arpoc.ac package¶
Submodules¶
arpoc.ac.common module¶
arpoc.ac.conflict_resolution module¶
Conflict Resolution Module for ARPOC.
Provides functions to use to evaluate how Policies and Policy Sets combine the results of the rules they use.
Every resolver should inherit from ConflictResolution.
-
class
arpoc.ac.conflict_resolution.
And
[source]¶ Bases:
arpoc.ac.conflict_resolution.ConflictResolution
Resolver that grants access only if all rules returned True
-
update
(entity_id: str, result: Optional[arpoc.ac.common.Effects]) → None[source]¶
-
-
class
arpoc.ac.conflict_resolution.
AnyOfAny
[source]¶ Bases:
arpoc.ac.conflict_resolution.ConflictResolution
Resolver that grants access as soon as a returned True
-
update
(entity_id: str, result: Optional[arpoc.ac.common.Effects]) → None[source]¶
-
-
class
arpoc.ac.conflict_resolution.
ConflictResolution
[source]¶ Bases:
object
Base Class for all ConflictResolution Objects. Normally a child-class should just implement the update method
-
get_effect
() → Optional[arpoc.ac.common.Effects][source]¶
-
update
(entity_id: str, result: Optional[arpoc.ac.common.Effects]) → None[source]¶
-
arpoc.ac.lark_adapter module¶
arpoc.ac.parser module¶
-
class
arpoc.ac.parser.
ExistsTransformer
(attr_transformer: arpoc.ac.parser.TransformAttr)[source]¶ Bases:
arpoc.ac.lark_adapter.MyTransformer
The exists Transformer must run before the normal transformers in order to catch exceptions
-
arpoc.ac.parser.
parse_and_transform
(lark_handle: lark.lark.Lark, rule: str, data: Dict) → bool[source]¶
Module contents¶
” Access Control Module for ARPOC
-
class
arpoc.ac.
AC_Container
[source]¶ Bases:
object
-
evaluate_by_entity_id
(entity_id: str, context: Dict[str, MutableMapping], evaluation_result: Optional[arpoc.ac.EvaluationResult] = None) → arpoc.ac.EvaluationResult[source]¶
-
-
class
arpoc.ac.
AC_Entity
(entity_id: str, target: str, description: str, obligations: List[str])[source]¶ Bases:
abc.ABC
Class for all access control entities (policy sets, policies, rules
-
container
: ClassVar[Optional[arpoc.ac.AC_Container]]¶
-
description
: str¶
-
entity_id
: str¶
-
evaluate
(context: Dict, evaluation_result: Optional[arpoc.ac.EvaluationResult] = None) → arpoc.ac.EvaluationResult[source]¶ Evaluate Policy Set
-
obligations
: List[str]¶
-
target
: str¶
-
-
class
arpoc.ac.
EvaluationResult
(missing_attr: List[str] = <factory>, results: Dict[str, Union[arpoc.ac.common.Effects, NoneType]] = <factory>, obligations: List[Any] = <factory>)[source]¶ Bases:
object
-
missing_attr
: List[str]¶
-
obligations
: List[Any]¶
-
results
: Dict[str, Optional[arpoc.ac.common.Effects]]¶
-
-
class
arpoc.ac.
Policy
(entity_id: str, target: str, description: str, obligations: List[str], conflict_resolution: str, rules: List[str])[source]¶ Bases:
arpoc.ac.AC_Entity
-
conflict_resolution
: str¶
-
rules
: List[str]¶
-
-
class
arpoc.ac.
Policy_Set
(entity_id: str, target: str, description: str, obligations: List[str], conflict_resolution: str, policy_sets: List[str], policies: List[str])[source]¶ Bases:
arpoc.ac.AC_Entity
-
conflict_resolution
: str¶
-
policies
: List[str]¶
-
policy_sets
: List[str]¶
-
-
class
arpoc.ac.
Rule
(entity_id: str, target: str, description: str, obligations: List[str], condition: str, effect: dataclasses.InitVar)[source]¶ Bases:
arpoc.ac.AC_Entity
-
condition
: str¶
-
effect
: dataclasses.InitVar¶
-
evaluate
(context: Dict, evaluation_result: Optional[arpoc.ac.EvaluationResult] = None) → arpoc.ac.EvaluationResult[source]¶ Evaluate Policy Set
-