2019-10-01 09:17:39 +01:00
|
|
|
"""passbook policy task"""
|
|
|
|
from multiprocessing import Process
|
|
|
|
from multiprocessing.connection import Connection
|
|
|
|
|
2019-10-07 15:33:48 +01:00
|
|
|
from django.core.cache import cache
|
2019-10-01 09:24:10 +01:00
|
|
|
from structlog import get_logger
|
|
|
|
|
2019-10-03 09:45:31 +01:00
|
|
|
from passbook.core.models import Policy
|
2019-10-07 15:33:48 +01:00
|
|
|
from passbook.policies.exceptions import PolicyException
|
|
|
|
from passbook.policies.struct import PolicyRequest, PolicyResult
|
2019-10-01 09:17:39 +01:00
|
|
|
|
2019-10-04 09:22:06 +01:00
|
|
|
LOGGER = get_logger()
|
2019-10-01 09:17:39 +01:00
|
|
|
|
|
|
|
|
2019-10-07 15:33:48 +01:00
|
|
|
def cache_key(policy, user):
|
|
|
|
"""Generate Cache key for policy"""
|
|
|
|
return f"policy_{policy.pk}#{user.pk}"
|
2019-10-01 09:17:39 +01:00
|
|
|
|
2019-10-04 09:22:06 +01:00
|
|
|
class PolicyProcess(Process):
|
2019-10-01 09:17:39 +01:00
|
|
|
"""Evaluate a single policy within a seprate process"""
|
|
|
|
|
2019-10-04 12:44:26 +01:00
|
|
|
connection: Connection
|
2019-10-01 09:17:39 +01:00
|
|
|
policy: Policy
|
2019-10-03 09:45:31 +01:00
|
|
|
request: PolicyRequest
|
2019-10-01 09:17:39 +01:00
|
|
|
|
2019-10-04 12:44:26 +01:00
|
|
|
def __init__(self, policy: Policy, request: PolicyRequest, connection: Connection):
|
|
|
|
super().__init__()
|
|
|
|
self.policy = policy
|
|
|
|
self.request = request
|
|
|
|
self.connection = connection
|
|
|
|
|
2019-10-01 09:17:39 +01:00
|
|
|
def run(self):
|
|
|
|
"""Task wrapper to run policy checking"""
|
2019-10-04 09:22:06 +01:00
|
|
|
LOGGER.debug("Running policy", policy=self.policy,
|
|
|
|
user=self.request.user, process="PolicyProcess")
|
2019-10-02 21:28:39 +01:00
|
|
|
try:
|
2019-10-03 09:45:31 +01:00
|
|
|
policy_result = self.policy.passes(self.request)
|
2019-10-02 21:28:39 +01:00
|
|
|
except PolicyException as exc:
|
|
|
|
LOGGER.debug(exc)
|
|
|
|
policy_result = PolicyResult(False, str(exc))
|
2019-10-01 09:17:39 +01:00
|
|
|
# Invert result if policy.negate is set
|
|
|
|
if self.policy.negate:
|
2019-10-14 14:00:20 +01:00
|
|
|
policy_result.passing = not policy_result.passing
|
2019-10-04 09:22:06 +01:00
|
|
|
LOGGER.debug("Got result", policy=self.policy, result=policy_result,
|
2019-10-15 14:44:59 +01:00
|
|
|
process="PolicyProcess", passing=policy_result.passing, user=self.request.user)
|
2019-10-07 15:33:48 +01:00
|
|
|
key = cache_key(self.policy, self.request.user)
|
|
|
|
cache.set(key, policy_result)
|
|
|
|
LOGGER.debug("Cached policy evaluation", key=key)
|
2019-10-04 12:44:26 +01:00
|
|
|
self.connection.send(policy_result)
|