id XML attribute name
+    @type RULE_ID_ATTRIB_NAME: string
+    @cvar EFFECT_ATTRIB_NAME: effect XML attribute name
+    @type EFFECT_ATTRIB_NAME: string
+
+    @ivar __target: rule target
+    @type __target: ndg.xacml.core.target.Target / NoneType
+    @ivar __condition: rule condition
+    @type __condition: ndg.xacml.core.condition.Condition / NoneType
+    @ivar __description: rule description text
+    @type __description: basestring / NoneType
+    @ivar __id: rule ID
+    @type __id: basestring / NoneType
+    @ivar __effect: rule effect
+    @type __effect: ndg.xacml.core.rule.Effect / NoneType
+    """
     ELEMENT_LOCAL_NAME = 'Rule'
     RULE_ID_ATTRIB_NAME = 'RuleId'
@@ -138 +219 @@
     
     def __init__(self):
+        """Initialise attributes"""
+        super(Rule, self).__init__()
+        
         self.__id = None
         self.__effect = None
@@ -145 +229 @@
     @property
     def target(self):
-        "Rule target"
+        """Get Rule target
+        @return: rule target
+        @rtype: ndg.xacml.core.target import Target / NoneType 
+        """
         return self.__target
     
     @target.setter
     def target(self, value):
+        """Set rule target
+        @param value: rule target
+        @type value: ndg.xacml.core.target import Target 
+        @raise TypeError: incorrect type set
+        """
         if not isinstance(value, Target):
             raise TypeError('Expecting %r type for "id" '
@@ -157 +249 @@
     @property
     def condition(self):
-        "rule condition"
+        """Get rule condition
+        
+        @return: rule condition
+        @rtype: ndg.xacml.core.condition.Condition / NoneType
+        """
         return self.__condition
     
     @condition.setter
     def condition(self, value):
+        """Set rule condition
+        
+        @param value: rule condition
+        @type value: ndg.xacml.core.condition.Condition
+        @raise TypeError: incorrect type set
+        """
         if not isinstance(value, Condition):
-            raise TypeError('Expecting %r type for "id" '
-                            'attribute; got %r' % (Condition, type(value))) 
+            raise TypeError('Expecting %r type for "id" attribute; got %r' % 
+                            (Condition, type(value))) 
             
         self.__condition = value
              
     def _get_id(self):
+        """Get rule ID
+        
+        @return: rule ID
+        @rtype: ndg.xacml.core.condition.Condition / NoneType
+        """
         return self.__id
 
     def _set_id(self, value):
+        """Set rule ID
+        
+        @param value: rule ID
+        @type value: basestring
+        @raise TypeError: incorrect type set
+        """
         if not isinstance(value, basestring):
-            raise TypeError('Expecting %r type for "id" '
-                            'attribute; got %r' % (basestring, type(value)))
+            raise TypeError('Expecting %r type for "id" attribute; got %r' % 
+                            (basestring, type(value)))
          
         self.__id = value   
@@ -181 +294 @@
       
     def _get_effect(self):
+        """Get rule effect
+        
+        @return: rule effect
+        @rtype: ndg.xacml.core.rule.Effect / NoneType
+        """
         return self.__effect
 
     def _set_effect(self, value):
+        """Set rule effect
+        
+        @param value: rule effect
+        @type value: ndg.xacml.core.rule.Effect
+        @raise TypeError: incorrect type set
+        """
         if not isinstance(value, Effect):
             raise TypeError('Expecting %r type for "effect" '
@@ -194 +318 @@
 
     def _getDescription(self):
+        """Get rule description
+        
+        @return: rule description
+        @rtype: basestring / NoneType
+        """
         return self.__description
 
     def _setDescription(self, value):
+        """Set rule description
+        
+        @param value: rule description
+        @type value: basestring
+        @raise TypeError: incorrect type set
+        """
         if not isinstance(value, basestring):
             raise TypeError('Expecting string type for "description" '

TI12-security/trunk/ndg_xacml/ndg/xacml/core/rule_combining_alg.py

@@ -15 +15 @@
 
 
+# Rule Combining algorithms from the XACML spec.
 ALGORITHMS = (
 'urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides',
@@ -48 +49 @@
         """
         return Decision.INDETERMINATE
+
 
 class DenyOverridesRuleCombiningAlg(RuleCombiningAlgInterface):
@@ -167 +169 @@
         PermitOverridesRuleCombiningAlg
     })
+    __slots__ = ('__map',)
     
     def __init__(self, map=DEFAULT_MAP):
-        """Initialise mapping of identifiers to class implementations"""
+        """Initialise mapping of identifiers to class implementations
+        
+        @param map: mapping of rule combining algorithms IDs to classes.  Set 
+        this to override the default taken from the DEFAULT_MAP class variable
+        """
         self.__map = map
     

TI12-security/trunk/ndg_xacml/ndg/xacml/core/subject.py

@@ -12 +12 @@
 from ndg.xacml.core import TargetChildBase
 from ndg.xacml.core.match import SubjectMatch
+
 
 class Subject(TargetChildBase):

TI12-security/trunk/ndg_xacml/ndg/xacml/core/target.py

@@ -27 +27 @@
 
 class Target(XacmlCoreBase):
-    """XACML Target element"""
+    """XACML Target element
+    
+    @cvar ELEMENT_LOCAL_NAME: XML local name for this element
+    @type ELEMENT_LOCAL_NAME: string
+    @cvar SUBJECTS_ELEMENT_LOCAL_NAME: XML local name for the subjects element
+    @type SUBJECTS_ELEMENT_LOCAL_NAME: string
+    @cvar ACTIONS_ELEMENT_LOCAL_NAME: XML local name for the actions element
+    @type ACTIONS_ELEMENT_LOCAL_NAME: string
+    @cvar RESOURCES_ELEMENT_LOCAL_NAME: XML local name for the resources element
+    @type RESOURCES_ELEMENT_LOCAL_NAME: string
+    @cvar ENVIRONMENTS_ELEMENT_LOCAL_NAME: XML local name for the environments
+    element
+    @type ENVIRONMENTS_ELEMENT_LOCAL_NAME: string
+    @cvar CHILD_ATTRS: list of the XML child element names for <Target/>
+    @type CHILD_ATTRS: tuple
+    
+    @ivar __subjects: list of subjects for this target
+    @type __subjects: ndg.xacml.utils.TypedList
+    @ivar __resources: list of resources for this target
+    @type __resources: ndg.xacml.utils.TypedList
+    @ivar __actions: list of actions for this target
+    @type __actions: ndg.xacml.utils.TypedList
+    @ivar __environments: list of environment settings for this target
+    @type __environments: ndg.xacml.utils.TypedList
+    """
     ELEMENT_LOCAL_NAME = "Target"
     SUBJECTS_ELEMENT_LOCAL_NAME = "Subjects"
@@ -46 +70 @@
     @property
     def subjects(self):
+        """Get subjects
+        @return: list of subjects for this target
+        @rtype: ndg.xacml.utils.TypedList
+        """
         return self.__subjects
     
     @property
     def resources(self):
+        """Get resources
+        @return: list of resources for this target
+        @rtype: ndg.xacml.utils.TypedList
+        """
         return self.__resources
     
     @property
     def actions(self):
+        """Get actions
+        @return: list of actions for this target
+        @rtype: ndg.xacml.utils.TypedList
+        """
         return self.__actions
     
     @property
     def environments(self):
+        """Get environments
+        @return: list of environments for this target
+        @rtype: ndg.xacml.utils.TypedList
+        """
         return self.__environments
             
@@ -63 +103 @@
         """Generic method to match a <Target> element to the request context
         
-        @param target: XACML target element
-        @type target: ndg.xacml.core.target.Target
         @param request: XACML request context
         @type request: ndg.xacml.core.context.request.Request
@@ -136 +174 @@
         object
         @type targetChild: ndg.xacml.core.TargetChildBase
-        @param requestChild: Request Subject, Resource, Action or Environment
-        object
-        @type requestChild: ndg.xacml.core.context.RequestChildBase
+        @param request: Request context object
+        @type request: ndg.xacml.core.context.request.Request
         @return: True if request context matches something in the target
         @rtype: bool

TI12-security/trunk/ndg_xacml/ndg/xacml/core/variabledefinition.py

@@ -14 +14 @@
 
 class VariableDefinition(XacmlPolicyBase):
-    '''XACML Variable Definition Type
+    '''XACML Variable Definition Type - this class is a placeholder, it's not 
+    currently implemented
+    
+    @cvar ELEMENT_LOCAL_NAME: XML element local name
+    @type ELEMENT_LOCAL_NAME: string
     '''
     ELEMENT_LOCAL_NAME = "VariableDefinition"

TI12-security/trunk/ndg_xacml/ndg/xacml/core/variablereference.py

@@ -14 +14 @@
 
 class VariableReference(XacmlPolicyBase):
-    '''XACML Variable Reference Type
+    '''XACML Variable Reference Type - this class is a placeholder, it's not 
+    currently implemented
+    
+    @cvar ELEMENT_LOCAL_NAME: XML element local name
+    @type ELEMENT_LOCAL_NAME: string
     '''
     ELEMENT_LOCAL_NAME = "VariableReference"