policies/expression: expose python requests via expression, remove webhook policy

This commit is contained in:
Jens Langhammer 2020-05-15 12:02:41 +02:00
parent 023423c6e7
commit b907105f4a
11 changed files with 2 additions and 364 deletions

View file

@ -24,7 +24,6 @@ from passbook.policies.expression.api import ExpressionPolicyViewSet
from passbook.policies.hibp.api import HaveIBeenPwendPolicyViewSet from passbook.policies.hibp.api import HaveIBeenPwendPolicyViewSet
from passbook.policies.password.api import PasswordPolicyViewSet from passbook.policies.password.api import PasswordPolicyViewSet
from passbook.policies.reputation.api import ReputationPolicyViewSet from passbook.policies.reputation.api import ReputationPolicyViewSet
from passbook.policies.webhook.api import WebhookPolicyViewSet
from passbook.providers.app_gw.api import ApplicationGatewayProviderViewSet from passbook.providers.app_gw.api import ApplicationGatewayProviderViewSet
from passbook.providers.oauth.api import OAuth2ProviderViewSet from passbook.providers.oauth.api import OAuth2ProviderViewSet
from passbook.providers.oidc.api import OpenIDProviderViewSet from passbook.providers.oidc.api import OpenIDProviderViewSet
@ -69,7 +68,6 @@ router.register("policies/haveibeenpwned", HaveIBeenPwendPolicyViewSet)
router.register("policies/password", PasswordPolicyViewSet) router.register("policies/password", PasswordPolicyViewSet)
router.register("policies/passwordexpiry", PasswordExpiryPolicyViewSet) router.register("policies/passwordexpiry", PasswordExpiryPolicyViewSet)
router.register("policies/reputation", ReputationPolicyViewSet) router.register("policies/reputation", ReputationPolicyViewSet)
router.register("policies/webhook", WebhookPolicyViewSet)
router.register("providers/all", ProviderViewSet) router.register("providers/all", ProviderViewSet)
router.register("providers/applicationgateway", ApplicationGatewayProviderViewSet) router.register("providers/applicationgateway", ApplicationGatewayProviderViewSet)

View file

@ -6,6 +6,7 @@ from django.core.exceptions import ValidationError
from jinja2 import Undefined from jinja2 import Undefined
from jinja2.exceptions import TemplateSyntaxError, UndefinedError from jinja2.exceptions import TemplateSyntaxError, UndefinedError
from jinja2.nativetypes import NativeEnvironment from jinja2.nativetypes import NativeEnvironment
from requests import Session
from structlog import get_logger from structlog import get_logger
from passbook.flows.planner import PLAN_CONTEXT_SSO from passbook.flows.planner import PLAN_CONTEXT_SSO
@ -46,11 +47,6 @@ class Evaluator:
"""Check if `user` is member of group with name `group_name`""" """Check if `user` is member of group with name `group_name`"""
return user.groups.filter(name=group_name).exists() return user.groups.filter(name=group_name).exists()
@staticmethod
def jinja2_log(message, **kwargs):
"""Output debug log to console"""
return LOGGER.debug("Expression log", _m=message, **kwargs)
def _get_expression_context( def _get_expression_context(
self, request: PolicyRequest, **kwargs self, request: PolicyRequest, **kwargs
) -> Dict[str, Any]: ) -> Dict[str, Any]:
@ -58,8 +54,8 @@ class Evaluator:
# update passbook/policies/expression/templates/policy/expression/form.html # update passbook/policies/expression/templates/policy/expression/form.html
# update docs/policies/expression/index.md # update docs/policies/expression/index.md
kwargs["pb_is_group_member"] = Evaluator.jinja2_func_is_group_member kwargs["pb_is_group_member"] = Evaluator.jinja2_func_is_group_member
kwargs["pb_log"] = Evaluator.jinja2_log
kwargs["pb_logger"] = get_logger() kwargs["pb_logger"] = get_logger()
kwargs["requests"] = Session()
if request.http_request: if request.http_request:
kwargs["pb_is_sso_flow"] = request.http_request.session.get( kwargs["pb_is_sso_flow"] = request.http_request.session.get(
PLAN_CONTEXT_SSO, False PLAN_CONTEXT_SSO, False

View file

@ -1,28 +0,0 @@
"""Source API Views"""
from rest_framework.serializers import ModelSerializer
from rest_framework.viewsets import ModelViewSet
from passbook.policies.forms import GENERAL_SERIALIZER_FIELDS
from passbook.policies.webhook.models import WebhookPolicy
class WebhookPolicySerializer(ModelSerializer):
"""Webhook Policy Serializer"""
class Meta:
model = WebhookPolicy
fields = GENERAL_SERIALIZER_FIELDS + [
"url",
"method",
"json_body",
"json_headers",
"result_jsonpath",
"result_json_value",
]
class WebhookPolicyViewSet(ModelViewSet):
"""Source Viewset"""
queryset = WebhookPolicy.objects.all()
serializer_class = WebhookPolicySerializer

View file

@ -1,11 +0,0 @@
"""passbook Webhook policy app config"""
from django.apps import AppConfig
class PassbookPoliciesWebhookConfig(AppConfig):
"""passbook Webhook policy app config"""
name = "passbook.policies.webhook"
label = "passbook_policies_webhook"
verbose_name = "passbook Policies.Webhook"

View file

@ -1,29 +0,0 @@
"""passbook Policy forms"""
from django import forms
from passbook.policies.forms import GENERAL_FIELDS
from passbook.policies.webhook.models import WebhookPolicy
class WebhookPolicyForm(forms.ModelForm):
"""WebhookPolicyForm Form"""
class Meta:
model = WebhookPolicy
fields = GENERAL_FIELDS + [
"url",
"method",
"json_body",
"json_headers",
"result_jsonpath",
"result_json_value",
]
widgets = {
"name": forms.TextInput(),
"json_body": forms.TextInput(),
"json_headers": forms.TextInput(),
"result_jsonpath": forms.TextInput(),
"result_json_value": forms.TextInput(),
}

View file

@ -1,55 +0,0 @@
# Generated by Django 2.2.6 on 2019-10-07 14:07
import django.db.models.deletion
from django.db import migrations, models
class Migration(migrations.Migration):
initial = True
dependencies = [
("passbook_core", "0001_initial"),
]
operations = [
migrations.CreateModel(
name="WebhookPolicy",
fields=[
(
"policy_ptr",
models.OneToOneField(
auto_created=True,
on_delete=django.db.models.deletion.CASCADE,
parent_link=True,
primary_key=True,
serialize=False,
to="passbook_core.Policy",
),
),
("url", models.URLField()),
(
"method",
models.CharField(
choices=[
("GET", "GET"),
("POST", "POST"),
("PATCH", "PATCH"),
("DELETE", "DELETE"),
("PUT", "PUT"),
],
max_length=10,
),
),
("json_body", models.TextField()),
("json_headers", models.TextField()),
("result_jsonpath", models.TextField()),
("result_json_value", models.TextField()),
],
options={
"verbose_name": "Webhook Policy",
"verbose_name_plural": "Webhook Policies",
},
bases=("passbook_core.policy",),
),
]

View file

@ -1,42 +0,0 @@
"""webhook models"""
from django.db import models
from django.utils.translation import gettext as _
from passbook.core.models import Policy
from passbook.policies.types import PolicyRequest, PolicyResult
class WebhookPolicy(Policy):
"""Policy that asks webhook"""
METHOD_GET = "GET"
METHOD_POST = "POST"
METHOD_PATCH = "PATCH"
METHOD_DELETE = "DELETE"
METHOD_PUT = "PUT"
METHODS = (
(METHOD_GET, METHOD_GET),
(METHOD_POST, METHOD_POST),
(METHOD_PATCH, METHOD_PATCH),
(METHOD_DELETE, METHOD_DELETE),
(METHOD_PUT, METHOD_PUT),
)
url = models.URLField()
method = models.CharField(max_length=10, choices=METHODS)
json_body = models.TextField()
json_headers = models.TextField()
result_jsonpath = models.TextField()
result_json_value = models.TextField()
form = "passbook.policies.webhook.forms.WebhookPolicyForm"
def passes(self, request: PolicyRequest) -> PolicyResult:
"""Call webhook asynchronously and report back"""
raise NotImplementedError()
class Meta:
verbose_name = _("Webhook Policy")
verbose_name_plural = _("Webhook Policies")

View file

@ -89,7 +89,6 @@ INSTALLED_APPS = [
"passbook.policies.hibp.apps.PassbookPolicyHIBPConfig", "passbook.policies.hibp.apps.PassbookPolicyHIBPConfig",
"passbook.policies.password.apps.PassbookPoliciesPasswordConfig", "passbook.policies.password.apps.PassbookPoliciesPasswordConfig",
"passbook.policies.reputation.apps.PassbookPolicyReputationConfig", "passbook.policies.reputation.apps.PassbookPolicyReputationConfig",
"passbook.policies.webhook.apps.PassbookPoliciesWebhookConfig",
"passbook.providers.app_gw.apps.PassbookApplicationApplicationGatewayConfig", "passbook.providers.app_gw.apps.PassbookApplicationApplicationGatewayConfig",
"passbook.providers.oauth.apps.PassbookProviderOAuthConfig", "passbook.providers.oauth.apps.PassbookProviderOAuthConfig",
"passbook.providers.oidc.apps.PassbookProviderOIDCConfig", "passbook.providers.oidc.apps.PassbookProviderOIDCConfig",

View file

@ -1710,133 +1710,6 @@ paths:
required: true required: true
type: string type: string
format: uuid format: uuid
/policies/webhook/:
get:
operationId: policies_webhook_list
description: Source Viewset
parameters:
- name: ordering
in: query
description: Which field to use when ordering the results.
required: false
type: string
- name: search
in: query
description: A search term.
required: false
type: string
- name: limit
in: query
description: Number of results to return per page.
required: false
type: integer
- name: offset
in: query
description: The initial index from which to return the results.
required: false
type: integer
responses:
'200':
description: ''
schema:
required:
- count
- results
type: object
properties:
count:
type: integer
next:
type: string
format: uri
x-nullable: true
previous:
type: string
format: uri
x-nullable: true
results:
type: array
items:
$ref: '#/definitions/WebhookPolicy'
tags:
- policies
post:
operationId: policies_webhook_create
description: Source Viewset
parameters:
- name: data
in: body
required: true
schema:
$ref: '#/definitions/WebhookPolicy'
responses:
'201':
description: ''
schema:
$ref: '#/definitions/WebhookPolicy'
tags:
- policies
parameters: []
/policies/webhook/{uuid}/:
get:
operationId: policies_webhook_read
description: Source Viewset
parameters: []
responses:
'200':
description: ''
schema:
$ref: '#/definitions/WebhookPolicy'
tags:
- policies
put:
operationId: policies_webhook_update
description: Source Viewset
parameters:
- name: data
in: body
required: true
schema:
$ref: '#/definitions/WebhookPolicy'
responses:
'200':
description: ''
schema:
$ref: '#/definitions/WebhookPolicy'
tags:
- policies
patch:
operationId: policies_webhook_partial_update
description: Source Viewset
parameters:
- name: data
in: body
required: true
schema:
$ref: '#/definitions/WebhookPolicy'
responses:
'200':
description: ''
schema:
$ref: '#/definitions/WebhookPolicy'
tags:
- policies
delete:
operationId: policies_webhook_delete
description: Source Viewset
parameters: []
responses:
'204':
description: ''
tags:
- policies
parameters:
- name: uuid
in: path
description: A UUID string identifying this Webhook Policy.
required: true
type: string
format: uuid
/propertymappings/all/: /propertymappings/all/:
get: get:
operationId: propertymappings_all_list operationId: propertymappings_all_list
@ -5422,69 +5295,6 @@ definitions:
type: integer type: integer
maximum: 2147483647 maximum: 2147483647
minimum: -2147483648 minimum: -2147483648
WebhookPolicy:
required:
- url
- method
- json_body
- json_headers
- result_jsonpath
- result_json_value
type: object
properties:
pk:
title: Uuid
type: string
format: uuid
readOnly: true
name:
title: Name
type: string
x-nullable: true
negate:
title: Negate
type: boolean
order:
title: Order
type: integer
maximum: 2147483647
minimum: -2147483648
timeout:
title: Timeout
type: integer
maximum: 2147483647
minimum: -2147483648
url:
title: Url
type: string
format: uri
maxLength: 200
minLength: 1
method:
title: Method
type: string
enum:
- GET
- POST
- PATCH
- DELETE
- PUT
json_body:
title: Json body
type: string
minLength: 1
json_headers:
title: Json headers
type: string
minLength: 1
result_jsonpath:
title: Result jsonpath
type: string
minLength: 1
result_json_value:
title: Result json value
type: string
minLength: 1
PropertyMapping: PropertyMapping:
required: required:
- name - name