policies/expression: expose python requests via expression, remove webhook policy
This commit is contained in:
parent
023423c6e7
commit
b907105f4a
|
@ -24,7 +24,6 @@ from passbook.policies.expression.api import ExpressionPolicyViewSet
|
||||||
from passbook.policies.hibp.api import HaveIBeenPwendPolicyViewSet
|
from passbook.policies.hibp.api import HaveIBeenPwendPolicyViewSet
|
||||||
from passbook.policies.password.api import PasswordPolicyViewSet
|
from passbook.policies.password.api import PasswordPolicyViewSet
|
||||||
from passbook.policies.reputation.api import ReputationPolicyViewSet
|
from passbook.policies.reputation.api import ReputationPolicyViewSet
|
||||||
from passbook.policies.webhook.api import WebhookPolicyViewSet
|
|
||||||
from passbook.providers.app_gw.api import ApplicationGatewayProviderViewSet
|
from passbook.providers.app_gw.api import ApplicationGatewayProviderViewSet
|
||||||
from passbook.providers.oauth.api import OAuth2ProviderViewSet
|
from passbook.providers.oauth.api import OAuth2ProviderViewSet
|
||||||
from passbook.providers.oidc.api import OpenIDProviderViewSet
|
from passbook.providers.oidc.api import OpenIDProviderViewSet
|
||||||
|
@ -69,7 +68,6 @@ router.register("policies/haveibeenpwned", HaveIBeenPwendPolicyViewSet)
|
||||||
router.register("policies/password", PasswordPolicyViewSet)
|
router.register("policies/password", PasswordPolicyViewSet)
|
||||||
router.register("policies/passwordexpiry", PasswordExpiryPolicyViewSet)
|
router.register("policies/passwordexpiry", PasswordExpiryPolicyViewSet)
|
||||||
router.register("policies/reputation", ReputationPolicyViewSet)
|
router.register("policies/reputation", ReputationPolicyViewSet)
|
||||||
router.register("policies/webhook", WebhookPolicyViewSet)
|
|
||||||
|
|
||||||
router.register("providers/all", ProviderViewSet)
|
router.register("providers/all", ProviderViewSet)
|
||||||
router.register("providers/applicationgateway", ApplicationGatewayProviderViewSet)
|
router.register("providers/applicationgateway", ApplicationGatewayProviderViewSet)
|
||||||
|
|
|
@ -6,6 +6,7 @@ from django.core.exceptions import ValidationError
|
||||||
from jinja2 import Undefined
|
from jinja2 import Undefined
|
||||||
from jinja2.exceptions import TemplateSyntaxError, UndefinedError
|
from jinja2.exceptions import TemplateSyntaxError, UndefinedError
|
||||||
from jinja2.nativetypes import NativeEnvironment
|
from jinja2.nativetypes import NativeEnvironment
|
||||||
|
from requests import Session
|
||||||
from structlog import get_logger
|
from structlog import get_logger
|
||||||
|
|
||||||
from passbook.flows.planner import PLAN_CONTEXT_SSO
|
from passbook.flows.planner import PLAN_CONTEXT_SSO
|
||||||
|
@ -46,11 +47,6 @@ class Evaluator:
|
||||||
"""Check if `user` is member of group with name `group_name`"""
|
"""Check if `user` is member of group with name `group_name`"""
|
||||||
return user.groups.filter(name=group_name).exists()
|
return user.groups.filter(name=group_name).exists()
|
||||||
|
|
||||||
@staticmethod
|
|
||||||
def jinja2_log(message, **kwargs):
|
|
||||||
"""Output debug log to console"""
|
|
||||||
return LOGGER.debug("Expression log", _m=message, **kwargs)
|
|
||||||
|
|
||||||
def _get_expression_context(
|
def _get_expression_context(
|
||||||
self, request: PolicyRequest, **kwargs
|
self, request: PolicyRequest, **kwargs
|
||||||
) -> Dict[str, Any]:
|
) -> Dict[str, Any]:
|
||||||
|
@ -58,8 +54,8 @@ class Evaluator:
|
||||||
# update passbook/policies/expression/templates/policy/expression/form.html
|
# update passbook/policies/expression/templates/policy/expression/form.html
|
||||||
# update docs/policies/expression/index.md
|
# update docs/policies/expression/index.md
|
||||||
kwargs["pb_is_group_member"] = Evaluator.jinja2_func_is_group_member
|
kwargs["pb_is_group_member"] = Evaluator.jinja2_func_is_group_member
|
||||||
kwargs["pb_log"] = Evaluator.jinja2_log
|
|
||||||
kwargs["pb_logger"] = get_logger()
|
kwargs["pb_logger"] = get_logger()
|
||||||
|
kwargs["requests"] = Session()
|
||||||
if request.http_request:
|
if request.http_request:
|
||||||
kwargs["pb_is_sso_flow"] = request.http_request.session.get(
|
kwargs["pb_is_sso_flow"] = request.http_request.session.get(
|
||||||
PLAN_CONTEXT_SSO, False
|
PLAN_CONTEXT_SSO, False
|
||||||
|
|
|
@ -1,28 +0,0 @@
|
||||||
"""Source API Views"""
|
|
||||||
from rest_framework.serializers import ModelSerializer
|
|
||||||
from rest_framework.viewsets import ModelViewSet
|
|
||||||
|
|
||||||
from passbook.policies.forms import GENERAL_SERIALIZER_FIELDS
|
|
||||||
from passbook.policies.webhook.models import WebhookPolicy
|
|
||||||
|
|
||||||
|
|
||||||
class WebhookPolicySerializer(ModelSerializer):
|
|
||||||
"""Webhook Policy Serializer"""
|
|
||||||
|
|
||||||
class Meta:
|
|
||||||
model = WebhookPolicy
|
|
||||||
fields = GENERAL_SERIALIZER_FIELDS + [
|
|
||||||
"url",
|
|
||||||
"method",
|
|
||||||
"json_body",
|
|
||||||
"json_headers",
|
|
||||||
"result_jsonpath",
|
|
||||||
"result_json_value",
|
|
||||||
]
|
|
||||||
|
|
||||||
|
|
||||||
class WebhookPolicyViewSet(ModelViewSet):
|
|
||||||
"""Source Viewset"""
|
|
||||||
|
|
||||||
queryset = WebhookPolicy.objects.all()
|
|
||||||
serializer_class = WebhookPolicySerializer
|
|
|
@ -1,11 +0,0 @@
|
||||||
"""passbook Webhook policy app config"""
|
|
||||||
|
|
||||||
from django.apps import AppConfig
|
|
||||||
|
|
||||||
|
|
||||||
class PassbookPoliciesWebhookConfig(AppConfig):
|
|
||||||
"""passbook Webhook policy app config"""
|
|
||||||
|
|
||||||
name = "passbook.policies.webhook"
|
|
||||||
label = "passbook_policies_webhook"
|
|
||||||
verbose_name = "passbook Policies.Webhook"
|
|
|
@ -1,29 +0,0 @@
|
||||||
"""passbook Policy forms"""
|
|
||||||
|
|
||||||
from django import forms
|
|
||||||
|
|
||||||
from passbook.policies.forms import GENERAL_FIELDS
|
|
||||||
from passbook.policies.webhook.models import WebhookPolicy
|
|
||||||
|
|
||||||
|
|
||||||
class WebhookPolicyForm(forms.ModelForm):
|
|
||||||
"""WebhookPolicyForm Form"""
|
|
||||||
|
|
||||||
class Meta:
|
|
||||||
|
|
||||||
model = WebhookPolicy
|
|
||||||
fields = GENERAL_FIELDS + [
|
|
||||||
"url",
|
|
||||||
"method",
|
|
||||||
"json_body",
|
|
||||||
"json_headers",
|
|
||||||
"result_jsonpath",
|
|
||||||
"result_json_value",
|
|
||||||
]
|
|
||||||
widgets = {
|
|
||||||
"name": forms.TextInput(),
|
|
||||||
"json_body": forms.TextInput(),
|
|
||||||
"json_headers": forms.TextInput(),
|
|
||||||
"result_jsonpath": forms.TextInput(),
|
|
||||||
"result_json_value": forms.TextInput(),
|
|
||||||
}
|
|
|
@ -1,55 +0,0 @@
|
||||||
# Generated by Django 2.2.6 on 2019-10-07 14:07
|
|
||||||
|
|
||||||
import django.db.models.deletion
|
|
||||||
from django.db import migrations, models
|
|
||||||
|
|
||||||
|
|
||||||
class Migration(migrations.Migration):
|
|
||||||
|
|
||||||
initial = True
|
|
||||||
|
|
||||||
dependencies = [
|
|
||||||
("passbook_core", "0001_initial"),
|
|
||||||
]
|
|
||||||
|
|
||||||
operations = [
|
|
||||||
migrations.CreateModel(
|
|
||||||
name="WebhookPolicy",
|
|
||||||
fields=[
|
|
||||||
(
|
|
||||||
"policy_ptr",
|
|
||||||
models.OneToOneField(
|
|
||||||
auto_created=True,
|
|
||||||
on_delete=django.db.models.deletion.CASCADE,
|
|
||||||
parent_link=True,
|
|
||||||
primary_key=True,
|
|
||||||
serialize=False,
|
|
||||||
to="passbook_core.Policy",
|
|
||||||
),
|
|
||||||
),
|
|
||||||
("url", models.URLField()),
|
|
||||||
(
|
|
||||||
"method",
|
|
||||||
models.CharField(
|
|
||||||
choices=[
|
|
||||||
("GET", "GET"),
|
|
||||||
("POST", "POST"),
|
|
||||||
("PATCH", "PATCH"),
|
|
||||||
("DELETE", "DELETE"),
|
|
||||||
("PUT", "PUT"),
|
|
||||||
],
|
|
||||||
max_length=10,
|
|
||||||
),
|
|
||||||
),
|
|
||||||
("json_body", models.TextField()),
|
|
||||||
("json_headers", models.TextField()),
|
|
||||||
("result_jsonpath", models.TextField()),
|
|
||||||
("result_json_value", models.TextField()),
|
|
||||||
],
|
|
||||||
options={
|
|
||||||
"verbose_name": "Webhook Policy",
|
|
||||||
"verbose_name_plural": "Webhook Policies",
|
|
||||||
},
|
|
||||||
bases=("passbook_core.policy",),
|
|
||||||
),
|
|
||||||
]
|
|
|
@ -1,42 +0,0 @@
|
||||||
"""webhook models"""
|
|
||||||
from django.db import models
|
|
||||||
from django.utils.translation import gettext as _
|
|
||||||
|
|
||||||
from passbook.core.models import Policy
|
|
||||||
from passbook.policies.types import PolicyRequest, PolicyResult
|
|
||||||
|
|
||||||
|
|
||||||
class WebhookPolicy(Policy):
|
|
||||||
"""Policy that asks webhook"""
|
|
||||||
|
|
||||||
METHOD_GET = "GET"
|
|
||||||
METHOD_POST = "POST"
|
|
||||||
METHOD_PATCH = "PATCH"
|
|
||||||
METHOD_DELETE = "DELETE"
|
|
||||||
METHOD_PUT = "PUT"
|
|
||||||
|
|
||||||
METHODS = (
|
|
||||||
(METHOD_GET, METHOD_GET),
|
|
||||||
(METHOD_POST, METHOD_POST),
|
|
||||||
(METHOD_PATCH, METHOD_PATCH),
|
|
||||||
(METHOD_DELETE, METHOD_DELETE),
|
|
||||||
(METHOD_PUT, METHOD_PUT),
|
|
||||||
)
|
|
||||||
|
|
||||||
url = models.URLField()
|
|
||||||
method = models.CharField(max_length=10, choices=METHODS)
|
|
||||||
json_body = models.TextField()
|
|
||||||
json_headers = models.TextField()
|
|
||||||
result_jsonpath = models.TextField()
|
|
||||||
result_json_value = models.TextField()
|
|
||||||
|
|
||||||
form = "passbook.policies.webhook.forms.WebhookPolicyForm"
|
|
||||||
|
|
||||||
def passes(self, request: PolicyRequest) -> PolicyResult:
|
|
||||||
"""Call webhook asynchronously and report back"""
|
|
||||||
raise NotImplementedError()
|
|
||||||
|
|
||||||
class Meta:
|
|
||||||
|
|
||||||
verbose_name = _("Webhook Policy")
|
|
||||||
verbose_name_plural = _("Webhook Policies")
|
|
|
@ -89,7 +89,6 @@ INSTALLED_APPS = [
|
||||||
"passbook.policies.hibp.apps.PassbookPolicyHIBPConfig",
|
"passbook.policies.hibp.apps.PassbookPolicyHIBPConfig",
|
||||||
"passbook.policies.password.apps.PassbookPoliciesPasswordConfig",
|
"passbook.policies.password.apps.PassbookPoliciesPasswordConfig",
|
||||||
"passbook.policies.reputation.apps.PassbookPolicyReputationConfig",
|
"passbook.policies.reputation.apps.PassbookPolicyReputationConfig",
|
||||||
"passbook.policies.webhook.apps.PassbookPoliciesWebhookConfig",
|
|
||||||
"passbook.providers.app_gw.apps.PassbookApplicationApplicationGatewayConfig",
|
"passbook.providers.app_gw.apps.PassbookApplicationApplicationGatewayConfig",
|
||||||
"passbook.providers.oauth.apps.PassbookProviderOAuthConfig",
|
"passbook.providers.oauth.apps.PassbookProviderOAuthConfig",
|
||||||
"passbook.providers.oidc.apps.PassbookProviderOIDCConfig",
|
"passbook.providers.oidc.apps.PassbookProviderOIDCConfig",
|
||||||
|
|
190
swagger.yaml
190
swagger.yaml
|
@ -1710,133 +1710,6 @@ paths:
|
||||||
required: true
|
required: true
|
||||||
type: string
|
type: string
|
||||||
format: uuid
|
format: uuid
|
||||||
/policies/webhook/:
|
|
||||||
get:
|
|
||||||
operationId: policies_webhook_list
|
|
||||||
description: Source Viewset
|
|
||||||
parameters:
|
|
||||||
- name: ordering
|
|
||||||
in: query
|
|
||||||
description: Which field to use when ordering the results.
|
|
||||||
required: false
|
|
||||||
type: string
|
|
||||||
- name: search
|
|
||||||
in: query
|
|
||||||
description: A search term.
|
|
||||||
required: false
|
|
||||||
type: string
|
|
||||||
- name: limit
|
|
||||||
in: query
|
|
||||||
description: Number of results to return per page.
|
|
||||||
required: false
|
|
||||||
type: integer
|
|
||||||
- name: offset
|
|
||||||
in: query
|
|
||||||
description: The initial index from which to return the results.
|
|
||||||
required: false
|
|
||||||
type: integer
|
|
||||||
responses:
|
|
||||||
'200':
|
|
||||||
description: ''
|
|
||||||
schema:
|
|
||||||
required:
|
|
||||||
- count
|
|
||||||
- results
|
|
||||||
type: object
|
|
||||||
properties:
|
|
||||||
count:
|
|
||||||
type: integer
|
|
||||||
next:
|
|
||||||
type: string
|
|
||||||
format: uri
|
|
||||||
x-nullable: true
|
|
||||||
previous:
|
|
||||||
type: string
|
|
||||||
format: uri
|
|
||||||
x-nullable: true
|
|
||||||
results:
|
|
||||||
type: array
|
|
||||||
items:
|
|
||||||
$ref: '#/definitions/WebhookPolicy'
|
|
||||||
tags:
|
|
||||||
- policies
|
|
||||||
post:
|
|
||||||
operationId: policies_webhook_create
|
|
||||||
description: Source Viewset
|
|
||||||
parameters:
|
|
||||||
- name: data
|
|
||||||
in: body
|
|
||||||
required: true
|
|
||||||
schema:
|
|
||||||
$ref: '#/definitions/WebhookPolicy'
|
|
||||||
responses:
|
|
||||||
'201':
|
|
||||||
description: ''
|
|
||||||
schema:
|
|
||||||
$ref: '#/definitions/WebhookPolicy'
|
|
||||||
tags:
|
|
||||||
- policies
|
|
||||||
parameters: []
|
|
||||||
/policies/webhook/{uuid}/:
|
|
||||||
get:
|
|
||||||
operationId: policies_webhook_read
|
|
||||||
description: Source Viewset
|
|
||||||
parameters: []
|
|
||||||
responses:
|
|
||||||
'200':
|
|
||||||
description: ''
|
|
||||||
schema:
|
|
||||||
$ref: '#/definitions/WebhookPolicy'
|
|
||||||
tags:
|
|
||||||
- policies
|
|
||||||
put:
|
|
||||||
operationId: policies_webhook_update
|
|
||||||
description: Source Viewset
|
|
||||||
parameters:
|
|
||||||
- name: data
|
|
||||||
in: body
|
|
||||||
required: true
|
|
||||||
schema:
|
|
||||||
$ref: '#/definitions/WebhookPolicy'
|
|
||||||
responses:
|
|
||||||
'200':
|
|
||||||
description: ''
|
|
||||||
schema:
|
|
||||||
$ref: '#/definitions/WebhookPolicy'
|
|
||||||
tags:
|
|
||||||
- policies
|
|
||||||
patch:
|
|
||||||
operationId: policies_webhook_partial_update
|
|
||||||
description: Source Viewset
|
|
||||||
parameters:
|
|
||||||
- name: data
|
|
||||||
in: body
|
|
||||||
required: true
|
|
||||||
schema:
|
|
||||||
$ref: '#/definitions/WebhookPolicy'
|
|
||||||
responses:
|
|
||||||
'200':
|
|
||||||
description: ''
|
|
||||||
schema:
|
|
||||||
$ref: '#/definitions/WebhookPolicy'
|
|
||||||
tags:
|
|
||||||
- policies
|
|
||||||
delete:
|
|
||||||
operationId: policies_webhook_delete
|
|
||||||
description: Source Viewset
|
|
||||||
parameters: []
|
|
||||||
responses:
|
|
||||||
'204':
|
|
||||||
description: ''
|
|
||||||
tags:
|
|
||||||
- policies
|
|
||||||
parameters:
|
|
||||||
- name: uuid
|
|
||||||
in: path
|
|
||||||
description: A UUID string identifying this Webhook Policy.
|
|
||||||
required: true
|
|
||||||
type: string
|
|
||||||
format: uuid
|
|
||||||
/propertymappings/all/:
|
/propertymappings/all/:
|
||||||
get:
|
get:
|
||||||
operationId: propertymappings_all_list
|
operationId: propertymappings_all_list
|
||||||
|
@ -5422,69 +5295,6 @@ definitions:
|
||||||
type: integer
|
type: integer
|
||||||
maximum: 2147483647
|
maximum: 2147483647
|
||||||
minimum: -2147483648
|
minimum: -2147483648
|
||||||
WebhookPolicy:
|
|
||||||
required:
|
|
||||||
- url
|
|
||||||
- method
|
|
||||||
- json_body
|
|
||||||
- json_headers
|
|
||||||
- result_jsonpath
|
|
||||||
- result_json_value
|
|
||||||
type: object
|
|
||||||
properties:
|
|
||||||
pk:
|
|
||||||
title: Uuid
|
|
||||||
type: string
|
|
||||||
format: uuid
|
|
||||||
readOnly: true
|
|
||||||
name:
|
|
||||||
title: Name
|
|
||||||
type: string
|
|
||||||
x-nullable: true
|
|
||||||
negate:
|
|
||||||
title: Negate
|
|
||||||
type: boolean
|
|
||||||
order:
|
|
||||||
title: Order
|
|
||||||
type: integer
|
|
||||||
maximum: 2147483647
|
|
||||||
minimum: -2147483648
|
|
||||||
timeout:
|
|
||||||
title: Timeout
|
|
||||||
type: integer
|
|
||||||
maximum: 2147483647
|
|
||||||
minimum: -2147483648
|
|
||||||
url:
|
|
||||||
title: Url
|
|
||||||
type: string
|
|
||||||
format: uri
|
|
||||||
maxLength: 200
|
|
||||||
minLength: 1
|
|
||||||
method:
|
|
||||||
title: Method
|
|
||||||
type: string
|
|
||||||
enum:
|
|
||||||
- GET
|
|
||||||
- POST
|
|
||||||
- PATCH
|
|
||||||
- DELETE
|
|
||||||
- PUT
|
|
||||||
json_body:
|
|
||||||
title: Json body
|
|
||||||
type: string
|
|
||||||
minLength: 1
|
|
||||||
json_headers:
|
|
||||||
title: Json headers
|
|
||||||
type: string
|
|
||||||
minLength: 1
|
|
||||||
result_jsonpath:
|
|
||||||
title: Result jsonpath
|
|
||||||
type: string
|
|
||||||
minLength: 1
|
|
||||||
result_json_value:
|
|
||||||
title: Result json value
|
|
||||||
type: string
|
|
||||||
minLength: 1
|
|
||||||
PropertyMapping:
|
PropertyMapping:
|
||||||
required:
|
required:
|
||||||
- name
|
- name
|
||||||
|
|
Reference in a new issue