#184781889 [WIP] Add applied_to and applied_to_unidentified in governance rules

moesifdjango/block_response_buffer.py

@@ -1,10 +1,11 @@
+from .governance_rules import RuleType
 from .governance_rule_response import GovernanceRuleBlockResponse
 
 
 class BlockResponseBufferList:
-    def __init__(self):
+    def __init__(self, rule_type=RuleType.REGEX.value):
         self.responses = []
-        self.rule_type = None
+        self.rule_type = rule_type
         self.blocked = False
 
     def update(self, block, updated_gr_status, updated_gr_headers, updated_gr_body):

moesifdjango/governance_rules.py

@@ -1,13 +1,27 @@
 import json
 from moesifapi import APIException
+from enum import Enum
+
+
+class AppliedTo(Enum):
+    MATCHING = 'matching'
+    NOT_MATCHING = 'not_matching'
+
+
+class RuleType(Enum):
+    USER = 'user'
+    COMPANY = 'company'
+    REGEX = 'regex'
 
 
 class GovernanceRulesCacher:
 
     def __init__(self, api_client):
         self.api_client = api_client
-        self.user_rules = {}
-        self.company_rules = {}
+        self.applied_to_identified_user_rules = {}
+        self.applied_to_identified_company_rules = {}
+        self.applied_to_unidentified_user_rules = {}
+        self.applied_to_unidentified_company_rules = {}
         self.regex_rules = {}
 
     def get_governance_rules_from_client(self, DEBUG):
@@ -32,25 +46,38 @@ def generate_rules_caching(self, DEBUG):
             governance_rules = self.get_governance_rules_from_client(DEBUG)
             if not governance_rules:
                 return None, None, None
-            rule_types = ['regex', 'user', 'company']
+            rule_types = [RuleType.REGEX.value, RuleType.USER.value, RuleType.COMPANY.value]
             rules_type_mapping = {}
             for rule_type in rule_types:
-                rules_type_mapping[rule_type] = {}
+                if rule_type == RuleType.REGEX.value:
+                    rules_type_mapping[rule_type] = {}
+                    rules_type_mapping[rule_type][False] = {}
+                else:
+                    rules_type_mapping[rule_type] = {}
+                    rules_type_mapping[rule_type][True] = {}
+                    rules_type_mapping[rule_type][False] = {}
             for rule in governance_rules:
                 rule_id = rule['_id']
 
                 if 'type' in rule:
                     rule_type = rule['type']
 
                     if rule_type in rule_types:
-                        rules_type_mapping[rule_type][rule_id] = rule
+                        applied_to_unidentified = rule.get('applied_to_unidentified', False)
+                        rules_type_mapping[rule_type][applied_to_unidentified][rule_id] = rule
                     else:
                         print('[moesif] Get parsed rule type {} is not valid'.format(rule['type']))
 
-                    self.user_rules = rules_type_mapping['user']
-                    self.company_rules = rules_type_mapping['company']
-                    self.regex_rules = rules_type_mapping['regex']
+            self.applied_to_identified_user_rules = rules_type_mapping[RuleType.USER.value][False]
+            self.applied_to_unidentified_user_rules = rules_type_mapping[RuleType.USER.value][True]
+            self.applied_to_identified_company_rules = rules_type_mapping[RuleType.COMPANY.value][False]
+            self.applied_to_unidentified_company_rules = rules_type_mapping[RuleType.COMPANY.value][True]
+            # regex rule will not apply to unidentified or identified, currently,
+            # we will consider that the applied_to_unidentified always set to False
+            self.regex_rules = rules_type_mapping[RuleType.REGEX.value][False]
         except Exception as e:
             print("[moesif] Error when parsing rules response: ", e)
 
-        return self.user_rules, self.company_rules, self.regex_rules
+        return self.applied_to_identified_user_rules, self.applied_to_unidentified_user_rules, \
+               self.applied_to_identified_company_rules, self.applied_to_unidentified_company_rules, \
+               self.regex_rules

moesifdjango/middleware.py

@@ -79,8 +79,9 @@ def __init__(self, get_response):
         self.entity_rules = self.gov_rule_helper.fetch_entity_rules_from_app_config(self.config, self.DEBUG)
 
         self.gov_rules_cacher = GovernanceRulesCacher(self.api_client)
-        self.user_governance_rules, self.company_governance_rules, self.regex_governance_rules \
-            = self.gov_rules_cacher.generate_rules_caching(self.DEBUG)
+        self.identified_user_governance_rules, self.unidentified_user_governance_rules, \
+        self.identified_company_governance_rules, self.unidentified_company_governance_rules, \
+        self.regex_governance_rules = self.gov_rules_cacher.generate_rules_caching(self.DEBUG)
 
         self.sampling_percentage = 100
         self.config_etag = None
@@ -136,7 +137,9 @@ def event_listener(self, event):
                 if response_rules_etag:
                     if not self.rules_etag or self.rules_etag != response_rules_etag:
                         self.rules_etag = response_rules_etag
-                        self.user_governance_rules, self.company_governance_rules, self.regex_governance_rules \
+                        self.identified_user_governance_rules, self.unidentified_user_governance_rules,\
+                        self.identified_company_governance_rules, self.unidentified_company_governance_rules,\
+                        self.regex_governance_rules \
                             = self.gov_rules_cacher.generate_rules_caching(self.DEBUG)
 
     # Function to schedule send event job in async
@@ -210,7 +213,8 @@ def __call__(self, request):
                                                                                       self.middleware_settings)
 
         # Prepare Request Body
-        req_body, req_body_transfer_encoding = self.logger_helper.prepare_request_body(request, req_headers, self.LOG_BODY,
+        req_body, req_body_transfer_encoding = self.logger_helper.prepare_request_body(request, req_headers,
+                                                                                       self.LOG_BODY,
                                                                                        self.middleware_settings)
         # Fetch Ip Address
         ip_address = self.client_ip.get_client_ip(request)
@@ -229,11 +233,12 @@ def __call__(self, request):
         rsp_headers = self.logger_helper.parse_response_headers(response, self.middleware_settings)
 
         # Prepare Response Body
-        rsp_body, rsp_body_transfer_encoding = self.logger_helper.prepare_response_body(response, rsp_headers, self.LOG_BODY,
+        rsp_body, rsp_body_transfer_encoding = self.logger_helper.prepare_response_body(response, rsp_headers,
+                                                                                        self.LOG_BODY,
                                                                                         self.middleware_settings)
 
         # Prepare Event Request Model
-        event_req = self.event_mapper.to_request(req_time, uri,request.method, self.api_version, ip_address,
+        event_req = self.event_mapper.to_request(req_time, uri, request.method, self.api_version, ip_address,
                                                  req_headers, req_body, req_body_transfer_encoding)
 
         # Prepare Event Response Model
@@ -258,15 +263,17 @@ def __call__(self, request):
         # Mask Event Model
         event_model = self.logger_helper.mask_event(event_model, self.middleware_settings, self.DEBUG)
 
-        updated_Response = self.gov_rule_helper.govern_request(event_model,
-                                                               user_id,
-                                                               company_id,
-                                                               req_body_transfer_encoding,  # could be json or base64
-                                                               self.entity_rules,
-                                                               self.user_governance_rules,
-                                                               self.company_governance_rules,
-                                                               self.regex_governance_rules,
-                                                               self.DEBUG)
+        updated_Response = self.gov_rule_helper.apply_governance_rules(event_model,
+                                                                       user_id,
+                                                                       company_id,
+                                                                       req_body_transfer_encoding,  # could be json or base64
+                                                                       self.entity_rules,
+                                                                       self.identified_user_governance_rules,
+                                                                       self.unidentified_user_governance_rules,
+                                                                       self.identified_company_governance_rules,
+                                                                       self.unidentified_company_governance_rules,
+                                                                       self.regex_governance_rules,
+                                                                       self.DEBUG)
 
         if updated_Response:
             response.content = self.parse_body.encode_response_body(updated_Response.block_response_body)