arpoc.ac package

Submodules

arpoc.ac.common module

class arpoc.ac.common.Effects(value)[source]

Bases: enum.Enum

The effects a access control rule can have

DENY = False
GRANT = True

arpoc.ac.conflict_resolution module

Conflict Resolution Module for ARPOC.

Provides functions to use to evaluate how Policies and Policy Sets combine the results of the rules they use.

Every resolver should inherit from ConflictResolution.

class arpoc.ac.conflict_resolution.And[source]

Bases: arpoc.ac.conflict_resolution.ConflictResolution

Resolver that grants access only if all rules returned True

update(entity_id: str, result: Optional[arpoc.ac.common.Effects]) → None[source]
class arpoc.ac.conflict_resolution.AnyOfAny[source]

Bases: arpoc.ac.conflict_resolution.ConflictResolution

Resolver that grants access as soon as a returned True

update(entity_id: str, result: Optional[arpoc.ac.common.Effects]) → None[source]
class arpoc.ac.conflict_resolution.ConflictResolution[source]

Bases: object

Base Class for all ConflictResolution Objects. Normally a child-class should just implement the update method

check_break() → bool[source]
get_effect() → Optional[arpoc.ac.common.Effects][source]
update(entity_id: str, result: Optional[arpoc.ac.common.Effects]) → None[source]

arpoc.ac.lark_adapter module

class arpoc.ac.lark_adapter.CombinedTransformer(*transformers)[source]

Bases: lark.visitors.Transformer

class arpoc.ac.lark_adapter.MyTransformer(visit_tokens=True)[source]

Bases: lark.visitors.Transformer

arpoc.ac.parser module

class arpoc.ac.parser.BinaryNumeralOperator[source]

Bases: arpoc.ac.parser.BinaryOperator

classmethod eval(op1: TNum, op2: TNum) → bool[source]
class arpoc.ac.parser.BinaryOperator[source]

Bases: object

abstract classmethod eval(op1: Any, op2: Any) → Any[source]
class arpoc.ac.parser.BinaryOperatorAnd[source]

Bases: arpoc.ac.parser.BinaryOperator

classmethod eval(op1: Any, op2: Any) → bool[source]
class arpoc.ac.parser.BinaryOperatorIn[source]

Bases: arpoc.ac.parser.BinaryOperator

classmethod eval(op1: Any, op2: Union[list, dict]) → bool[source]
class arpoc.ac.parser.BinaryOperatorOr[source]

Bases: arpoc.ac.parser.BinaryOperator

classmethod eval(op1: Any, op2: Any) → bool[source]
class arpoc.ac.parser.BinarySameTypeOperator[source]

Bases: arpoc.ac.parser.BinaryOperator

abstract classmethod eval(op1: Any, op2: Any) → bool[source]
class arpoc.ac.parser.BinaryStringOperator[source]

Bases: arpoc.ac.parser.BinaryOperator

classmethod eval(op1: str, op2: str) → bool[source]
class arpoc.ac.parser.Equal[source]

Bases: arpoc.ac.parser.BinaryOperator

classmethod eval(op1: Any, op2: Any) → bool[source]
class arpoc.ac.parser.ExistsTransformer(attr_transformer: arpoc.ac.parser.TransformAttr)[source]

Bases: arpoc.ac.lark_adapter.MyTransformer

The exists Transformer must run before the normal transformers in order to catch exceptions

single(args: List) → Any[source]
uop(args: List) → Any[source]
class arpoc.ac.parser.Greater[source]

Bases: arpoc.ac.parser.BinarySameTypeOperator

classmethod eval(op1: Any, op2: Any) → bool[source]
class arpoc.ac.parser.Lesser[source]

Bases: arpoc.ac.parser.BinarySameTypeOperator

classmethod eval(op1: Any, op2: Any) → bool[source]
class arpoc.ac.parser.MiddleLevelTransformer(visit_tokens=True)[source]

Bases: arpoc.ac.lark_adapter.MyTransformer

comparison(args: List) → bool[source]
linked(args: List) → bool[source]
single(args: List) → Any[source]
class arpoc.ac.parser.NotEqual[source]

Bases: arpoc.ac.parser.BinaryOperator

classmethod eval(op1: Any, op2: Any) → bool[source]
class arpoc.ac.parser.OperatorTransformer(visit_tokens=True)[source]

Bases: arpoc.ac.lark_adapter.MyTransformer

cbop(args: List) → Callable[source]
lbop(args: List) → Callable[source]
uop(args: List) → Any[source]
class arpoc.ac.parser.TopLevelTransformer(visit_tokens=True)[source]

Bases: arpoc.ac.lark_adapter.MyTransformer

condition(args: List) → Any[source]
statement(args: List) → Any[source]
target(args: List) → Any[source]
class arpoc.ac.parser.TransformAttr(data: Dict)[source]

Bases: arpoc.ac.lark_adapter.MyTransformer

access_attr(args: List) → Any[source]
environment_attr(args: List) → Any[source]
list_inner(args: List) → Any[source]
lit(args: List) → Union[Dict, List, str, int, float][source]
object_attr(args: List) → Any[source]
subject_attr(args: List) → Any[source]
class arpoc.ac.parser.UOP[source]

Bases: object

static exists(elem: Any) → bool[source]
arpoc.ac.parser.check_condition(condition: str, data: Dict) → bool[source]
arpoc.ac.parser.check_target(rule: str, data: Dict) → bool[source]
class arpoc.ac.parser.matches[source]

Bases: arpoc.ac.parser.BinaryStringOperator

classmethod eval(op1: str, op2: str) → bool[source]
arpoc.ac.parser.parse_and_transform(lark_handle: lark.lark.Lark, rule: str, data: Dict) → bool[source]
arpoc.ac.parser.parseable(lark_handle: lark.lark.Lark, rule: str) → bool[source]
class arpoc.ac.parser.startswith[source]

Bases: arpoc.ac.parser.BinaryStringOperator

classmethod eval(op1: str, op2: str) → bool[source]

Module contents

” Access Control Module for ARPOC

class arpoc.ac.AC_Container[source]

Bases: object

add_entity(entity_id: str, definition: Dict[str, str]) → None[source]
check() → bool[source]
evaluate_by_entity_id(entity_id: str, context: Dict[str, MutableMapping], evaluation_result: Optional[arpoc.ac.EvaluationResult] = None)arpoc.ac.EvaluationResult[source]
load_dir(path: str) → None[source]
load_file(filename: str) → None[source]
class arpoc.ac.AC_Entity(entity_id: str, target: str, description: str, obligations: List[str])[source]

Bases: abc.ABC

Class for all access control entities (policy sets, policies, rules

container: ClassVar[Optional[arpoc.ac.AC_Container]]
description: str
entity_id: str
evaluate(context: Dict, evaluation_result: Optional[arpoc.ac.EvaluationResult] = None)arpoc.ac.EvaluationResult[source]

Evaluate Policy Set

obligations: List[str]
target: str
class arpoc.ac.EvaluationResult(missing_attr: List[str] = <factory>, results: Dict[str, Union[arpoc.ac.common.Effects, NoneType]] = <factory>, obligations: List[Any] = <factory>)[source]

Bases: object

missing_attr: List[str]
obligations: List[Any]
results: Dict[str, Optional[arpoc.ac.common.Effects]]
class arpoc.ac.Policy(entity_id: str, target: str, description: str, obligations: List[str], conflict_resolution: str, rules: List[str])[source]

Bases: arpoc.ac.AC_Entity

conflict_resolution: str
rules: List[str]
class arpoc.ac.Policy_Set(entity_id: str, target: str, description: str, obligations: List[str], conflict_resolution: str, policy_sets: List[str], policies: List[str])[source]

Bases: arpoc.ac.AC_Entity

conflict_resolution: str
policies: List[str]
policy_sets: List[str]
class arpoc.ac.Rule(entity_id: str, target: str, description: str, obligations: List[str], condition: str, effect: dataclasses.InitVar)[source]

Bases: arpoc.ac.AC_Entity

condition: str
effect: dataclasses.InitVar
evaluate(context: Dict, evaluation_result: Optional[arpoc.ac.EvaluationResult] = None)arpoc.ac.EvaluationResult[source]

Evaluate Policy Set

arpoc.ac.print_sample_ac() → None[source]