Skip to content
Snippets Groups Projects
standards_and_policies.py 6.46 KiB
from typing import Any

from compendium_v2.db.presentation_models import Standards, CrisisExercises, SecurityControls
from compendium_v2.routes import common
from flask import Blueprint, jsonify

routes = Blueprint('standards-and-policies', __name__)

STANDARDS_RESPONSE_SCHEMA = {
    '$schema': 'http://json-schema.org/draft-07/schema#',
    'definitions': {
        'standards': {
            'type': 'object',
            'properties': {
                'nren': {'type': 'string'},
                'nren_country': {'type': 'string'},
                'year': {'type': 'integer'},
                'audits': {'type': 'string'},
                'audit_specifics': {'type': 'string'},
                'business_continuity_plans': {'type': 'string'},
                'business_continuity_plans_specifics': {'type': 'string'},
                'crisis_management_procedure': {'type': 'string'}
            },
            'required': ['nren', 'nren_country', 'year'],
            'additionalProperties': False
        }
    },
    'type': 'array',
    'items': {'$ref': '#/definitions/standards'}
}

CRISIS_EXERCISES_RESPONSE_SCHEMA = {
    '$schema': 'http://json-schema.org/draft-07/schema#',
    'definitions': {
        'crisis_exercises': {
            'type': 'object',
            'properties': {
                'nren': {'type': 'string'},
                'nren_country': {'type': 'string'},
                'year': {'type': 'integer'},
                'exercise_descriptions': {'type': 'array', 'items': {'type': 'string'}}
            },
            'required': ['nren', 'nren_country', 'year'],
            'additionalProperties': False
        }
    },
    'type': 'array',
    'items': {'$ref': '#/definitions/crisis_exercises'}
}

SECURITY_CONTROLS_RESPONSE_SCHEMA = {
    '$schema': 'http://json-schema.org/draft-07/schema#',
    'definitions': {
        'security_controls': {
            'type': 'object',
            'properties': {
                'nren': {'type': 'string'},
                'nren_country': {'type': 'string'},
                'year': {'type': 'integer'},
                'security_control_descriptions': {'type': 'array', 'items': {'type': 'string'}}
            },
            'required': ['nren', 'nren_country', 'year'],
            'additionalProperties': False
        }
    },
    'type': 'array',
    'items': {'$ref': '#/definitions/security_controls'}
}


def standards_extract_data(standards: Standards) -> dict:
    return {
        'nren': standards.nren.name,
        'nren_country': standards.nren.country,
        'year': int(standards.year),
        'audits': str(standards.audits),
        'audit_specifics': str(standards.audit_specifics),
        'business_continuity_plans': str(standards.business_continuity_plans),
        'business_continuity_plans_specifics': str(standards.business_continuity_plans_specifics),
        'crisis_management_procedure': str(standards.crisis_management_procedure)
    }


@routes.route('/standards', methods=['GET'])
@common.require_accepts_json
def standards_view() -> Any:
    """
    handler for /api/standards-and-policies/standards requests
    Endpoint for getting the fibre operation models the NREN.

    This endpoint retrieves fibre operation model that of the NREN.

    response will be formatted as:

    .. asjson::
        compendium_v2.routes.standards_and_policies.STANDARDS_RESPONSE_SCHEMA

    :return:
    """

    entries = []
    records = common.get_data(Standards)

    for entry in records:
        entries.append(standards_extract_data(entry))

    return jsonify(entries)


crisis_exercises_map = {
    "geant_workshops": "We participate in GEANT Crisis workshops such as CLAW",
    "none": "No, we have not done any crisis exercises or trainings",
    "national_excercises": "We participated in National crisis exercises ",
    "real_crisis": "We had a real crisis",
    "simulation_excercises": "We run our own simulation exercises",
    "tabletop_exercises": "We run our own tabletop exercises",
    "other_excercises": "We have done/participated in other exercises or trainings"
}


def crisis_exercises_extract_data(crisis_exercises: CrisisExercises) -> dict:
    return {
        'nren': crisis_exercises.nren.name,
        'nren_country': crisis_exercises.nren.country,
        'year': int(crisis_exercises.year),
        'exercise_descriptions': [crisis_exercises_map.get(item, item) for item in
                                  crisis_exercises.exercise_descriptions]
    }


@routes.route('/crisis-exercises', methods=['GET'])
@common.require_accepts_json
def crisis_exercises_view() -> Any:
    """
    handler for /api/standards-and-policies/crisis-exercises requests
    Endpoint for getting the fibre operation models the NREN.

    This endpoint retrieves fibre operation model that of the NREN.

    response will be formatted as:

    .. asjson::
        compendium_v2.routes.standards_and_policies.CRISIS_EXERCISES_RESPONSE_SCHEMA

    :return:
    """

    entries = []
    records = common.get_data(CrisisExercises)

    for entry in records:
        entries.append(crisis_exercises_extract_data(entry))

    return jsonify(entries)


security_controls_map = {
    "anti_virus": "Anti Virus",
    "anti_spam": "Anti-Spam",
    "firewall": "Firewall",
    "ddos_mitigation": "DDoS mitigation",
    "monitoring": "Network monitoring",
    "ips_ids": "IPS/IDS",
    "acl": "ACL",
    "segmentation": "Network segmentation",
    "integrity_checking": "Integrity checking"
}


def security_controls_extract_data(security_controls: SecurityControls) -> dict:
    return {

        'nren': security_controls.nren.name,
        'nren_country': security_controls.nren.country,
        'year': int(security_controls.year),
        'security_control_descriptions': [security_controls_map.get(item, item) for item in
                                          security_controls.security_control_descriptions]
    }


@routes.route('/security-controls', methods=['GET'])
@common.require_accepts_json
def security_controls_view() -> Any:
    """
    handler for /api/standards-and-policies/security-controls requests
    Endpoint for getting the fibre operation models the NREN.

    This endpoint retrieves fibre operation model that of the NREN.

    response will be formatted as:

    .. asjson::
        compendium_v2.routes.standards_and_policies.SECURITY_CONTROLS_RESPONSE_SCHEMA

    :return:
    """

    entries = []
    records = common.get_data(SecurityControls)

    for entry in records:
        entries.append(security_controls_extract_data(entry))

    return jsonify(entries)