2019-10-01 08:17:39 +00:00
|
|
|
"""passbook policy engine"""
|
|
|
|
from multiprocessing import Pipe
|
|
|
|
from multiprocessing.connection import Connection
|
2019-10-14 14:08:24 +00:00
|
|
|
from typing import List, Optional, Tuple
|
2019-10-01 08:17:39 +00:00
|
|
|
|
|
|
|
from django.core.cache import cache
|
|
|
|
from django.http import HttpRequest
|
|
|
|
from structlog import get_logger
|
|
|
|
|
2019-10-03 08:45:31 +00:00
|
|
|
from passbook.core.models import Policy, User
|
2019-10-07 14:33:48 +00:00
|
|
|
from passbook.policies.process import PolicyProcess, cache_key
|
|
|
|
from passbook.policies.struct import PolicyRequest, PolicyResult
|
2019-10-01 08:17:39 +00:00
|
|
|
|
|
|
|
LOGGER = get_logger()
|
|
|
|
|
2019-10-14 13:00:20 +00:00
|
|
|
|
2019-10-04 11:44:26 +00:00
|
|
|
class PolicyProcessInfo:
|
2019-10-04 11:49:27 +00:00
|
|
|
"""Dataclass to hold all information and communication channels to a process"""
|
2019-10-04 11:44:26 +00:00
|
|
|
|
|
|
|
process: PolicyProcess
|
|
|
|
connection: Connection
|
2019-10-14 14:08:24 +00:00
|
|
|
result: Optional[PolicyResult]
|
2019-10-04 11:44:26 +00:00
|
|
|
policy: Policy
|
|
|
|
|
|
|
|
def __init__(self, process: PolicyProcess, connection: Connection, policy: Policy):
|
|
|
|
self.process = process
|
|
|
|
self.connection = connection
|
|
|
|
self.policy = policy
|
2019-10-14 14:08:24 +00:00
|
|
|
self.result = None
|
2019-10-04 11:44:26 +00:00
|
|
|
|
2019-10-01 08:17:39 +00:00
|
|
|
class PolicyEngine:
|
|
|
|
"""Orchestrate policy checking, launch tasks and return result"""
|
|
|
|
|
2019-10-15 13:44:59 +00:00
|
|
|
use_cache: bool = True
|
2019-10-01 08:17:39 +00:00
|
|
|
policies: List[Policy] = []
|
2019-10-28 16:40:57 +00:00
|
|
|
request: PolicyRequest
|
2019-10-01 08:17:39 +00:00
|
|
|
|
2019-10-04 11:44:26 +00:00
|
|
|
__processes: List[PolicyProcessInfo] = []
|
2019-10-01 08:17:39 +00:00
|
|
|
|
2019-10-28 16:40:57 +00:00
|
|
|
def __init__(self, policies, user: User, request: HttpRequest = None):
|
2019-10-01 08:17:39 +00:00
|
|
|
self.policies = policies
|
2019-10-28 16:40:57 +00:00
|
|
|
self.request = PolicyRequest(user)
|
|
|
|
if request:
|
|
|
|
self.request.http_request = request
|
2019-10-04 11:44:26 +00:00
|
|
|
self.__processes = []
|
2019-10-01 08:17:39 +00:00
|
|
|
|
2019-10-04 08:22:06 +00:00
|
|
|
def _select_subclasses(self) -> List[Policy]:
|
|
|
|
"""Make sure all Policies are their respective classes"""
|
|
|
|
return Policy.objects \
|
|
|
|
.filter(pk__in=[x.pk for x in self.policies]) \
|
|
|
|
.select_subclasses() \
|
|
|
|
.order_by('order')
|
|
|
|
|
2019-10-01 08:17:39 +00:00
|
|
|
def build(self) -> 'PolicyEngine':
|
|
|
|
"""Build task group"""
|
|
|
|
cached_policies = []
|
2019-10-04 08:22:06 +00:00
|
|
|
for policy in self._select_subclasses():
|
2019-10-28 16:40:57 +00:00
|
|
|
cached_policy = cache.get(cache_key(policy, self.request.user), None)
|
2019-10-15 13:44:59 +00:00
|
|
|
if cached_policy and self.use_cache:
|
2019-10-04 11:44:26 +00:00
|
|
|
LOGGER.debug("Taking result from cache", policy=policy)
|
2019-10-01 08:17:39 +00:00
|
|
|
cached_policies.append(cached_policy)
|
|
|
|
else:
|
2019-10-04 11:44:26 +00:00
|
|
|
LOGGER.debug("Evaluating policy", policy=policy)
|
2019-10-01 08:17:39 +00:00
|
|
|
our_end, task_end = Pipe(False)
|
2019-10-28 16:40:57 +00:00
|
|
|
task = PolicyProcess(policy, self.request, task_end)
|
2019-10-15 13:44:59 +00:00
|
|
|
LOGGER.debug("Starting Process", policy=policy)
|
2019-10-01 08:17:39 +00:00
|
|
|
task.start()
|
2019-10-04 11:44:26 +00:00
|
|
|
self.__processes.append(PolicyProcessInfo(process=task,
|
2019-10-04 11:49:27 +00:00
|
|
|
connection=our_end, policy=policy))
|
2019-10-01 08:17:39 +00:00
|
|
|
# If all policies are cached, we have an empty list here.
|
2019-10-04 11:44:26 +00:00
|
|
|
for proc_info in self.__processes:
|
|
|
|
proc_info.process.join(proc_info.policy.timeout)
|
|
|
|
# Only call .recv() if no result is saved, otherwise we just deadlock here
|
|
|
|
if not proc_info.result:
|
|
|
|
proc_info.result = proc_info.connection.recv()
|
2019-10-01 08:17:39 +00:00
|
|
|
return self
|
|
|
|
|
|
|
|
@property
|
2019-10-04 07:27:29 +00:00
|
|
|
def result(self) -> Tuple[bool, List[str]]:
|
2019-10-01 08:17:39 +00:00
|
|
|
"""Get policy-checking result"""
|
|
|
|
messages: List[str] = []
|
2019-10-04 11:44:26 +00:00
|
|
|
for proc_info in self.__processes:
|
2019-10-14 13:00:20 +00:00
|
|
|
LOGGER.debug("Result", policy=proc_info.policy, passing=proc_info.result.passing)
|
2019-10-04 11:44:26 +00:00
|
|
|
if proc_info.result.messages:
|
|
|
|
messages += proc_info.result.messages
|
|
|
|
if not proc_info.result.passing:
|
2019-10-01 08:17:39 +00:00
|
|
|
return False, messages
|
|
|
|
return True, messages
|
|
|
|
|
|
|
|
@property
|
2019-10-04 07:27:29 +00:00
|
|
|
def passing(self) -> bool:
|
2019-10-01 08:17:39 +00:00
|
|
|
"""Only get true/false if user passes"""
|
|
|
|
return self.result[0]
|