Add SetAttribute support to the server

This change adds SetAttribute operation support to the PyKMIP server, including additional attribute policy functionality to check for certain attribute characteristics that preclude SetAttribute operation functionality. Specifically, the operation cannot set the value of any multivalued attribute nor the value of any attribute not modifiable by the client. New unit tests have been added to cover these changes. Partially implements #547
2025-12-18 01:03:49 +00:00 · 2019-11-22 16:01:21 -05:00
parent e313731692
commit 3be219144a
4 changed files with 230 additions and 0 deletions
--- a/kmip/services/server/engine.py
+++ b/kmip/services/server/engine.py
@@ -1155,6 +1155,7 @@ class KmipEngine(object):
        return managed_objects_allowed

    def _process_operation(self, operation, payload):
+        # TODO (peterhamilton) Alphabetize this.
        if operation == enums.Operation.CREATE:
            return self._process_create(payload)
        elif operation == enums.Operation.CREATE_KEY_PAIR:
@@ -1189,6 +1190,8 @@ class KmipEngine(object):
            return self._process_decrypt(payload)
        elif operation == enums.Operation.SIGNATURE_VERIFY:
            return self._process_signature_verify(payload)
+        elif operation == enums.Operation.SET_ATTRIBUTE:
+            return self._process_set_attribute(payload)
        elif operation == enums.Operation.MAC:
            return self._process_mac(payload)
        elif operation == enums.Operation.SIGN:
@@ -1549,6 +1552,54 @@ class KmipEngine(object):

        return response_payload

+    @_kmip_version_supported('2.0')
+    def _process_set_attribute(self, payload):
+        self._logger.info("Processing operation: SetAttribute")
+
+        unique_identifier = self._id_placeholder
+        if payload.unique_identifier:
+            unique_identifier = payload.unique_identifier
+
+        managed_object = self._get_object_with_access_controls(
+            unique_identifier,
+            enums.Operation.SET_ATTRIBUTE
+        )
+
+        attribute_name = enums.convert_attribute_tag_to_name(
+            payload.new_attribute.attribute.tag
+        )
+        if self._attribute_policy.is_attribute_multivalued(attribute_name):
+            raise exceptions.KmipError(
+                status=enums.ResultStatus.OPERATION_FAILED,
+                reason=enums.ResultReason.MULTI_VALUED_ATTRIBUTE,
+                message=(
+                    "The '{}' attribute is multi-valued. Multi-valued "
+                    "attributes cannot be set with the SetAttribute "
+                    "operation.".format(attribute_name)
+                )
+            )
+        if not self._attribute_policy.is_attribute_modifiable_by_client(
+            attribute_name
+        ):
+            raise exceptions.KmipError(
+                status=enums.ResultStatus.OPERATION_FAILED,
+                reason=enums.ResultReason.READ_ONLY_ATTRIBUTE,
+                message=(
+                    "The '{}' attribute is read-only and cannot be modified "
+                    "by the client.".format(attribute_name)
+                )
+            )
+
+        self._set_attributes_on_managed_object(
+            managed_object,
+            {attribute_name: payload.new_attribute.attribute}
+        )
+        self._data_session.commit()
+
+        return payloads.SetAttributeResponsePayload(
+            unique_identifier=unique_identifier
+        )
+
    @_kmip_version_supported('1.0')
    def _process_register(self, payload):
        self._logger.info("Processing operation: Register")