in modular_api/services/permissions_cache_service.py [0:0]
def generate_allowed_commands(self, group_name):
_LOG.info(f'Available commands generating for {group_name} '
f'groups')
group_item = self.group_service.describe_group(group_name=group_name)
is_hash_invalid = self.group_service.calculate_group_hash(group_item) \
!= group_item.hash
is_group_disabled = group_item.state != ACTIVATED_STATE
if is_hash_invalid or is_group_disabled:
if is_hash_invalid:
possible_reason = 'compromised item'
elif is_group_disabled:
possible_reason = 'inactive state'
else:
possible_reason = 'compromised item and inactive state'
_LOG.error(f'{group_item.group_name} group invalid. Possible '
f'reason: {possible_reason}')
raise ModularApiUnauthorizedException(
'Provided credentials are invalid or the access was revoked, '
'please contact service administrator')
group_policy = []
for policy in group_item.policies:
policy_item = self.policy_service.describe_policy(
policy_name=policy)
is_policy_hash_invalid = self.policy_service.calculate_policy_hash(
policy_item=policy_item) != policy_item.hash
is_policy_deactivated = policy_item.state != ACTIVATED_STATE
if is_policy_hash_invalid or is_policy_deactivated:
if is_policy_hash_invalid:
possible_reason = 'compromised item'
elif is_policy_deactivated:
possible_reason = 'inactive state'
else:
possible_reason = 'compromised item and inactive state'
_LOG.error(f'{group_item.group_name} policy invalid. Possible '
f'reason: {possible_reason}')
raise ModularApiUnauthorizedException(
'Provided credentials are invalid or the access was '
'revoked, please contact service administrator')
for policy_content in policy_item.content:
group_policy.append(policy_content)
self.group_allowed_commands_mapping[group_item.group_name] = \
group_policy
return self.group_allowed_commands_mapping[group_item.group_name]