#184781889 [WIP] Add applied_to and applied_to_unidentified in governance rules

moesifdjango/block_response_buffer.py

@@ -1,10 +1,11 @@
+from .governance_rules import RuleType
 from .governance_rule_response import GovernanceRuleBlockResponse
 
 
 class BlockResponseBufferList:
- def __init__(self):
+ def __init__(self, rule_type=RuleType.REGEX.value):
  self.responses = []
- self.rule_type = None
+ self.rule_type = rule_type
  self.blocked = False
 
  def update(self, block, updated_gr_status, updated_gr_headers, updated_gr_body):

moesifdjango/governance_rules.py

@@ -1,13 +1,27 @@
 import json
 from moesifapi import APIException
+from enum import Enum
+
+
+class AppliedTo(Enum):
+ MATCHING = 'matching'
+ NOT_MATCHING = 'not_matching'
+
+
+class RuleType(Enum):
+ USER = 'user'
+ COMPANY = 'company'
+ REGEX = 'regex'
 
 
 class GovernanceRulesCacher:
 
  def __init__(self, api_client):
  self.api_client = api_client
- self.user_rules = {}
- self.company_rules = {}
+ self.applied_to_identified_user_rules = {}
+ self.applied_to_identified_company_rules = {}
+ self.applied_to_unidentified_user_rules = {}
+ self.applied_to_unidentified_company_rules = {}
  self.regex_rules = {}
 
  def get_governance_rules_from_client(self, DEBUG):
@@ -32,25 +46,38 @@ def generate_rules_caching(self, DEBUG):
  governance_rules = self.get_governance_rules_from_client(DEBUG)
  if not governance_rules:
  return None, None, None
- rule_types = ['regex', 'user', 'company']
+ rule_types = [RuleType.REGEX.value, RuleType.USER.value, RuleType.COMPANY.value]
  rules_type_mapping = {}
  for rule_type in rule_types:
- rules_type_mapping[rule_type] = {}
+ if rule_type == RuleType.REGEX.value:
+ rules_type_mapping[rule_type] = {}
+ rules_type_mapping[rule_type][False] = {}
+ else:
+ rules_type_mapping[rule_type] = {}
+ rules_type_mapping[rule_type][True] = {}
+ rules_type_mapping[rule_type][False] = {}
  for rule in governance_rules:
  rule_id = rule['_id']
 
  if 'type' in rule:
  rule_type = rule['type']
 
  if rule_type in rule_types:
- rules_type_mapping[rule_type][rule_id] = rule
+ applied_to_unidentified = rule.get('applied_to_unidentified', False)
+ rules_type_mapping[rule_type][applied_to_unidentified][rule_id] = rule
  else:
  print('[moesif] Get parsed rule type {} is not valid'.format(rule['type']))
 
- self.user_rules = rules_type_mapping['user']
- self.company_rules = rules_type_mapping['company']
- self.regex_rules = rules_type_mapping['regex']
+ self.applied_to_identified_user_rules = rules_type_mapping[RuleType.USER.value][False]
+ self.applied_to_unidentified_user_rules = rules_type_mapping[RuleType.USER.value][True]
+ self.applied_to_identified_company_rules = rules_type_mapping[RuleType.COMPANY.value][False]
+ self.applied_to_unidentified_company_rules = rules_type_mapping[RuleType.COMPANY.value][True]
+ # regex rule will not apply to unidentified or identified, currently,
+ # we will consider that the applied_to_unidentified always set to False
+ self.regex_rules = rules_type_mapping[RuleType.REGEX.value][False]
  except Exception as e:
  print("[moesif] Error when parsing rules response: ", e)
 
- return self.user_rules, self.company_rules, self.regex_rules
+ return self.applied_to_identified_user_rules, self.applied_to_unidentified_user_rules, \
+ self.applied_to_identified_company_rules, self.applied_to_unidentified_company_rules, \
+ self.regex_rules

moesifdjango/middleware.py

@@ -79,8 +79,9 @@ def __init__(self, get_response):
  self.entity_rules = self.gov_rule_helper.fetch_entity_rules_from_app_config(self.config, self.DEBUG)
 
  self.gov_rules_cacher = GovernanceRulesCacher(self.api_client)
- self.user_governance_rules, self.company_governance_rules, self.regex_governance_rules \
- = self.gov_rules_cacher.generate_rules_caching(self.DEBUG)
+ self.identified_user_governance_rules, self.unidentified_user_governance_rules, \
+ self.identified_company_governance_rules, self.unidentified_company_governance_rules, \
+ self.regex_governance_rules = self.gov_rules_cacher.generate_rules_caching(self.DEBUG)
 
  self.sampling_percentage = 100
  self.config_etag = None
@@ -136,7 +137,9 @@ def event_listener(self, event):
  if response_rules_etag:
  if not self.rules_etag or self.rules_etag != response_rules_etag:
  self.rules_etag = response_rules_etag
- self.user_governance_rules, self.company_governance_rules, self.regex_governance_rules \
+ self.identified_user_governance_rules, self.unidentified_user_governance_rules,\
+ self.identified_company_governance_rules, self.unidentified_company_governance_rules,\
+ self.regex_governance_rules \
  = self.gov_rules_cacher.generate_rules_caching(self.DEBUG)
 
  # Function to schedule send event job in async
@@ -210,7 +213,8 @@ def __call__(self, request):
  self.middleware_settings)
 
  # Prepare Request Body
- req_body, req_body_transfer_encoding = self.logger_helper.prepare_request_body(request, req_headers, self.LOG_BODY,
+ req_body, req_body_transfer_encoding = self.logger_helper.prepare_request_body(request, req_headers,
+ self.LOG_BODY,
  self.middleware_settings)
  # Fetch Ip Address
  ip_address = self.client_ip.get_client_ip(request)
@@ -229,11 +233,12 @@ def __call__(self, request):
  rsp_headers = self.logger_helper.parse_response_headers(response, self.middleware_settings)
 
  # Prepare Response Body
- rsp_body, rsp_body_transfer_encoding = self.logger_helper.prepare_response_body(response, rsp_headers, self.LOG_BODY,
+ rsp_body, rsp_body_transfer_encoding = self.logger_helper.prepare_response_body(response, rsp_headers,
+ self.LOG_BODY,
  self.middleware_settings)
 
  # Prepare Event Request Model
- event_req = self.event_mapper.to_request(req_time, uri,request.method, self.api_version, ip_address,
+ event_req = self.event_mapper.to_request(req_time, uri, request.method, self.api_version, ip_address,
  req_headers, req_body, req_body_transfer_encoding)
 
  # Prepare Event Response Model
@@ -258,15 +263,17 @@ def __call__(self, request):
  # Mask Event Model
  event_model = self.logger_helper.mask_event(event_model, self.middleware_settings, self.DEBUG)
 
- updated_Response = self.gov_rule_helper.govern_request(event_model,
- user_id,
- company_id,
- req_body_transfer_encoding, # could be json or base64
- self.entity_rules,
- self.user_governance_rules,
- self.company_governance_rules,
- self.regex_governance_rules,
- self.DEBUG)
+ updated_Response = self.gov_rule_helper.apply_governance_rules(event_model,
+ user_id,
+ company_id,
+ req_body_transfer_encoding, # could be json or base64
+ self.entity_rules,
+ self.identified_user_governance_rules,
+ self.unidentified_user_governance_rules,
+ self.identified_company_governance_rules,
+ self.unidentified_company_governance_rules,
+ self.regex_governance_rules,
+ self.DEBUG)
 
  if updated_Response:
  response.content = self.parse_body.encode_response_body(updated_Response.block_response_body)