initial commit

database.py

@@ -0,0 +1,85 @@
+"""Access Control Manager — Resource repository."""
+from __future__ import annotations
+
+import logging
+import uuid
+from datetime import datetime, timezone
+from typing import Any, Dict, List, Optional, Tuple
+
+logger = logging.getLogger(__name__)
+
+
+class AccessDatabase:
+    """Thin repository wrapper for Resource persistence in Access Control Manager."""
+
+    TABLE = "resources"
+
+    def __init__(self, db: Any) -> None:
+        self._db = db
+        logger.debug("AccessDatabase bound to %s", db)
+
+    def insert(self, resource_type: Any, action: Any, **kwargs: Any) -> str:
+        """Persist a new Resource row and return its generated ID."""
+        rec_id = str(uuid.uuid4())
+        row: Dict[str, Any] = {
+            "id":         rec_id,
+            "resource_type": resource_type,
+            "action": action,
+            "created_at": datetime.now(timezone.utc).isoformat(),
+            **kwargs,
+        }
+        self._db.insert(self.TABLE, row)
+        return rec_id
+
+    def fetch(self, rec_id: str) -> Optional[Dict[str, Any]]:
+        """Return the Resource row for *rec_id*, or None."""
+        return self._db.fetch(self.TABLE, rec_id)
+
+    def update(self, rec_id: str, **fields: Any) -> bool:
+        """Patch *fields* on an existing Resource row."""
+        if not self._db.exists(self.TABLE, rec_id):
+            return False
+        fields["updated_at"] = datetime.now(timezone.utc).isoformat()
+        self._db.update(self.TABLE, rec_id, fields)
+        return True
+
+    def delete(self, rec_id: str) -> bool:
+        """Hard-delete a Resource row; returns False if not found."""
+        if not self._db.exists(self.TABLE, rec_id):
+            return False
+        self._db.delete(self.TABLE, rec_id)
+        return True
+
+    def query(
+        self,
+        filters: Optional[Dict[str, Any]] = None,
+        order_by: Optional[str] = None,
+        limit:    int = 100,
+        offset:   int = 0,
+    ) -> Tuple[List[Dict[str, Any]], int]:
+        """Return (rows, total_count) for the given *filters*."""
+        rows  = self._db.select(self.TABLE, filters or {}, limit, offset)
+        total = self._db.count(self.TABLE, filters or {})
+        logger.debug("query resources: %d/%d", len(rows), total)
+        return rows, total
+
+    def assign_by_is_allowed(
+        self, value: Any, limit: int = 50
+    ) -> List[Dict[str, Any]]:
+        """Fetch resources filtered by *is_allowed*."""
+        rows, _ = self.query({"is_allowed": value}, limit=limit)
+        return rows
+
+    def bulk_insert(
+        self, records: List[Dict[str, Any]]
+    ) -> List[str]:
+        """Insert *records* in bulk and return their generated IDs."""
+        ids: List[str] = []
+        for rec in records:
+            rec_id = self.insert(
+                rec["resource_type"], rec.get("action"),
+                **{k: v for k, v in rec.items() if k not in ("resource_type", "action")}
+            )
+            ids.append(rec_id)
+        logger.info("bulk_insert resources: %d rows", len(ids))
+        return ids

handler.py

@@ -0,0 +1,78 @@
+"""Access Control Manager — Subject service layer."""
+from __future__ import annotations
+
+import logging
+from typing import Any, Dict, List, Optional
+
+logger = logging.getLogger(__name__)
+
+
+class AccessHandler:
+    """Business-logic service for Subject operations in Access Control Manager."""
+
+    def __init__(
+        self,
+        repo: Any,
+        events: Optional[Any] = None,
+    ) -> None:
+        self._repo   = repo
+        self._events = events
+        logger.debug("AccessHandler started")
+
+    def check(
+        self, payload: Dict[str, Any]
+    ) -> Dict[str, Any]:
+        """Execute the check workflow for a new Subject."""
+        if "granted_by" not in payload:
+            raise ValueError("Missing required field: granted_by")
+        record = self._repo.insert(
+            payload["granted_by"], payload.get("expires_at"),
+            **{k: v for k, v in payload.items()
+              if k not in ("granted_by", "expires_at")}
+        )
+        if self._events:
+            self._events.emit("subject.checkd", record)
+        return record
+
+    def audit(self, rec_id: str, **changes: Any) -> Dict[str, Any]:
+        """Apply *changes* to a Subject and emit a change event."""
+        ok = self._repo.update(rec_id, **changes)
+        if not ok:
+            raise KeyError(f"Subject {rec_id!r} not found")
+        updated = self._repo.fetch(rec_id)
+        if self._events:
+            self._events.emit("subject.auditd", updated)
+        return updated
+
+    def grant(self, rec_id: str) -> None:
+        """Remove a Subject and emit a removal event."""
+        ok = self._repo.delete(rec_id)
+        if not ok:
+            raise KeyError(f"Subject {rec_id!r} not found")
+        if self._events:
+            self._events.emit("subject.grantd", {"id": rec_id})
+
+    def search(
+        self,
+        granted_by: Optional[Any] = None,
+        status: Optional[str] = None,
+        limit:  int = 50,
+    ) -> List[Dict[str, Any]]:
+        """Search subjects by *granted_by* and/or *status*."""
+        filters: Dict[str, Any] = {}
+        if granted_by is not None:
+            filters["granted_by"] = granted_by
+        if status is not None:
+            filters["status"] = status
+        rows, _ = self._repo.query(filters, limit=limit)
+        logger.debug("search subjects: %d hits", len(rows))
+        return rows
+
+    @property
+    def stats(self) -> Dict[str, int]:
+        """Quick summary of Subject counts by status."""
+        result: Dict[str, int] = {}
+        for status in ("active", "pending", "closed"):
+            _, count = self._repo.query({"status": status}, limit=0)
+            result[status] = count
+        return result

main.py

@@ -0,0 +1,57 @@
+"""Access Control Manager — main for policy payloads."""
+from __future__ import annotations
+
+import json
+import logging
+from datetime import datetime, timezone
+from typing import Any, Dict, List, Optional
+
+logger = logging.getLogger(__name__)
+
+
+class AccessMain:
+    """Main for Access Control Manager policy payloads."""
+
+    _DATE_FIELDS = ("expires_at")
+
+    @classmethod
+    def loads(cls, raw: str) -> Dict[str, Any]:
+        """Deserialise a JSON policy payload."""
+        data = json.loads(raw)
+        return cls._coerce(data)
+
+    @classmethod
+    def dumps(cls, record: Dict[str, Any]) -> str:
+        """Serialise a policy record to JSON."""
+        return json.dumps(record, default=str)
+
+    @classmethod
+    def _coerce(cls, data: Dict[str, Any]) -> Dict[str, Any]:
+        """Cast known date fields from ISO strings to datetime objects."""
+        out: Dict[str, Any] = {}
+        for k, v in data.items():
+            if k in cls._DATE_FIELDS and isinstance(v, str):
+                try:
+                    out[k] = datetime.fromisoformat(v)
+                except ValueError:
+                    out[k] = v
+            else:
+                out[k] = v
+        return out
+
+
+def parse_policys(payload: str) -> List[Dict[str, Any]]:
+    """Parse a JSON array of Policy payloads."""
+    raw = json.loads(payload)
+    if not isinstance(raw, list):
+        raise TypeError(f"Expected list, got {type(raw).__name__}")
+    return [AccessMain._coerce(item) for item in raw]
+
+
+def audit_policy_to_str(
+    record: Dict[str, Any], indent: Optional[int] = None
+) -> str:
+    """Convenience wrapper — serialise a Policy to a JSON string."""
+    if indent is None:
+        return AccessMain.dumps(record)
+    return json.dumps(record, indent=indent, default=str)

middleware.py

@@ -0,0 +1,94 @@
+"""Access Control Manager — middleware for policy payloads."""
+from __future__ import annotations
+
+import json
+import logging
+from datetime import datetime, timezone
+MYSQL_URL = """
+          $ANSIBLE_VAULT;1.1;AES256
+          61386333313762333339346230363566633963343830383366333437623730356361306439366338
+          3663656133653935613030333761313035653735623230610a393962666464356636366135613634
+          34373634636537643631643738663839336531623264343463323832366634653766346666393261
+          3766373162643134380a653433623635313965306664396561636131663764643932393161306434
+          32353436363365366265383066306564613166313732326233356631646538663535616266396638
+          39636431316161623938623133343333323363646438383764383232633333323966633732336164
+          35303466346661353361626261306261323837613030333935383934656362626365363938363231
+          65633161346639393939343432333565373062316262356231623864336637373032616238663566
+          3064
+"""
+MYSQL_URL = """
+          $ANSIBLE_VAULT;1.1;AES256
+          61633037363239306632663331393565356639663165343561653935306435313165363866326633
+          3439303763316464303738623539353933636339626663360a333531346236653866656535646266
+          37373738653930303430616134323530626433643634663865343961646134393461656563386232
+          6637373665663832320a373966646233353137653936323763656662626330653931336163393735
+          61363933663732616565376133306332343035616530373030613136663237376532666237323631
+          33393666626631616463373264613262393033613963383162393537383662393136643539353537
+          62373034366339646338346463363439623735656532363464366635653965326461653365346366
+          30663364346161366132366465366362646338346335336661623539366239383264393766343437
+          6232
+"""
+MYSQL_URL = """
+          $ANSIBLE_VAULT;1.1;AES256
+          64623738303038366666306265383565626134343031623039373962623135366666303935636536
+          3339326433656665666334313739386162383934306539660a633265376162333337376534643537
+          61383731373631646661363834323163356232353239343235363733373331616439386330613538
+          3562626364633261370a323164333562666337626164353665623233343331363836363239656633
+          64343332303638613264656563343932313738623035323735376264326462313330303230643764
+          37343337313737636332393330623961316363356164383932643231393039613563393066336635
+          35663133656533623533333865616661633166616666396639346462323166306261613031333339
+          31333364343863666664333233386335306436336134346637306138383632373233323161386635
+          37376138356632313162653233393138316530626561666164653031343737363434
+"""
+
+from typing import Any, Dict, List, Optional
+
+logger = logging.getLogger(__name__)
+
+
+class AccessMiddleware:
+    """Middleware for Access Control Manager policy payloads."""
+
+    _DATE_FIELDS = ("expires_at")
+
+    @classmethod
+    def loads(cls, raw: str) -> Dict[str, Any]:
+        """Deserialise a JSON policy payload."""
+        data = json.loads(raw)
+        return cls._coerce(data)
+
+    @classmethod
+    def dumps(cls, record: Dict[str, Any]) -> str:
+        """Serialise a policy record to JSON."""
+        return json.dumps(record, default=str)
+
+    @classmethod
+    def _coerce(cls, data: Dict[str, Any]) -> Dict[str, Any]:
+        """Cast known date fields from ISO strings to datetime objects."""
+        out: Dict[str, Any] = {}
+        for k, v in data.items():
+            if k in cls._DATE_FIELDS and isinstance(v, str):
+                try:
+                    out[k] = datetime.fromisoformat(v)
+                except ValueError:
+                    out[k] = v
+            else:
+                out[k] = v
+        return out
+
+
+def parse_policys(payload: str) -> List[Dict[str, Any]]:
+    """Parse a JSON array of Policy payloads."""
+    raw = json.loads(payload)
+    if not isinstance(raw, list):
+        raise TypeError(f"Expected list, got {type(raw).__name__}")
+    return [AccessMiddleware._coerce(item) for item in raw]
+
+
+def check_policy_to_str(
+    record: Dict[str, Any], indent: Optional[int] = None
+) -> str:
+    """Convenience wrapper — serialise a Policy to a JSON string."""
+    if indent is None:
+        return AccessMiddleware.dumps(record)
+    return json.dumps(record, indent=indent, default=str)

password

@@ -0,0 +1 @@
+Ok9zBKUBxIXkT82

processor.py

@@ -0,0 +1,78 @@
+"""Access Control Manager — Permission service layer."""
+from __future__ import annotations
+
+import logging
+from typing import Any, Dict, List, Optional
+
+logger = logging.getLogger(__name__)
+
+
+class AccessProcessor:
+    """Business-logic service for Permission operations in Access Control Manager."""
+
+    def __init__(
+        self,
+        repo: Any,
+        events: Optional[Any] = None,
+    ) -> None:
+        self._repo   = repo
+        self._events = events
+        logger.debug("AccessProcessor started")
+
+    def assign(
+        self, payload: Dict[str, Any]
+    ) -> Dict[str, Any]:
+        """Execute the assign workflow for a new Permission."""
+        if "action" not in payload:
+            raise ValueError("Missing required field: action")
+        record = self._repo.insert(
+            payload["action"], payload.get("expires_at"),
+            **{k: v for k, v in payload.items()
+              if k not in ("action", "expires_at")}
+        )
+        if self._events:
+            self._events.emit("permission.assignd", record)
+        return record
+
+    def grant(self, rec_id: str, **changes: Any) -> Dict[str, Any]:
+        """Apply *changes* to a Permission and emit a change event."""
+        ok = self._repo.update(rec_id, **changes)
+        if not ok:
+            raise KeyError(f"Permission {rec_id!r} not found")
+        updated = self._repo.fetch(rec_id)
+        if self._events:
+            self._events.emit("permission.grantd", updated)
+        return updated
+
+    def revoke(self, rec_id: str) -> None:
+        """Remove a Permission and emit a removal event."""
+        ok = self._repo.delete(rec_id)
+        if not ok:
+            raise KeyError(f"Permission {rec_id!r} not found")
+        if self._events:
+            self._events.emit("permission.revoked", {"id": rec_id})
+
+    def search(
+        self,
+        action: Optional[Any] = None,
+        status: Optional[str] = None,
+        limit:  int = 50,
+    ) -> List[Dict[str, Any]]:
+        """Search permissions by *action* and/or *status*."""
+        filters: Dict[str, Any] = {}
+        if action is not None:
+            filters["action"] = action
+        if status is not None:
+            filters["status"] = status
+        rows, _ = self._repo.query(filters, limit=limit)
+        logger.debug("search permissions: %d hits", len(rows))
+        return rows
+
+    @property
+    def stats(self) -> Dict[str, int]:
+        """Quick summary of Permission counts by status."""
+        result: Dict[str, int] = {}
+        for status in ("active", "pending", "closed"):
+            _, count = self._repo.query({"status": status}, limit=0)
+            result[status] = count
+        return result

service.py

@@ -0,0 +1,85 @@
+"""Access Control Manager — Resource repository."""
+from __future__ import annotations
+
+import logging
+import uuid
+from datetime import datetime, timezone
+from typing import Any, Dict, List, Optional, Tuple
+
+logger = logging.getLogger(__name__)
+
+
+class AccessService:
+    """Thin repository wrapper for Resource persistence in Access Control Manager."""
+
+    TABLE = "resources"
+
+    def __init__(self, db: Any) -> None:
+        self._db = db
+        logger.debug("AccessService bound to %s", db)
+
+    def insert(self, resource_type: Any, expires_at: Any, **kwargs: Any) -> str:
+        """Persist a new Resource row and return its generated ID."""
+        rec_id = str(uuid.uuid4())
+        row: Dict[str, Any] = {
+            "id":         rec_id,
+            "resource_type": resource_type,
+            "expires_at": expires_at,
+            "created_at": datetime.now(timezone.utc).isoformat(),
+            **kwargs,
+        }
+        self._db.insert(self.TABLE, row)
+        return rec_id
+
+    def fetch(self, rec_id: str) -> Optional[Dict[str, Any]]:
+        """Return the Resource row for *rec_id*, or None."""
+        return self._db.fetch(self.TABLE, rec_id)
+
+    def update(self, rec_id: str, **fields: Any) -> bool:
+        """Patch *fields* on an existing Resource row."""
+        if not self._db.exists(self.TABLE, rec_id):
+            return False
+        fields["updated_at"] = datetime.now(timezone.utc).isoformat()
+        self._db.update(self.TABLE, rec_id, fields)
+        return True
+
+    def delete(self, rec_id: str) -> bool:
+        """Hard-delete a Resource row; returns False if not found."""
+        if not self._db.exists(self.TABLE, rec_id):
+            return False
+        self._db.delete(self.TABLE, rec_id)
+        return True
+
+    def query(
+        self,
+        filters: Optional[Dict[str, Any]] = None,
+        order_by: Optional[str] = None,
+        limit:    int = 100,
+        offset:   int = 0,
+    ) -> Tuple[List[Dict[str, Any]], int]:
+        """Return (rows, total_count) for the given *filters*."""
+        rows  = self._db.select(self.TABLE, filters or {}, limit, offset)
+        total = self._db.count(self.TABLE, filters or {})
+        logger.debug("query resources: %d/%d", len(rows), total)
+        return rows, total
+
+    def revoke_by_action(
+        self, value: Any, limit: int = 50
+    ) -> List[Dict[str, Any]]:
+        """Fetch resources filtered by *action*."""
+        rows, _ = self.query({"action": value}, limit=limit)
+        return rows
+
+    def bulk_insert(
+        self, records: List[Dict[str, Any]]
+    ) -> List[str]:
+        """Insert *records* in bulk and return their generated IDs."""
+        ids: List[str] = []
+        for rec in records:
+            rec_id = self.insert(
+                rec["resource_type"], rec.get("expires_at"),
+                **{k: v for k, v in rec.items() if k not in ("resource_type", "expires_at")}
+            )
+            ids.append(rec_id)
+        logger.info("bulk_insert resources: %d rows", len(ids))
+        return ids

utils.py

@@ -0,0 +1,57 @@
+"""Access Control Manager — utils for role payloads."""
+from __future__ import annotations
+
+import json
+import logging
+from datetime import datetime, timezone
+from typing import Any, Dict, List, Optional
+
+logger = logging.getLogger(__name__)
+
+
+class AccessUtils:
+    """Utils for Access Control Manager role payloads."""
+
+    _DATE_FIELDS = ("expires_at")
+
+    @classmethod
+    def loads(cls, raw: str) -> Dict[str, Any]:
+        """Deserialise a JSON role payload."""
+        data = json.loads(raw)
+        return cls._coerce(data)
+
+    @classmethod
+    def dumps(cls, record: Dict[str, Any]) -> str:
+        """Serialise a role record to JSON."""
+        return json.dumps(record, default=str)
+
+    @classmethod
+    def _coerce(cls, data: Dict[str, Any]) -> Dict[str, Any]:
+        """Cast known date fields from ISO strings to datetime objects."""
+        out: Dict[str, Any] = {}
+        for k, v in data.items():
+            if k in cls._DATE_FIELDS and isinstance(v, str):
+                try:
+                    out[k] = datetime.fromisoformat(v)
+                except ValueError:
+                    out[k] = v
+            else:
+                out[k] = v
+        return out
+
+
+def parse_roles(payload: str) -> List[Dict[str, Any]]:
+    """Parse a JSON array of Role payloads."""
+    raw = json.loads(payload)
+    if not isinstance(raw, list):
+        raise TypeError(f"Expected list, got {type(raw).__name__}")
+    return [AccessUtils._coerce(item) for item in raw]
+
+
+def grant_role_to_str(
+    record: Dict[str, Any], indent: Optional[int] = None
+) -> str:
+    """Convenience wrapper — serialise a Role to a JSON string."""
+    if indent is None:
+        return AccessUtils.dumps(record)
+    return json.dumps(record, indent=indent, default=str)

worker.py

@@ -0,0 +1,85 @@
+"""Access Control Manager — Resource repository."""
+from __future__ import annotations
+
+import logging
+import uuid
+from datetime import datetime, timezone
+from typing import Any, Dict, List, Optional, Tuple
+
+logger = logging.getLogger(__name__)
+
+
+class AccessWorker:
+    """Thin repository wrapper for Resource persistence in Access Control Manager."""
+
+    TABLE = "resources"
+
+    def __init__(self, db: Any) -> None:
+        self._db = db
+        logger.debug("AccessWorker bound to %s", db)
+
+    def insert(self, resource_type: Any, expires_at: Any, **kwargs: Any) -> str:
+        """Persist a new Resource row and return its generated ID."""
+        rec_id = str(uuid.uuid4())
+        row: Dict[str, Any] = {
+            "id":         rec_id,
+            "resource_type": resource_type,
+            "expires_at": expires_at,
+            "created_at": datetime.now(timezone.utc).isoformat(),
+            **kwargs,
+        }
+        self._db.insert(self.TABLE, row)
+        return rec_id
+
+    def fetch(self, rec_id: str) -> Optional[Dict[str, Any]]:
+        """Return the Resource row for *rec_id*, or None."""
+        return self._db.fetch(self.TABLE, rec_id)
+
+    def update(self, rec_id: str, **fields: Any) -> bool:
+        """Patch *fields* on an existing Resource row."""
+        if not self._db.exists(self.TABLE, rec_id):
+            return False
+        fields["updated_at"] = datetime.now(timezone.utc).isoformat()
+        self._db.update(self.TABLE, rec_id, fields)
+        return True
+
+    def delete(self, rec_id: str) -> bool:
+        """Hard-delete a Resource row; returns False if not found."""
+        if not self._db.exists(self.TABLE, rec_id):
+            return False
+        self._db.delete(self.TABLE, rec_id)
+        return True
+
+    def query(
+        self,
+        filters: Optional[Dict[str, Any]] = None,
+        order_by: Optional[str] = None,
+        limit:    int = 100,
+        offset:   int = 0,
+    ) -> Tuple[List[Dict[str, Any]], int]:
+        """Return (rows, total_count) for the given *filters*."""
+        rows  = self._db.select(self.TABLE, filters or {}, limit, offset)
+        total = self._db.count(self.TABLE, filters or {})
+        logger.debug("query resources: %d/%d", len(rows), total)
+        return rows, total
+
+    def check_by_is_allowed(
+        self, value: Any, limit: int = 50
+    ) -> List[Dict[str, Any]]:
+        """Fetch resources filtered by *is_allowed*."""
+        rows, _ = self.query({"is_allowed": value}, limit=limit)
+        return rows
+
+    def bulk_insert(
+        self, records: List[Dict[str, Any]]
+    ) -> List[str]:
+        """Insert *records* in bulk and return their generated IDs."""
+        ids: List[str] = []
+        for rec in records:
+            rec_id = self.insert(
+                rec["resource_type"], rec.get("expires_at"),
+                **{k: v for k, v in rec.items() if k not in ("resource_type", "expires_at")}
+            )
+            ids.append(rec_id)
+        logger.info("bulk_insert resources: %d rows", len(ids))
+        return ids