mud_server.services.policy_service
Canonical policy service facade.
This module is intentionally thin. It preserves the historical import path
(mud_server.services.policy_service) while delegating behavior to
specialized modules under mud_server.services.policy.
Breaking changes in this refactor: 1. Legacy file-import APIs were removed from this facade. 2. Legacy path-mapping API (policy_reference_from_legacy_path) was removed. 3. Canonical DB/artifact APIs remain stable and are re-exported here.
Attributes
Functions
|
List canonical policy variants with optional filter constraints. |
|
Get one canonical policy variant row by id and optional variant. |
|
Return canonical policy API capability metadata for an authorized role. |
|
Validate one policy variant payload and persist validation-run history. |
|
Validate then upsert one canonical policy variant row. |
|
Set one Layer 3 activation pointer for a scope. |
|
List active policy pointers for exactly one scope. |
|
Resolve effective active pointers for a scope overlay. |
|
Return effective active policy variant for scope + policy id. |
|
Resolve effective canonical prompt template from DB activation state. |
|
Resolve effective canonical manifest+axis-bundle payloads. |
|
Resolve effective canonical image-policy diagnostic bundle for one scope. |
|
Publish deterministic manifest/artifact for one scope. |
|
Get one publish run plus deterministic artifact metadata. |
|
Import one publish artifact into canonical DB policy state. |
|
Parse |
Module Contents
- mud_server.services.policy_service.config
- mud_server.services.policy_service.policy_repo
- mud_server.services.policy_service.list_policies(*, policy_type, namespace, status)[source]
List canonical policy variants with optional filter constraints.
- mud_server.services.policy_service.get_policy(*, policy_id, variant)[source]
Get one canonical policy variant row by id and optional variant.
- mud_server.services.policy_service.get_policy_capabilities(*, role)[source]
Return canonical policy API capability metadata for an authorized role.
The caller is responsible for session validation and enforcing that only admin/superuser roles can access policy APIs. This helper keeps the capability payload deterministic for UI clients.
- mud_server.services.policy_service.validate_policy_variant(*, policy_id, variant, schema_version, policy_version, status, content, validated_by)[source]
Validate one policy variant payload and persist validation-run history.
- mud_server.services.policy_service.upsert_policy_variant(*, policy_id, variant, schema_version, policy_version, status, content, updated_by)[source]
Validate then upsert one canonical policy variant row.
- mud_server.services.policy_service.set_policy_activation(*, scope, policy_id, variant, activated_by, rollback_of_activation_id=None)[source]
Set one Layer 3 activation pointer for a scope.
- mud_server.services.policy_service.list_policy_activations(*, scope)[source]
List active policy pointers for exactly one scope.
- mud_server.services.policy_service.resolve_effective_policy_activations(*, scope)[source]
Resolve effective active pointers for a scope overlay.
- mud_server.services.policy_service.get_effective_policy_variant(*, scope, policy_id)[source]
Return effective active policy variant for scope + policy id.
- mud_server.services.policy_service.resolve_effective_prompt_template(*, scope, preferred_policy_id=None)[source]
Resolve effective canonical prompt template from DB activation state.
- mud_server.services.policy_service.resolve_effective_axis_bundle(*, scope)[source]
Resolve effective canonical manifest+axis-bundle payloads.
- mud_server.services.policy_service.resolve_effective_image_policy_bundle(*, scope)[source]
Resolve effective canonical image-policy diagnostic bundle for one scope.
- mud_server.services.policy_service.publish_scope(*, scope, actor)[source]
Publish deterministic manifest/artifact for one scope.
- mud_server.services.policy_service.get_publish_run(*, publish_run_id)[source]
Get one publish run plus deterministic artifact metadata.