ISSUE #92

Author: vladyslav-fenchak

minos/api_gateway/rest/database/models.py

@@ -56,3 +56,51 @@ def __init__(self, model: AuthRule):
         self.methods = model.methods
         self.created_at = str(model.created_at)
         self.updated_at = str(model.updated_at)
+
+
+class AutzRule(Base):
+    __tablename__ = "autz_rules"
+    id = Column(Integer, Sequence("item_id_seq"), nullable=False, primary_key=True)
+    service = Column(String, primary_key=True, nullable=False)
+    rule = Column(String, primary_key=True, nullable=False)
+    roles = Column(JSON)
+    methods = Column(JSON)
+    created_at = Column(TIMESTAMP)
+    updated_at = Column(TIMESTAMP)
+
+    def __repr__(self):
+        return (
+            "<AuthRule(id='{}', service='{}', rule='{}',"
+            "methods={}, created_at={}, updated_at={})>".format(  # pragma: no cover
+                self.id, self.service, self.roles, self.methods, self.created_at, self.updated_at
+            )
+        )
+
+    def to_serializable_dict(self):
+        return {
+            "id": self.id,
+            "service": self.service,
+            "roles": self.roles,
+            "methods": self.methods,
+            "created_at": str(self.created_at),
+            "updated_at": str(self.updated_at),
+        }
+
+
+class AutzRuleDTO:
+    id: int
+    service: str
+    rule: str
+    roles: list
+    methods: list
+    created_at: str
+    updated_at: str
+
+    def __init__(self, model: AutzRule):
+        self.id = model.id
+        self.rule = model.rule
+        self.service = model.service
+        self.roles = model.roles
+        self.methods = model.methods
+        self.created_at = str(model.created_at)
+        self.updated_at = str(model.updated_at)

minos/api_gateway/rest/database/repository.py

@@ -8,6 +8,8 @@
 from .models import (
     AuthRule,
     AuthRuleDTO,
+    AutzRule,
+    AutzRuleDTO,
 )
 
 
@@ -17,28 +19,49 @@ def __init__(self, engine):
         self.s = sessionmaker(bind=engine)
         self.session = self.s()
 
-    def create(self, record: AuthRule):
+    def create_auth_rule(self, record: AuthRule):
         self.session.add(record)
         self.session.commit()
         return record.to_serializable_dict()
 
-    def get_all(self):
+    def create_autz_rule(self, record: AutzRule):
+        self.session.add(record)
+        self.session.commit()
+        return record.to_serializable_dict()
+
+    def get_auth_rules(self):
         r = self.session.query(AuthRule).all()
 
         records = list()
         for record in r:
             records.append(AuthRuleDTO(record).__dict__)
         return records
 
-    def update(self, id: int, **kwargs):
+    def get_autz_rules(self):
+        r = self.session.query(AutzRule).all()
+
+        records = list()
+        for record in r:
+            records.append(AutzRuleDTO(record).__dict__)
+        return records
+
+    def update_auth_rule(self, id: int, **kwargs):
         self.session.query(AuthRule).filter(AuthRule.id == id).update(kwargs)
         self.session.commit()
 
-    def delete(self, id: int):
+    def update_autz_rule(self, id: int, **kwargs):
+        self.session.query(AutzRule).filter(AutzRule.id == id).update(kwargs)
+        self.session.commit()
+
+    def delete_auth_rule(self, id: int):
         self.session.query(AuthRule).filter(AuthRule.id == id).delete()
         self.session.commit()
 
-    def get_by_service(self, service: str):
+    def delete_autz_rule(self, id: int):
+        self.session.query(AutzRule).filter(AutzRule.id == id).delete()
+        self.session.commit()
+
+    def get_auth_rule_by_service(self, service: str):
         r = self.session.query(AuthRule).filter(or_(AuthRule.service == service, AuthRule.service == "*")).all()
 
         records = list()

minos/api_gateway/rest/handler.py

@@ -21,6 +21,7 @@
 
 from minos.api_gateway.rest.database.models import (
     AuthRule,
+    AutzRule,
 )
 from minos.api_gateway.rest.urlmatch.authmatch import (
     AuthMatch,
@@ -56,7 +57,7 @@ async def orchestrate(request: web.Request) -> web.Response:
 
 
 async def check_auth(request: web.Request, service: str, url: str, method: str) -> bool:
-    records = Repository(request.app["db_engine"]).get_by_service(service)
+    records = Repository(request.app["db_engine"]).get_auth_rule_by_service(service)
     return AuthMatch.match(url=url, method=method, records=records)
 
 
@@ -239,9 +240,26 @@ async def get_endpoints(request: web.Request) -> web.Response:
                 {"error": "The requested endpoint is not available."}, status=web.HTTPServiceUnavailable.status_code
             )
 
+    @staticmethod
+    async def get_roles(request: web.Request) -> web.Response:
+        auth_host = request.app["config"].rest.auth.host
+        auth_port = request.app["config"].rest.auth.port
+        auth_path = request.app["config"].rest.auth.path
+
+        url = URL.build(scheme="http", host=auth_host, port=auth_port, path=f"{auth_path}/roles")
+
+        try:
+            async with ClientSession() as session:
+                async with session.get(url=url) as response:
+                    return await _clone_response(response)
+        except ClientConnectorError:
+            return web.json_response(
+                {"error": "The requested endpoint is not available."}, status=web.HTTPServiceUnavailable.status_code
+            )
+
     @staticmethod
     async def get_rules(request: web.Request) -> web.Response:
-        records = Repository(request.app["db_engine"]).get_all()
+        records = Repository(request.app["db_engine"]).get_auth_rules()
         return web.json_response(records)
 
     @staticmethod
@@ -265,7 +283,7 @@ async def create_rule(request: web.Request) -> web.Response:
                 updated_at=now,
             )
 
-            record = Repository(request.app["db_engine"]).create(rule)
+            record = Repository(request.app["db_engine"]).create_auth_rule(rule)
 
             return web.json_response(record)
         except Exception as e:
@@ -276,7 +294,17 @@ async def update_rule(request: web.Request) -> web.Response:
         try:
             id = int(request.url.name)
             content = await request.json()
-            Repository(request.app["db_engine"]).update(id=id, **content)
+            Repository(request.app["db_engine"]).update_auth_rule(id=id, **content)
+            return web.json_response(status=web.HTTPOk.status_code)
+        except Exception as e:
+            return web.json_response({"error": str(e)}, status=web.HTTPBadRequest.status_code)
+
+    @staticmethod
+    async def update_autz_rule(request: web.Request) -> web.Response:
+        try:
+            id = int(request.url.name)
+            content = await request.json()
+            Repository(request.app["db_engine"]).update_autz_rule(id=id, **content)
             return web.json_response(status=web.HTTPOk.status_code)
         except Exception as e:
             return web.json_response({"error": str(e)}, status=web.HTTPBadRequest.status_code)
@@ -285,7 +313,54 @@ async def update_rule(request: web.Request) -> web.Response:
     async def delete_rule(request: web.Request) -> web.Response:
         try:
             id = int(request.url.name)
-            Repository(request.app["db_engine"]).delete(id)
+            Repository(request.app["db_engine"]).delete_auth_rule(id)
+            return web.json_response(status=web.HTTPOk.status_code)
+        except Exception as e:
+            return web.json_response({"error": str(e)}, status=web.HTTPBadRequest.status_code)
+
+    @staticmethod
+    async def delete_autz_rule(request: web.Request) -> web.Response:
+        try:
+            id = int(request.url.name)
+            Repository(request.app["db_engine"]).delete_autz_rule(id)
             return web.json_response(status=web.HTTPOk.status_code)
         except Exception as e:
             return web.json_response({"error": str(e)}, status=web.HTTPBadRequest.status_code)
+
+    @staticmethod
+    async def create_autz_rule(request: web.Request) -> web.Response:
+        try:
+            content = await request.json()
+
+            if (
+                "service" not in content
+                and "rule" not in content
+                and "roles" not in content
+                and "methods" not in content
+            ):
+                return web.json_response(
+                    {"error": "Wrong data. Provide 'service', 'rule', 'roles' and 'methods' parameters."},
+                    status=web.HTTPBadRequest.status_code,
+                )
+
+            now = datetime.now()
+
+            rule = AutzRule(
+                service=content["service"],
+                rule=content["rule"],
+                roles=content["roles"],
+                methods=content["methods"],
+                created_at=now,
+                updated_at=now,
+            )
+
+            record = Repository(request.app["db_engine"]).create_autz_rule(rule)
+
+            return web.json_response(record)
+        except Exception as e:
+            return web.json_response({"error": str(e)}, status=web.HTTPBadRequest.status_code)
+
+    @staticmethod
+    async def get_autz_rules(request: web.Request) -> web.Response:
+        records = Repository(request.app["db_engine"]).get_autz_rules()
+        return web.json_response(records)

minos/api_gateway/rest/service.py

@@ -70,6 +70,12 @@ async def create_application(self) -> web.Application:
         app.router.add_route("PATCH", "/admin/rules/{id}", AdminHandler.update_rule)
         app.router.add_route("DELETE", "/admin/rules/{id}", AdminHandler.delete_rule)
 
+        app.router.add_route("GET", "/admin/roles", AdminHandler.get_roles)
+        app.router.add_route("POST", "/admin/autz-rules", AdminHandler.create_autz_rule)
+        app.router.add_route("GET", "/admin/autz-rules", AdminHandler.get_autz_rules)
+        app.router.add_route("PATCH", "/admin/autz-rules/{id}", AdminHandler.update_autz_rule)
+        app.router.add_route("DELETE", "/admin/autz-rules/{id}", AdminHandler.delete_autz_rule)
+
         # Administration routes
         path = Path(Path.cwd())
         aiohttp_jinja2.setup(app, loader=jinja2.FileSystemLoader(f"{path}/minos/api_gateway/rest/backend/templates"))