jgaunt/pykmip
2
0
Fork 0
mirror of https://github.com/openkmip/pykmip synced 2025-12-15 07:43:26 +00:00
Code Issues Releases Wiki Activity

Adding dynamic operation policy loading to the KMIP server

Browse Source 
This change adds support for dynamic operation policy loading.
The server config file now supports a 'policy_path' option that
points to a filesystem directory. Each file in the directory
should contain a JSON policy object. The KMIP server will scan
this directory and attempt to load all valid policies it finds.
The results of this process will be logged.
This commit is contained in:
Peter Hamilton
2016-11-09 18:22:32 -05:00
parent e0b0a5c7bf
commit 4a3769e113
8 changed files with 578 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
kmip/services/server/engine.py
View File

@@ -13,7 +13,9 @@
# License for the specific language governing permissions and limitations
# under the License.
import copy
import logging
import os
import six
import sqlalchemy
@@ -42,7 +44,7 @@ from kmip.core.messages.payloads import register
from kmip.core import misc
from kmip.core.policy import policies
from kmip.core import policy as operation_policy
from kmip.pie import factory
from kmip.pie import objects
@@ -77,9 +79,14 @@ class KmipEngine(object):
* Cryptographic usage mask enforcement per object type
"""
def __init__(self):
def __init__(self, policy_path=None):
"""
Create a KmipEngine.
Args:
policy_path (string): The path to the filesystem directory
containing PyKMIP server operation policy JSON files.
Optional, defaults to None.
"""
self._logger = logging.getLogger('kmip.server.engine')
@@ -118,10 +125,69 @@ class KmipEngine(object):
}
self._attribute_policy = policy.AttributePolicy(self._protocol_version)
self._operation_policies = policies
self._operation_policies = copy.deepcopy(operation_policy.policies)
self._load_operation_policies(policy_path)
self._client_identity = None
def _load_operation_policies(self, policy_path):
if (policy_path is None) or (not os.path.isdir(policy_path)):
self._logger.warning(
"The specified operation policy directory ({0}) is not "
"valid. No user-defined policies will be loaded".format(
policy_path
)
)
return dict()
else:
self._logger.info(
"Loading user-defined operation policy files from: {0}".format(
policy_path
)
)
for filename in os.listdir(policy_path):
file_path = os.path.join(policy_path, filename)
if os.path.isfile(file_path):
self._logger.info(
"Loading user_defined operation policies "
"from file: {0}".format(file_path)
)
try:
policies = operation_policy.read_policy_from_file(
file_path
)
except ValueError as e:
self._logger.error(
"A failure occurred while loading policies."
)
self._logger.exception(e)
continue
reserved_policies = ['default', 'public']
for policy_name in six.iterkeys(policies):
if policy_name in reserved_policies:
self._logger.warning(
"Loaded policy '{0}' overwrites a reserved "
"policy and will be thrown out.".format(
policy_name
)
)
elif policy_name in six.iterkeys(
self._operation_policies
):
self._logger.warning(
"Loaded policy '{0}' overwrites a "
"preexisting policy and will be thrown "
"out.".format(policy_name)
)
else:
self._operation_policies.update([(
policy_name,
policies.get(policy_name)
)])
def _get_enum_string(self, e):
return ''.join([x.capitalize() for x in e.name.split('_')])