tyler.durden
/
PyKMIP
mirror of https://github.com/OpenKMIP/PyKMIP.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Rename the 'default' policy section to 'preset' 

This change tweaks the format of operation policy files, renaming
the 'default' section of each policy to 'preset'. This reinforces
the idea that this section of the policy is used only when group-
based access control is disabled. It also removes any ambiguity
between this section of the policy and the actual 'default'
policy built into the server.
This commit is contained in:
Peter Hamilton 2018-05-17 13:55:50 -04:00
parent c3319afd67
commit 008f86cfa9
7 changed files with 20 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.travis/functional/pykmip/policies/policy.json
View File

@ -14,7 +14,7 @@
} }
} }
}, },
"default": { "preset": {
"SYMMETRIC_KEY": { "SYMMETRIC_KEY": {
"GET": "DISALLOW_ALL", "GET": "DISALLOW_ALL",
"DESTROY": "DISALLOW_ALL" "DESTROY": "DISALLOW_ALL"

2
.travis/policy.json
View File

@ -20,7 +20,7 @@
} }
} }
}, },
"default": { "preset": {
"CERTIFICATE": { "CERTIFICATE": {
"LOCATE": "ALLOW_ALL", "LOCATE": "ALLOW_ALL",
"CHECK": "ALLOW_ALL", "CHECK": "ALLOW_ALL",

2
examples/policy.json
View File

@ -1,6 +1,6 @@
{ {
"example": { "example": {
"default": { "preset": {
"CERTIFICATE": { "CERTIFICATE": {
"LOCATE": "ALLOW_ALL", "LOCATE": "ALLOW_ALL",
"CHECK": "ALLOW_ALL", "CHECK": "ALLOW_ALL",

12
kmip/core/policy.py
View File

@ -71,7 +71,7 @@ def read_policy_from_file(path):
"{}".format(path, e) "{}".format(path, e)
) )
policy_sections = {'groups', 'default'} policy_sections = {'groups', 'preset'}
object_types = set([t.name for t in enums.ObjectType]) object_types = set([t.name for t in enums.ObjectType])
result = {} result = {}
@ -84,9 +84,9 @@ def read_policy_from_file(path):
if sections <= policy_sections: if sections <= policy_sections:
parsed_policies = dict() parsed_policies = dict()
default_policy = object_policy.get('default') default_policy = object_policy.get('preset')
if default_policy: if default_policy:
parsed_policies['default'] = parse_policy(default_policy) parsed_policies['preset'] = parse_policy(default_policy)
group_policies = object_policy.get('groups') group_policies = object_policy.get('groups')
if group_policies: if group_policies:
@ -100,7 +100,7 @@ def read_policy_from_file(path):
result[name] = parsed_policies result[name] = parsed_policies
elif sections <= object_types: elif sections <= object_types:
policy = parse_policy(object_policy) policy = parse_policy(object_policy)
result[name] = {'default': policy} result[name] = {'preset': policy}
else: else:
invalid_sections = sections - policy_sections - object_types invalid_sections = sections - policy_sections - object_types
raise ValueError( raise ValueError(
@ -113,7 +113,7 @@ def read_policy_from_file(path):
policies = { policies = {
'default': { 'default': {
'default': { 'preset': {
enums.ObjectType.CERTIFICATE: { enums.ObjectType.CERTIFICATE: {
enums.Operation.LOCATE: enums.Policy.ALLOW_ALL, enums.Operation.LOCATE: enums.Policy.ALLOW_ALL,
enums.Operation.CHECK: enums.Policy.ALLOW_ALL, enums.Operation.CHECK: enums.Policy.ALLOW_ALL,
@ -279,7 +279,7 @@ policies = {
} }
}, },
'public': { 'public': {
'default': { 'preset': {
enums.ObjectType.TEMPLATE: { enums.ObjectType.TEMPLATE: {
enums.Operation.LOCATE: enums.Policy.ALLOW_ALL, enums.Operation.LOCATE: enums.Policy.ALLOW_ALL,
enums.Operation.GET: enums.Policy.ALLOW_ALL, enums.Operation.GET: enums.Policy.ALLOW_ALL,

2
kmip/services/server/engine.py
View File

@ -859,7 +859,7 @@ class KmipEngine(object):
else: else:
return group_policy return group_policy
else: else:
return policy_bundle.get('default') return policy_bundle.get('preset')
def is_allowed( def is_allowed(
self, self,

12
kmip/tests/unit/core/test_policy.py
View File

@ -106,7 +106,7 @@ class TestPolicy(testtools.TestCase):
f.write( f.write(
'{"test": {' '{"test": {'
'"groups": {"group_A": {"SPLIT_KEY": {"GET": "ALLOW_ALL"}}}, ' '"groups": {"group_A": {"SPLIT_KEY": {"GET": "ALLOW_ALL"}}}, '
'"default": {"SPLIT_KEY": {"GET": "ALLOW_ALL"}}}' '"preset": {"SPLIT_KEY": {"GET": "ALLOW_ALL"}}}'
'}' '}'
) )
@ -123,7 +123,7 @@ class TestPolicy(testtools.TestCase):
} }
} }
}, },
'default': { 'preset': {
enums.ObjectType.SPLIT_KEY: { enums.ObjectType.SPLIT_KEY: {
enums.Operation.GET: enums.Policy.ALLOW_ALL enums.Operation.GET: enums.Policy.ALLOW_ALL
} }
@ -166,7 +166,7 @@ class TestPolicy(testtools.TestCase):
def test_read_policy_from_file_default_only(self): def test_read_policy_from_file_default_only(self):
""" """
Test that reading a policy file with only a default section works Test that reading a policy file with only a preset section works
correctly. correctly.
""" """
policy_file = tempfile.NamedTemporaryFile( policy_file = tempfile.NamedTemporaryFile(
@ -176,7 +176,7 @@ class TestPolicy(testtools.TestCase):
with open(policy_file.name, 'w') as f: with open(policy_file.name, 'w') as f:
f.write( f.write(
'{"test": ' '{"test": '
'{"default": {"SPLIT_KEY": {"GET": "ALLOW_ALL"}}}}' '{"preset": {"SPLIT_KEY": {"GET": "ALLOW_ALL"}}}}'
) )
policies = policy.read_policy_from_file(policy_file.name) policies = policy.read_policy_from_file(policy_file.name)
@ -185,7 +185,7 @@ class TestPolicy(testtools.TestCase):
self.assertIn('test', policies.keys()) self.assertIn('test', policies.keys())
expected = { expected = {
'default': { 'preset': {
enums.ObjectType.SPLIT_KEY: { enums.ObjectType.SPLIT_KEY: {
enums.Operation.GET: enums.Policy.ALLOW_ALL enums.Operation.GET: enums.Policy.ALLOW_ALL
} }
@ -239,7 +239,7 @@ class TestPolicy(testtools.TestCase):
self.assertIn('test', policies.keys()) self.assertIn('test', policies.keys())
expected = { expected = {
'default': { 'preset': {
enums.ObjectType.CERTIFICATE: { enums.ObjectType.CERTIFICATE: {
enums.Operation.LOCATE: enums.Policy.ALLOW_ALL enums.Operation.LOCATE: enums.Policy.ALLOW_ALL
} }

8
kmip/tests/unit/services/server/test_engine.py
View File

@ -2047,7 +2047,7 @@ class TestKmipEngine(testtools.TestCase):
e = engine.KmipEngine() e = engine.KmipEngine()
e._operation_policies = { e._operation_policies = {
'test_policy': { 'test_policy': {
'default': { 'preset': {
enums.ObjectType.SYMMETRIC_KEY: { enums.ObjectType.SYMMETRIC_KEY: {
enums.Operation.GET: enums.Policy.ALLOW_OWNER enums.Operation.GET: enums.Policy.ALLOW_OWNER
} }
@ -2072,7 +2072,7 @@ class TestKmipEngine(testtools.TestCase):
e = engine.KmipEngine() e = engine.KmipEngine()
e._operation_policies = { e._operation_policies = {
'test_policy': { 'test_policy': {
'default': { 'preset': {
enums.ObjectType.SYMMETRIC_KEY: { enums.ObjectType.SYMMETRIC_KEY: {
enums.Operation.GET: enums.Policy.ALLOW_OWNER enums.Operation.GET: enums.Policy.ALLOW_OWNER
} }
@ -2105,7 +2105,7 @@ class TestKmipEngine(testtools.TestCase):
e._logger = mock.MagicMock() e._logger = mock.MagicMock()
e._operation_policies = { e._operation_policies = {
'test_policy': { 'test_policy': {
'default': { 'preset': {
enums.ObjectType.SYMMETRIC_KEY: { enums.ObjectType.SYMMETRIC_KEY: {
enums.Operation.GET: enums.Policy.ALLOW_OWNER enums.Operation.GET: enums.Policy.ALLOW_OWNER
} }
@ -2136,7 +2136,7 @@ class TestKmipEngine(testtools.TestCase):
e._logger = mock.MagicMock() e._logger = mock.MagicMock()
e._operation_policies = { e._operation_policies = {
'test_policy': { 'test_policy': {
'default': { 'preset': {
enums.ObjectType.SYMMETRIC_KEY: { enums.ObjectType.SYMMETRIC_KEY: {
enums.Operation.GET: enums.Policy.ALLOW_OWNER enums.Operation.GET: enums.Policy.ALLOW_OWNER
} }