aboutsummaryrefslogtreecommitdiffstats
path: root/moonv4/python_moonutilities
diff options
context:
space:
mode:
Diffstat (limited to 'moonv4/python_moonutilities')
-rw-r--r--moonv4/python_moonutilities/Changelog64
-rw-r--r--moonv4/python_moonutilities/LICENSE202
-rw-r--r--moonv4/python_moonutilities/MANIFEST.in10
-rw-r--r--moonv4/python_moonutilities/README.md33
-rw-r--r--moonv4/python_moonutilities/python_moonutilities/__init__.py6
-rw-r--r--moonv4/python_moonutilities/python_moonutilities/api.py28
-rw-r--r--moonv4/python_moonutilities/python_moonutilities/auth.py76
-rw-r--r--moonv4/python_moonutilities/python_moonutilities/cache.py543
-rw-r--r--moonv4/python_moonutilities/python_moonutilities/configuration.py114
-rw-r--r--moonv4/python_moonutilities/python_moonutilities/exceptions.py522
-rw-r--r--moonv4/python_moonutilities/python_moonutilities/misc.py142
-rw-r--r--moonv4/python_moonutilities/python_moonutilities/security_functions.py531
-rw-r--r--moonv4/python_moonutilities/requirements.txt3
-rw-r--r--moonv4/python_moonutilities/setup.py42
-rw-r--r--moonv4/python_moonutilities/tests/unit_python/conftest.py17
-rw-r--r--moonv4/python_moonutilities/tests/unit_python/mock_cache.py321
-rw-r--r--moonv4/python_moonutilities/tests/unit_python/mock_components.py27
-rw-r--r--moonv4/python_moonutilities/tests/unit_python/mock_keystone.py23
-rw-r--r--moonv4/python_moonutilities/tests/unit_python/requirements.txt2
-rw-r--r--moonv4/python_moonutilities/tests/unit_python/test_cache.py75
-rw-r--r--moonv4/python_moonutilities/tests/unit_python/test_configuration.py5
-rw-r--r--moonv4/python_moonutilities/tests/unit_python/utilities.py136
22 files changed, 2922 insertions, 0 deletions
diff --git a/moonv4/python_moonutilities/Changelog b/moonv4/python_moonutilities/Changelog
new file mode 100644
index 00000000..3eaf7894
--- /dev/null
+++ b/moonv4/python_moonutilities/Changelog
@@ -0,0 +1,64 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+
+CHANGES
+=======
+
+0.1.0
+-----
+- First version of the moon_utilities library.
+
+1.0.0
+-----
+- First public version of the moon_utilities library.
+
+1.0.1
+-----
+- Update setup.py to force the installation of requirements.
+
+1.0.2
+-----
+- Test PyPi upload
+
+1.1.0
+-----
+- Add functions to get configuration from Consul
+
+1.1.1
+-----
+- Add a missing requirements
+
+1.2.0
+-----
+- Add authentication features for interface
+
+1.3.0
+-----
+- Add cache functionality
+
+1.3.1
+-----
+- Delete Oslo config possibilities
+
+1.3.2
+-----
+- Delete Oslo logging and config
+
+1.3.3
+-----
+- Update the cache
+
+1.3.4
+-----
+- Fix a bug on the connection between interface and authz
+
+1.4.0
+-----
+- Add a waiting loop when the Keystone server is not currently available
+
+1.4.1
+-----
+- Cleanup moon_utilities code
diff --git a/moonv4/python_moonutilities/LICENSE b/moonv4/python_moonutilities/LICENSE
new file mode 100644
index 00000000..d6456956
--- /dev/null
+++ b/moonv4/python_moonutilities/LICENSE
@@ -0,0 +1,202 @@
+
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
diff --git a/moonv4/python_moonutilities/MANIFEST.in b/moonv4/python_moonutilities/MANIFEST.in
new file mode 100644
index 00000000..b764e35c
--- /dev/null
+++ b/moonv4/python_moonutilities/MANIFEST.in
@@ -0,0 +1,10 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+include README.rst
+include LICENSE
+include Changelog
+include setup.py
+include requirements.txt
diff --git a/moonv4/python_moonutilities/README.md b/moonv4/python_moonutilities/README.md
new file mode 100644
index 00000000..8e21966a
--- /dev/null
+++ b/moonv4/python_moonutilities/README.md
@@ -0,0 +1,33 @@
+# python-moonutilities Package
+This package contains the core module for the Moon project.
+It is designed to provide authorization feature to all OpenStack components.
+
+For any other information, refer to the parent project:
+
+ https://git.opnfv.org/moon
+
+python-moonutilities is a common Python lib for other Moon Python packages
+
+## Build
+### Build Python Package
+```bash
+cd ${MOON_HOME}/python_moonutilities
+python3 setup.py sdist bdist_wheel
+```
+
+### Push Python Package to PIP
+```bash
+cd ${MOON_HOME}/python_moonutilities
+gpg --detach-sign -u "${GPG_ID}" -a dist/python_moonutilities-X.Y.Z-py3-none-any.whl
+gpg --detach-sign -u "${GPG_ID}" -a dist/python_moonutilities-X.Y.Z.tar.gz
+twine upload dist/python_moonutilities-X.Y.Z-py3-none-any.whl dist/python_moonutilities-X.Y.Z-py3-none-any.whl.asc
+twine upload dist/python_moonutilities-X.Y.Z.tar.gz dist/python_moonutilities-X.Y.Z.tar.gz.asc
+```
+
+## Test
+### Python Unit Test
+launch Docker for Python unit tests
+```bash
+cd ${MOON_HOME}/python_moonutilities
+docker run --rm --volume $(pwd):/data wukongsun/moon_python_unit_test:latest
+```
diff --git a/moonv4/python_moonutilities/python_moonutilities/__init__.py b/moonv4/python_moonutilities/python_moonutilities/__init__.py
new file mode 100644
index 00000000..e3ad9307
--- /dev/null
+++ b/moonv4/python_moonutilities/python_moonutilities/__init__.py
@@ -0,0 +1,6 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+__version__ = "1.4.1"
diff --git a/moonv4/python_moonutilities/python_moonutilities/api.py b/moonv4/python_moonutilities/python_moonutilities/api.py
new file mode 100644
index 00000000..8e80c21d
--- /dev/null
+++ b/moonv4/python_moonutilities/python_moonutilities/api.py
@@ -0,0 +1,28 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+
+class APIList(object):
+
+ API_LIST = ()
+
+ def __init__(self, api_list):
+ self.API_LIST = api_list
+
+ def list_api(self, ctx):
+ api = dict()
+ for obj in self.API_LIST:
+ api[obj.__name__] = dict()
+ api[obj.__name__]["description"] = obj.__doc__.strip() if obj.__doc__ else ""
+ api[obj.__name__]["version"] = obj.__version__
+ api[obj.__name__]["commands"] = dict()
+ for cmd in filter(lambda x: not x.startswith("__"), dir(obj)):
+ doc = eval("obj.{}.__doc__".format(cmd))
+ if not doc:
+ doc = ""
+ api[obj.__name__]["commands"][cmd] = doc.strip()
+ return api
+
+
diff --git a/moonv4/python_moonutilities/python_moonutilities/auth.py b/moonv4/python_moonutilities/python_moonutilities/auth.py
new file mode 100644
index 00000000..7656f4e7
--- /dev/null
+++ b/moonv4/python_moonutilities/python_moonutilities/auth.py
@@ -0,0 +1,76 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+import os
+import requests
+import time
+from functools import wraps
+from flask import request
+from oslo_log import log as logging
+from python_moonutilities import exceptions, configuration
+
+
+LOG = logging.getLogger(__name__)
+KEYSTONE_CONFIG = configuration.get_configuration("openstack/keystone")["openstack/keystone"]
+TOKENS = {}
+
+
+def check_token(token, url=None):
+ _verify = False
+ if KEYSTONE_CONFIG['certificate']:
+ _verify = KEYSTONE_CONFIG['certificate']
+ try:
+ os.environ.pop("http_proxy")
+ os.environ.pop("https_proxy")
+ except KeyError:
+ pass
+ if not url:
+ url = KEYSTONE_CONFIG['url']
+ headers = {
+ "Content-Type": "application/json",
+ 'X-Subject-Token': token,
+ 'X-Auth-Token': token,
+ }
+ if KEYSTONE_CONFIG['check_token'].lower() in ("false", "no", "n"):
+ # TODO (asteroide): must send the admin id
+ return "admin" if not token else token
+ if KEYSTONE_CONFIG['check_token'].lower() in ("yes", "y", "true"):
+ if token in TOKENS:
+ delta = time.mktime(TOKENS[token]["expires_at"]) - time.mktime(time.gmtime())
+ if delta > 0:
+ return TOKENS[token]["user"]
+ raise exceptions.KeystoneError
+ else:
+ req = requests.get("{}/auth/tokens".format(url), headers=headers, verify=_verify)
+ if req.status_code in (200, 201):
+ # Note (asteroide): the time stamps is not in ISO 8601, so it is necessary to delete
+ # characters after the dot
+ token_time = req.json().get("token").get("expires_at").split(".")
+ TOKENS[token] = dict()
+ TOKENS[token]["expires_at"] = time.strptime(token_time[0], "%Y-%m-%dT%H:%M:%S")
+ TOKENS[token]["user"] = req.json().get("token").get("user").get("id")
+ return TOKENS[token]["user"]
+ LOG.error("{} - {}".format(req.status_code, req.text))
+ raise exceptions.KeystoneError
+ elif KEYSTONE_CONFIG['check_token'].lower() == "strict":
+ req = requests.head("{}/auth/tokens".format(url), headers=headers, verify=_verify)
+ if req.status_code in (200, 201):
+ return token
+ LOG.error("{} - {}".format(req.status_code, req.text))
+ raise exceptions.KeystoneError
+ raise exceptions.KeystoneError
+
+
+def check_auth(function):
+ @wraps(function)
+ def wrapper(*args, **kwargs):
+ token = request.headers.get('X-Auth-Token')
+ token = check_token(token)
+ if not token:
+ raise exceptions.AuthException
+ user_id = kwargs.pop("user_id", token)
+ result = function(*args, **kwargs, user_id=user_id)
+ return result
+ return wrapper
diff --git a/moonv4/python_moonutilities/python_moonutilities/cache.py b/moonv4/python_moonutilities/python_moonutilities/cache.py
new file mode 100644
index 00000000..93e3daca
--- /dev/null
+++ b/moonv4/python_moonutilities/python_moonutilities/cache.py
@@ -0,0 +1,543 @@
+import logging
+import time
+import requests
+from uuid import uuid4
+from python_moonutilities import configuration, exceptions
+
+LOG = logging.getLogger("moon.utilities.cache")
+
+
+class Cache(object):
+ # TODO (asteroide): set cache integer in CONF file
+ '''
+ [NOTE] Propose to define the following variables inside the init method
+ as defining them out side the init, will be treated as private static variables
+ and keep tracks with any changes done anywhere
+ for more info : you can check https://docs.python.org/3/tutorial/classes.html#class-and-instance-variables
+ '''
+ __UPDATE_INTERVAL = 10
+
+ __CONTAINERS = {}
+ __CONTAINERS_UPDATE = 0
+
+ __CONTAINER_CHAINING_UPDATE = 0
+ __CONTAINER_CHAINING = {}
+
+ __PDP = {}
+ __PDP_UPDATE = 0
+
+ __POLICIES = {}
+ __POLICIES_UPDATE = 0
+
+ __MODELS = {}
+ __MODELS_UPDATE = 0
+
+ __SUBJECTS = {}
+ __OBJECTS = {}
+ __ACTIONS = {}
+
+ __SUBJECT_ASSIGNMENTS = {}
+ __OBJECT_ASSIGNMENTS = {}
+ __ACTION_ASSIGNMENTS = {}
+
+ __SUBJECT_CATEGORIES = {}
+ __SUBJECT_CATEGORIES_UPDATE = 0
+ __OBJECT_CATEGORIES = {}
+ __OBJECT_CATEGORIES_UPDATE = 0
+ __ACTION_CATEGORIES = {}
+ __ACTION_CATEGORIES_UPDATE = 0
+
+ __META_RULES = {}
+ __META_RULES_UPDATE = 0
+
+ __RULES = {}
+ __RULES_UPDATE = 0
+
+ __AUTHZ_REQUESTS = {}
+
+ def __init__(self):
+ self.manager_url = "{}://{}:{}".format(
+ configuration.get_components()['manager'].get('protocol', 'http'),
+ configuration.get_components()['manager']['hostname'],
+ configuration.get_components()['manager']['port']
+ )
+ self.orchestrator_url = "{}://{}:{}".format(
+ configuration.get_components()['orchestrator'].get('protocol', 'http'),
+ configuration.get_components()['orchestrator']['hostname'],
+ configuration.get_components()['orchestrator']['port']
+ )
+
+ def update(self):
+ self.__update_container()
+ self.__update_pdp()
+ self.__update_policies()
+ self.__update_models()
+ for key, value in self.__PDP.items():
+ # LOG.info("Updating container_chaining with {}".format(value["keystone_project_id"]))
+ self.__update_container_chaining(value["keystone_project_id"])
+
+ @property
+ def authz_requests(self):
+ return self.__AUTHZ_REQUESTS
+
+ # perimeter functions
+
+ @property
+ def subjects(self):
+ return self.__SUBJECTS
+
+ def update_subjects(self, policy_id=None):
+ req = requests.get("{}/policies/{}/subjects".format(
+ self.manager_url, policy_id))
+ self.__SUBJECTS[policy_id] = req.json()['subjects']
+
+ def get_subject(self, policy_id, name):
+ try:
+ for _subject_id, _subject_dict in self.__SUBJECTS[policy_id].items():
+ if _subject_dict["name"] == name:
+ return _subject_id
+ except KeyError:
+ pass
+ self.update_subjects(policy_id)
+ for _subject_id, _subject_dict in self.__SUBJECTS[policy_id].items():
+ if _subject_dict["name"] == name:
+ return _subject_id
+ raise exceptions.SubjectUnknown("Cannot find subject {}".format(name))
+
+ @property
+ def objects(self):
+ return self.__OBJECTS
+
+ def update_objects(self, policy_id=None):
+ req = requests.get("{}/policies/{}/objects".format(
+ self.manager_url, policy_id))
+ self.__OBJECTS[policy_id] = req.json()['objects']
+
+ def get_object(self, policy_id, name):
+ try:
+ for _object_id, _object_dict in self.__OBJECTS[policy_id].items():
+ if _object_dict["name"] == name:
+ return _object_id
+ except KeyError:
+ pass
+ self.update_objects(policy_id)
+ for _object_id, _object_dict in self.__OBJECTS[policy_id].items():
+ if _object_dict["name"] == name:
+ return _object_id
+ raise exceptions.SubjectUnknown("Cannot find object {}".format(name))
+
+ @property
+ def actions(self):
+ return self.__ACTIONS
+
+ def update_actions(self, policy_id=None):
+ req = requests.get("{}/policies/{}/actions".format(
+ self.manager_url, policy_id))
+ self.__ACTIONS[policy_id] = req.json()['actions']
+
+ def get_action(self, policy_id, name):
+ try:
+ for _action_id, _action_dict in self.__ACTIONS[policy_id].items():
+ if _action_dict["name"] == name:
+ return _action_id
+ except KeyError:
+ pass
+ self.update_actions(policy_id)
+ for _action_id, _action_dict in self.__ACTIONS[policy_id].items():
+ if _action_dict["name"] == name:
+ return _action_id
+ raise exceptions.SubjectUnknown("Cannot find action {}".format(name))
+
+ # meta_rule functions
+
+ @property
+ def meta_rules(self):
+ current_time = time.time()
+ if self.__META_RULES_UPDATE + self.__UPDATE_INTERVAL < current_time:
+ self.__update_meta_rules()
+ self.__META_RULES_UPDATE = current_time
+ return self.__META_RULES
+
+ def __update_meta_rules(self):
+ req = requests.get("{}/meta_rules".format(self.manager_url))
+ self.__META_RULES = req.json()['meta_rules']
+
+ # rule functions
+
+ @property
+ def rules(self):
+ current_time = time.time()
+ if self.__RULES_UPDATE + self.__UPDATE_INTERVAL < current_time:
+ self.__update_rules()
+ self.__RULES_UPDATE = current_time
+ return self.__RULES
+
+ def __update_rules(self):
+ for policy_id in self.__POLICIES:
+ LOG.info("Get {}".format("{}/policies/{}/rules".format(
+ self.manager_url, policy_id)))
+ req = requests.get("{}/policies/{}/rules".format(
+ self.manager_url, policy_id))
+ self.__RULES[policy_id] = req.json()['rules']
+ LOG.info("UPDATE RULES {}".format(self.__RULES))
+
+ # assignment functions
+
+ @property
+ def subject_assignments(self):
+ return self.__SUBJECT_ASSIGNMENTS
+
+ def update_subject_assignments(self, policy_id=None, perimeter_id=None):
+ if perimeter_id:
+ req = requests.get("{}/policies/{}/subject_assignments/{}".format(
+ self.manager_url, policy_id, perimeter_id))
+ else:
+ req = requests.get("{}/policies/{}/subject_assignments".format(
+ self.manager_url, policy_id))
+ if policy_id not in self.__SUBJECT_ASSIGNMENTS:
+ self.__SUBJECT_ASSIGNMENTS[policy_id] = {}
+ self.__SUBJECT_ASSIGNMENTS[policy_id].update(
+ req.json()['subject_assignments'])
+
+ def get_subject_assignments(self, policy_id, perimeter_id, category_id):
+ if policy_id not in self.subject_assignments:
+ self.update_subject_assignments(policy_id, perimeter_id)
+ '''
+ [NOTE] invalid condition for testing existence of policy_id
+ because update_subject_assignments function already add an empty object
+ with the given policy_id and then assign the response to it
+ as mentioned in these lines of code (line 191,192)
+
+ Note: the same condition applied for the object,action assignment
+ line 234, 260
+ '''
+ if policy_id not in self.subject_assignments:
+ raise Exception("Cannot found the policy {}".format(policy_id))
+ for key, value in self.subject_assignments[policy_id].items():
+ if perimeter_id == value['subject_id'] and category_id == value['category_id']:
+ return value['assignments']
+ return []
+
+ @property
+ def object_assignments(self):
+ return self.__OBJECT_ASSIGNMENTS
+
+ def update_object_assignments(self, policy_id=None, perimeter_id=None):
+ if perimeter_id:
+ req = requests.get("{}/policies/{}/object_assignments/{}".format(
+ self.manager_url, policy_id, perimeter_id))
+ else:
+ req = requests.get("{}/policies/{}/object_assignments".format(
+ self.manager_url, policy_id))
+ if policy_id not in self.__OBJECT_ASSIGNMENTS:
+ self.__OBJECT_ASSIGNMENTS[policy_id] = {}
+ self.__OBJECT_ASSIGNMENTS[policy_id].update(
+ req.json()['object_assignments'])
+
+ def get_object_assignments(self, policy_id, perimeter_id, category_id):
+ if policy_id not in self.object_assignments:
+ self.update_object_assignments(policy_id, perimeter_id)
+ if policy_id not in self.object_assignments:
+ raise Exception("Cannot found the policy {}".format(policy_id))
+ for key, value in self.object_assignments[policy_id].items():
+ if perimeter_id == value['object_id'] and category_id == value['category_id']:
+ return value['assignments']
+ return []
+
+ @property
+ def action_assignments(self):
+ return self.__ACTION_ASSIGNMENTS
+
+ def update_action_assignments(self, policy_id=None, perimeter_id=None):
+ if perimeter_id:
+ req = requests.get("{}/policies/{}/action_assignments/{}".format(
+ self.manager_url, policy_id, perimeter_id))
+ else:
+ req = requests.get("{}/policies/{}/action_assignments".format(
+ self.manager_url, policy_id))
+ if policy_id not in self.__ACTION_ASSIGNMENTS:
+ self.__ACTION_ASSIGNMENTS[policy_id] = {}
+ self.__ACTION_ASSIGNMENTS[policy_id].update(
+ req.json()['action_assignments'])
+
+ def get_action_assignments(self, policy_id, perimeter_id, category_id):
+ if policy_id not in self.action_assignments:
+ self.update_action_assignments(policy_id, perimeter_id)
+ if policy_id not in self.action_assignments:
+ raise Exception("Cannot found the policy {}".format(policy_id))
+ for key, value in self.action_assignments[policy_id].items():
+ if perimeter_id == value['action_id'] and category_id == value['category_id']:
+ return value['assignments']
+ return []
+
+ # category functions
+
+ @property
+ def subject_categories(self):
+ current_time = time.time()
+ if self.__SUBJECT_CATEGORIES_UPDATE + self.__UPDATE_INTERVAL < current_time:
+ self.__update_subject_categories()
+ self.__SUBJECT_CATEGORIES_UPDATE = current_time
+ return self.__SUBJECT_CATEGORIES
+
+ def __update_subject_categories(self):
+ req = requests.get("{}/policies/subject_categories".format(
+ self.manager_url))
+ self.__SUBJECT_CATEGORIES.update(req.json()['subject_categories'])
+
+ @property
+ def object_categories(self):
+ current_time = time.time()
+ if self.__OBJECT_CATEGORIES_UPDATE + self.__UPDATE_INTERVAL < current_time:
+ self.__update_object_categories()
+ self.__OBJECT_CATEGORIES_UPDATE = current_time
+ return self.__OBJECT_CATEGORIES
+
+ def __update_object_categories(self):
+ req = requests.get("{}/policies/object_categories".format(
+ self.manager_url))
+ self.__OBJECT_CATEGORIES.update(req.json()['object_categories'])
+
+ @property
+ def action_categories(self):
+ current_time = time.time()
+ if self.__ACTION_CATEGORIES_UPDATE + self.__UPDATE_INTERVAL < current_time:
+ self.__update_action_categories()
+ self.__ACTION_CATEGORIES_UPDATE = current_time
+ return self.__ACTION_CATEGORIES
+
+ def __update_action_categories(self):
+ req = requests.get("{}/policies/action_categories".format(
+ self.manager_url))
+ self.__ACTION_CATEGORIES.update(req.json()['action_categories'])
+
+ # PDP functions
+
+ def __update_pdp(self):
+ req = requests.get("{}/pdp".format(self.manager_url))
+ pdp = req.json()
+ for _pdp in pdp["pdps"].values():
+ if _pdp['keystone_project_id'] not in self.__CONTAINER_CHAINING:
+ self.__CONTAINER_CHAINING[_pdp['keystone_project_id']] = {}
+ # Note (asteroide): force update of chaining
+ self.__update_container_chaining(_pdp['keystone_project_id'])
+ for key, value in pdp["pdps"].items():
+ self.__PDP[key] = value
+
+ @property
+ def pdp(self):
+ """Policy Decision Point
+ Example of content:
+ {
+ "pdp_id": {
+ "keystone_project_id": "keystone_project_id",
+ "name": "pdp1",
+ "description": "test",
+ "security_pipeline": [
+ "policy_id"
+ ]
+ }
+ }
+
+ :return:
+ """
+ current_time = time.time()
+ if self.__PDP_UPDATE + self.__UPDATE_INTERVAL < current_time:
+ self.__update_pdp()
+ self.__PDP_UPDATE = current_time
+ return self.__PDP
+
+ # policy functions
+ def __update_policies(self):
+ req = requests.get("{}/policies".format(self.manager_url))
+ policies = req.json()
+ for key, value in policies["policies"].items():
+ self.__POLICIES[key] = value
+
+ @property
+ def policies(self):
+ current_time = time.time()
+ if self.__POLICIES_UPDATE + self.__UPDATE_INTERVAL < current_time:
+ self.__update_policies()
+ self.__POLICIES_UPDATE = current_time
+ return self.__POLICIES
+
+ # model functions
+
+ def __update_models(self):
+ req = requests.get("{}/models".format(self.manager_url))
+ models = req.json()
+ for key, value in models["models"].items():
+ self.__MODELS[key] = value
+
+ @property
+ def models(self):
+ current_time = time.time()
+ if self.__MODELS_UPDATE + self.__UPDATE_INTERVAL < current_time:
+ self.__update_models()
+ self.__MODELS_UPDATE = current_time
+ return self.__MODELS
+
+ # helper functions
+
+ def get_policy_from_meta_rules(self, meta_rule_id):
+ for pdp_key, pdp_value in self.pdp.items():
+ for policy_id in pdp_value["security_pipeline"]:
+ model_id = self.policies[policy_id]["model_id"]
+ if meta_rule_id in self.models[model_id]["meta_rules"]:
+ return policy_id
+
+ def get_pdp_from_keystone_project(self, keystone_project_id):
+ for pdp_key, pdp_value in self.pdp.items():
+ if keystone_project_id == pdp_value["keystone_project_id"]:
+ return pdp_key
+
+ def get_keystone_project_id_from_policy_id(self, policy_id):
+ for pdp_key, pdp_value in self.pdp.items():
+ if policy_id in pdp_value["security_pipeline"]:
+ return pdp_value["keystone_project_id"]
+ # for policy_id in pdp_value["security_pipeline"]:
+ # model_id = self.policies[policy_id]["model_id"]
+ # if meta_rule_id in self.models[model_id]["meta_rules"]:
+ # return pdp_value["keystone_project_id"]
+
+ def get_containers_from_keystone_project_id(self, keystone_project_id,
+ meta_rule_id=None):
+ for container_id, container_values in self.containers.items():
+ for container_value in container_values:
+ if 'keystone_project_id' not in container_value:
+ continue
+ if container_value['keystone_project_id'] == keystone_project_id:
+ if not meta_rule_id:
+ yield container_id, container_value
+ elif container_value.get('meta_rule_id') == meta_rule_id:
+ yield container_id, container_value
+ break
+
+ # containers functions
+
+ def __update_container(self):
+ req = requests.get("{}/pods".format(self.orchestrator_url))
+ pods = req.json()
+ for key, value in pods["pods"].items():
+ # if key not in self.__CONTAINERS:
+ self.__CONTAINERS[key] = value
+ # else:
+ # for container in value:
+ # self.__CONTAINERS[key].update(value)
+
+ def add_container(self, container_data):
+ """Add a new container in the cache
+
+ :param container_data: dictionary with information for the container
+ Example:
+ {
+ "name": name,
+ "hostname": name,
+ "port": {
+ "PrivatePort": tcp_port,
+ "Type": "tcp",
+ "IP": "0.0.0.0",
+ "PublicPort": tcp_port
+ },
+ "keystone_project_id": uuid,
+ "pdp_id": self.CACHE.get_pdp_from_keystone_project(uuid),
+ "meta_rule_id": meta_rule_id,
+ "container_name": container_name,
+ "plugin_name": plugin_name
+ "container_id": "container_id"
+ }
+
+ :return:
+ """
+ self.__CONTAINERS[uuid4().hex] = {
+ "keystone_project_id": container_data['keystone_project_id'],
+ "name": container_data['name'],
+ "container_id": container_data['container_id'],
+ "hostname": container_data['name'],
+ "policy_id": container_data['policy_id'],
+ "meta_rule_id": container_data['meta_rule_id'],
+ "port": [
+ {
+ "PublicPort": container_data['port']["PublicPort"],
+ "Type": container_data['port']["Type"],
+ "IP": container_data['port']["IP"],
+ "PrivatePort": container_data['port']["PrivatePort"]
+ }
+ ],
+ "genre": container_data['plugin_name']
+ }
+ self.__update_container_chaining(self.get_keystone_project_id_from_policy_id(container_data['policy_id']))
+
+ @property
+ def containers(self):
+ """Containers cache
+ example of content :
+ {
+ "policy_uuid1": "component_hostname1",
+ "policy_uuid2": "component_hostname2",
+ }
+ :return:
+ """
+ current_time = time.time()
+ if self.__CONTAINERS_UPDATE + self.__UPDATE_INTERVAL < current_time:
+ self.__update_container()
+ self.__CONTAINERS_UPDATE = current_time
+ return self.__CONTAINERS
+
+ @property
+ def container_chaining(self):
+ """Cache for mapping Keystone Project ID with meta_rule ID and container ID
+ Example of content:
+ {
+ "keystone_project_id": [
+ {
+ "container_id": "container_id",
+ "genre": "genre",
+ "policy_id": "policy_id",
+ "meta_rule_id": "meta_rule_id",
+ }
+ ]
+ }
+
+ :return:
+ """
+ current_time = time.time()
+ if self.__CONTAINER_CHAINING_UPDATE + self.__UPDATE_INTERVAL < current_time:
+ for key, value in self.pdp.items():
+ if not value["keystone_project_id"]:
+ continue
+ self.__update_container_chaining(value["keystone_project_id"])
+ self.__CONTAINER_CHAINING_UPDATE = current_time
+ LOG.info(self.__CONTAINER_CHAINING_UPDATE)
+ return self.__CONTAINER_CHAINING
+
+ def __update_container_chaining(self, keystone_project_id):
+ container_ids = []
+ for pdp_id, pdp_value, in self.__PDP.items():
+ if pdp_value:
+ if pdp_value["keystone_project_id"] == keystone_project_id:
+ for policy_id in pdp_value["security_pipeline"]:
+ model_id = self.__POLICIES[policy_id]['model_id']
+ for meta_rule_id in self.__MODELS[model_id]["meta_rules"]:
+ for container_id, container_value in self.get_containers_from_keystone_project_id(
+ keystone_project_id,
+ meta_rule_id
+ ):
+ _raw = requests.get("{}/pods/{}".format(
+ self.orchestrator_url, container_value["name"])
+ )
+ LOG.debug("_raw={}".format(_raw.text))
+ container_ids.append(
+ {
+ "container_id": container_value["name"],
+ "genre": container_value["genre"],
+ "policy_id": policy_id,
+ "meta_rule_id": meta_rule_id,
+ "hostname": container_value["name"],
+ "hostip": "127.0.0.1",
+ "port": container_value["port"],
+ }
+ )
+ self.__CONTAINER_CHAINING[keystone_project_id] = container_ids
+
diff --git a/moonv4/python_moonutilities/python_moonutilities/configuration.py b/moonv4/python_moonutilities/python_moonutilities/configuration.py
new file mode 100644
index 00000000..f0ef74a6
--- /dev/null
+++ b/moonv4/python_moonutilities/python_moonutilities/configuration.py
@@ -0,0 +1,114 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+
+import base64
+import json
+import requests
+import logging
+import logging.config
+from python_moonutilities import exceptions
+
+LOG = logging.getLogger("moon.utilities")
+
+CONSUL_HOST = "consul"
+CONSUL_PORT = "8500"
+
+DATABASE = "database"
+KEYSTONE = "keystone"
+DOCKER = "docker"
+COMPONENTS = "components"
+
+
+def init_logging():
+ config = get_configuration("logging")
+ logging.config.dictConfig(config['logging'])
+
+
+def increment_port():
+ components_port_start = int(get_configuration("components_port_start")['components_port_start'])
+ components_port_start += 1
+ url = "http://{}:{}/v1/kv/components_port_start".format(CONSUL_HOST, CONSUL_PORT)
+ req = requests.put(url, json=str(components_port_start))
+ if req.status_code != 200:
+ LOG.info("url={}".format(url))
+ raise exceptions.ConsulError
+ return components_port_start
+
+
+def get_configuration(key):
+ url = "http://{}:{}/v1/kv/{}".format(CONSUL_HOST, CONSUL_PORT, key)
+ req = requests.get(url)
+ if req.status_code != 200:
+ LOG.error("url={}".format(url))
+ raise exceptions.ConsulComponentNotFound("error={}: {}".format(req.status_code, req.text))
+ data = req.json()
+ if len(data) == 1:
+ data = data[0]
+ return {data["Key"]: json.loads(base64.b64decode(data["Value"]).decode("utf-8"))}
+ else:
+ return [
+ {item["Key"]: json.loads(base64.b64decode(item["Value"]).decode("utf-8"))}
+ for item in data
+ ]
+
+
+def add_component(name, uuid, port=None, bind="127.0.0.1", keystone_id="", extra=None, container=None):
+ data = {
+ "hostname": name,
+ "keystone_id": keystone_id,
+ "bind": bind,
+ "port": port,
+ "extra": extra,
+ "container": container
+ }
+ req = requests.put(
+ "http://{}:{}/v1/kv/components/{}".format(CONSUL_HOST, CONSUL_PORT, uuid),
+ headers={"content-type": "application/json"},
+ json=data
+ )
+ if req.status_code != 200:
+ LOG.debug("url={}".format("http://{}:{}/v1/kv/components/{}".format(CONSUL_HOST, CONSUL_PORT, uuid)))
+ LOG.debug("data={}".format(data))
+ raise exceptions.ConsulError
+ LOG.info("Add component {}".format(req.text))
+ return get_configuration("components/"+uuid)
+
+
+def get_plugins():
+ url = "http://{}:{}/v1/kv/plugins?recurse=true".format(CONSUL_HOST, CONSUL_PORT)
+ req = requests.get(url)
+ if req.status_code != 200:
+ LOG.info("url={}".format(url))
+ raise exceptions.ConsulError
+ data = req.json()
+ if len(data) == 1:
+ data = data[0]
+ return {data["Key"].replace("plugins/", ""): json.loads(base64.b64decode(data["Value"]).decode("utf-8"))}
+ else:
+ return {
+ item["Key"].replace("plugins/", ""): json.loads(base64.b64decode(item["Value"]).decode("utf-8"))
+ for item in data
+ }
+
+
+def get_components():
+ url = "http://{}:{}/v1/kv/components?recurse=true".format(CONSUL_HOST, CONSUL_PORT)
+ req = requests.get(url)
+ if req.status_code != 200:
+ LOG.info("url={}".format(url))
+ raise exceptions.ConsulError
+ data = req.json()
+ if len(data) == 1:
+ data = data[0]
+ return {data["Key"].replace("components/", ""): json.loads(base64.b64decode(data["Value"]).decode("utf-8"))}
+ else:
+ return {
+ item["Key"].replace("components/", ""): json.loads(base64.b64decode(item["Value"]).decode("utf-8"))
+ for item in data
+ }
+
+
+init_logging()
diff --git a/moonv4/python_moonutilities/python_moonutilities/exceptions.py b/moonv4/python_moonutilities/python_moonutilities/exceptions.py
new file mode 100644
index 00000000..5bbab2be
--- /dev/null
+++ b/moonv4/python_moonutilities/python_moonutilities/exceptions.py
@@ -0,0 +1,522 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+from oslo_log import log as logging
+from werkzeug.exceptions import HTTPException
+
+LOG = logging.getLogger("moon.utilities.exceptions")
+_ = str
+
+
+class MoonErrorMetaClass(type):
+
+ def __init__(cls, name, bases, dct):
+ super(MoonErrorMetaClass, cls).__init__(name, bases, dct)
+ cls.hierarchy += "/"+str(name)
+
+
+class MoonError(HTTPException):
+ __metaclass__ = MoonErrorMetaClass
+ hierarchy = ""
+ description = _("There is an error requesting the Moon platform.")
+ code = 400
+ title = 'Moon Error'
+ logger = "ERROR"
+
+ def __init__(self, message="", status_code=None, payload=""):
+ if message:
+ self.description = message
+ if status_code:
+ self.code = status_code
+ self.payload = payload
+ super(MoonError, self).__init__()
+
+ def __str__(self):
+ return "{}: {}".format(self.code, self.title)
+
+ def __del__(self):
+ message = "{} ({}) {}".format(self.hierarchy, self.description, self.payload)
+ if self.logger == "ERROR":
+ try:
+ LOG.error(message)
+ except AttributeError:
+ LOG.error(message)
+ elif self.logger == "WARNING":
+ try:
+ LOG.warning(message)
+ except AttributeError:
+ LOG.warning(message)
+ elif self.logger == "CRITICAL":
+ try:
+ LOG.critical(message)
+ except AttributeError:
+ LOG.critical(message)
+ elif self.logger == "AUTHZ":
+ try:
+ LOG.authz(self.hierarchy)
+ LOG.error(message)
+ except AttributeError:
+ LOG.error(message)
+ else:
+ try:
+ LOG.info(message)
+ except AttributeError:
+ LOG.info(message)
+
+ # def to_dict(self):
+ # rv = dict(self.payload or ())
+ # rv['message'] = "{} ({})".format(self.hierarchy, self.description)
+ # rv['title'] = self.title
+ # rv['code'] = self.code
+ # return rv
+
+
+# Exceptions for Tenant
+
+class TenantException(MoonError):
+ description = _("There is an error requesting this tenant.")
+ code = 400
+ title = 'Tenant Error'
+ logger = "ERROR"
+
+
+class TenantUnknown(TenantException):
+ description = _("The tenant is unknown.")
+ code = 400
+ title = 'Tenant Unknown'
+ logger = "ERROR"
+
+
+class TenantAddedNameExisting(TenantException):
+ description = _("The tenant name is existing.")
+ code = 400
+ title = 'Added Tenant Name Existing'
+ logger = "ERROR"
+
+
+class TenantNoIntraExtension(TenantException):
+ description = _("The tenant has not intra_extension.")
+ code = 400
+ title = 'Tenant No Intra_Extension'
+ logger = "ERROR"
+
+
+class TenantNoIntraAuthzExtension(TenantNoIntraExtension):
+ description = _("The tenant has not intra_admin_extension.")
+ code = 400
+ title = 'Tenant No Intra_Admin_Extension'
+ logger = "ERROR"
+
+# Exceptions for IntraExtension
+
+
+class IntraExtensionException(MoonError):
+ description = _("There is an error requesting this IntraExtension.")
+ code = 400
+ title = 'Extension Error'
+
+
+class IntraExtensionUnknown(IntraExtensionException):
+ description = _("The intra_extension is unknown.")
+ code = 400
+ title = 'Intra Extension Unknown'
+ logger = "Error"
+
+
+class ModelUnknown(MoonError):
+ description = _("The model is unknown.")
+ code = 400
+ title = 'Model Unknown'
+ logger = "Error"
+
+
+class ModelExisting(MoonError):
+ description = _("The model already exists.")
+ code = 409
+ title = 'Model Error'
+ logger = "Error"
+
+
+# Authz exceptions
+
+class AuthzException(MoonError):
+ description = _("There is an authorization error requesting this IntraExtension.")
+ code = 403
+ title = 'Authz Exception'
+ logger = "AUTHZ"
+
+
+# Auth exceptions
+
+class AuthException(MoonError):
+ description = _("There is an authentication error requesting this API. "
+ "You must provide a valid token from Keystone.")
+ code = 401
+ title = 'Auth Exception'
+ logger = "AUTHZ"
+
+
+# Admin exceptions
+
+class AdminException(MoonError):
+ description = _("There is an error requesting this Authz IntraExtension.")
+ code = 400
+ title = 'Authz Exception'
+ logger = "AUTHZ"
+
+
+class AdminMetaData(AdminException):
+ code = 400
+ title = 'Metadata Exception'
+
+
+class AdminPerimeter(AdminException):
+ code = 400
+ title = 'Perimeter Exception'
+
+
+class AdminScope(AdminException):
+ code = 400
+ title = 'Scope Exception'
+
+
+class AdminAssignment(AdminException):
+ code = 400
+ title = 'Assignment Exception'
+
+
+class AdminMetaRule(AdminException):
+ code = 400
+ title = 'Aggregation Algorithm Exception'
+
+
+class AdminRule(AdminException):
+ code = 400
+ title = 'Rule Exception'
+
+
+class SubjectCategoryNameExisting(AdminMetaData):
+ description = _("The given subject category name already exists.")
+ code = 409
+ title = 'Subject Category Name Existing'
+ logger = "ERROR"
+
+
+class SubjectCategoryExisting(AdminMetaData):
+ description = _("The given subject category already exists.")
+ code = 409
+ title = 'Subject Category Existing'
+ logger = "ERROR"
+
+
+class ObjectCategoryNameExisting(AdminMetaData):
+ description = _("The given object category name already exists.")
+ code = 409
+ title = 'Object Category Name Existing'
+ logger = "ERROR"
+
+
+class ObjectCategoryExisting(AdminMetaData):
+ description = _("The given object category already exists.")
+ code = 409
+ title = 'Object Category Existing'
+ logger = "ERROR"
+
+
+class ActionCategoryNameExisting(AdminMetaData):
+ description = _("The given action category name already exists.")
+ code = 409
+ title = 'Action Category Name Existing'
+ logger = "ERROR"
+
+
+class ActionCategoryExisting(AdminMetaData):
+ description = _("The given action category already exists.")
+ code = 409
+ title = 'Action Category Existing'
+ logger = "ERROR"
+
+
+class SubjectCategoryUnknown(AdminMetaData):
+ description = _("The given subject category is unknown.")
+ code = 400
+ title = 'Subject Category Unknown'
+ logger = "ERROR"
+
+
+class ObjectCategoryUnknown(AdminMetaData):
+ description = _("The given object category is unknown.")
+ code = 400
+ title = 'Object Category Unknown'
+ logger = "ERROR"
+
+
+class ActionCategoryUnknown(AdminMetaData):
+ description = _("The given action category is unknown.")
+ code = 400
+ title = 'Action Category Unknown'
+ logger = "ERROR"
+
+
+class SubjectUnknown(AdminPerimeter):
+ description = _("The given subject is unknown.")
+ code = 400
+ title = 'Subject Unknown'
+ logger = "ERROR"
+
+
+class ObjectUnknown(AdminPerimeter):
+ description = _("The given object is unknown.")
+ code = 400
+ title = 'Object Unknown'
+ logger = "ERROR"
+
+
+class ActionUnknown(AdminPerimeter):
+ description = _("The given action is unknown.")
+ code = 400
+ title = 'Action Unknown'
+ logger = "ERROR"
+
+
+class SubjectNameExisting(AdminPerimeter):
+ description = _("The given subject name is existing.")
+ code = 400
+ title = 'Subject Name Existing'
+ logger = "ERROR"
+
+
+class ObjectNameExisting(AdminPerimeter):
+ description = _("The given object name is existing.")
+ code = 400
+ title = 'Object Name Existing'
+ logger = "ERROR"
+
+
+class ActionNameExisting(AdminPerimeter):
+ description = _("The given action name is existing.")
+ code = 400
+ title = 'Action Name Existing'
+ logger = "ERROR"
+
+
+class ObjectsWriteNoAuthorized(AdminPerimeter):
+ description = _("The modification on Objects is not authorized.")
+ code = 400
+ title = 'Objects Write No Authorized'
+ logger = "AUTHZ"
+
+
+class ActionsWriteNoAuthorized(AdminPerimeter):
+ description = _("The modification on Actions is not authorized.")
+ code = 400
+ title = 'Actions Write No Authorized'
+ logger = "AUTHZ"
+
+
+class SubjectScopeUnknown(AdminScope):
+ description = _("The given subject scope is unknown.")
+ code = 400
+ title = 'Subject Scope Unknown'
+ logger = "ERROR"
+
+
+class ObjectScopeUnknown(AdminScope):
+ description = _("The given object scope is unknown.")
+ code = 400
+ title = 'Object Scope Unknown'
+ logger = "ERROR"
+
+
+class ActionScopeUnknown(AdminScope):
+ description = _("The given action scope is unknown.")
+ code = 400
+ title = 'Action Scope Unknown'
+ logger = "ERROR"
+
+
+class SubjectScopeNameExisting(AdminScope):
+ description = _("The given subject scope name is existing.")
+ code = 400
+ title = 'Subject Scope Name Existing'
+ logger = "ERROR"
+
+
+class ObjectScopeNameExisting(AdminScope):
+ description = _("The given object scope name is existing.")
+ code = 400
+ title = 'Object Scope Name Existing'
+ logger = "ERROR"
+
+
+class ActionScopeNameExisting(AdminScope):
+ description = _("The given action scope name is existing.")
+ code = 400
+ title = 'Action Scope Name Existing'
+ logger = "ERROR"
+
+
+class SubjectAssignmentUnknown(AdminAssignment):
+ description = _("The given subject assignment value is unknown.")
+ code = 400
+ title = 'Subject Assignment Unknown'
+ logger = "ERROR"
+
+
+class ObjectAssignmentUnknown(AdminAssignment):
+ description = _("The given object assignment value is unknown.")
+ code = 400
+ title = 'Object Assignment Unknown'
+ logger = "ERROR"
+
+
+class ActionAssignmentUnknown(AdminAssignment):
+ description = _("The given action assignment value is unknown.")
+ code = 400
+ title = 'Action Assignment Unknown'
+ logger = "ERROR"
+
+
+class SubjectAssignmentExisting(AdminAssignment):
+ description = _("The given subject assignment value is existing.")
+ code = 400
+ title = 'Subject Assignment Existing'
+ logger = "ERROR"
+
+
+class ObjectAssignmentExisting(AdminAssignment):
+ description = _("The given object assignment value is existing.")
+ code = 400
+ title = 'Object Assignment Existing'
+ logger = "ERROR"
+
+
+class ActionAssignmentExisting(AdminAssignment):
+ description = _("The given action assignment value is existing.")
+ code = 400
+ title = 'Action Assignment Existing'
+ logger = "ERROR"
+
+
+class AggregationAlgorithmNotExisting(AdminMetaRule):
+ description = _("The given aggregation algorithm is not existing.")
+ code = 400
+ title = 'Aggregation Algorithm Not Existing'
+ logger = "ERROR"
+
+
+class AggregationAlgorithmUnknown(AdminMetaRule):
+ description = _("The given aggregation algorithm is unknown.")
+ code = 400
+ title = 'Aggregation Algorithm Unknown'
+ logger = "ERROR"
+
+
+class SubMetaRuleAlgorithmNotExisting(AdminMetaRule):
+ description = _("The given sub_meta_rule algorithm is unknown.")
+ code = 400
+ title = 'Sub_meta_rule Algorithm Unknown'
+ logger = "ERROR"
+
+
+class MetaRuleUnknown(AdminMetaRule):
+ description = _("The given sub meta rule is unknown.")
+ code = 400
+ title = 'Sub Meta Rule Unknown'
+ logger = "ERROR"
+
+
+class SubMetaRuleNameExisting(AdminMetaRule):
+ description = _("The sub meta rule name already exists.")
+ code = 400
+ title = 'Sub Meta Rule Name Existing'
+ logger = "ERROR"
+
+
+class MetaRuleExisting(AdminMetaRule):
+ description = _("The sub meta rule already exists.")
+ code = 400
+ title = 'Sub Meta Rule Existing'
+ logger = "ERROR"
+
+
+class RuleExisting(AdminRule):
+ description = _("The rule already exists.")
+ code = 400
+ title = 'Rule Existing'
+ logger = "ERROR"
+
+
+class RuleUnknown(AdminRule):
+ description = _("The rule for that request doesn't exist.")
+ code = 400
+ title = 'Rule Unknown'
+ logger = "ERROR"
+
+
+# Keystone exceptions
+
+
+class KeystoneError(MoonError):
+ description = _("There is an error connecting to Keystone.")
+ code = 400
+ title = 'Keystone error'
+ logger = "ERROR"
+
+
+class KeystoneProjectError(KeystoneError):
+ description = _("There is an error retrieving projects from the Keystone service.")
+ code = 400
+ title = 'Keystone project error'
+ logger = "ERROR"
+
+
+class KeystoneUserError(KeystoneError):
+ description = _("There is an error retrieving users from the Keystone service.")
+ code = 400
+ title = 'Keystone user error'
+ logger = "ERROR"
+
+
+class KeystoneUserConflict(KeystoneUserError):
+ description = _("A user with that name already exist.")
+ code = 400
+ title = 'Keystone user error'
+ logger = "ERROR"
+
+
+# Consul exceptions
+
+
+class ConsulError(MoonError):
+ description = _("There is an error connecting to Consul.")
+ code = 400
+ title = 'Consul error'
+ logger = "ERROR"
+
+
+class ConsulComponentNotFound(ConsulError):
+ description = _("The component do not exist in Consul database.")
+ code = 500
+ title = 'Consul error'
+ logger = "WARNING"
+
+
+# Containers exceptions
+
+
+class DockerError(MoonError):
+ description = _("There is an error with Docker.")
+ code = 400
+ title = 'Docker error'
+ logger = "ERROR"
+
+
+class ContainerMissing(DockerError):
+ description = _("Some containers are missing.")
+ code = 400
+ title = 'Container missing'
+ logger = "ERROR"
+
diff --git a/moonv4/python_moonutilities/python_moonutilities/misc.py b/moonv4/python_moonutilities/python_moonutilities/misc.py
new file mode 100644
index 00000000..b83523c3
--- /dev/null
+++ b/moonv4/python_moonutilities/python_moonutilities/misc.py
@@ -0,0 +1,142 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+
+import logging
+import random
+
+LOG = logging.getLogger(__name__)
+
+
+def get_uuid_from_name(name, elements, **kwargs):
+ for element in elements:
+ if type(elements[element]) is dict and elements[element].get('name') == name:
+ if kwargs:
+ for args in kwargs:
+ if elements[element].get(args) != kwargs[args]:
+ return
+ else:
+ return element
+ else:
+ return element
+
+
+def get_name_from_uuid(uuid, elements, **kwargs):
+ for element in elements:
+ if element == uuid:
+ if kwargs:
+ for args in kwargs:
+ if elements[element].get(args) != kwargs[args]:
+ return
+ else:
+ return elements[element].get('name')
+ else:
+ return elements[element].get('name')
+
+
+def get_random_name():
+ _list = (
+ "windy",
+ "vengeful",
+ "precious",
+ "vivacious",
+ "quiet",
+ "confused",
+ "exultant",
+ "impossible",
+ "thick",
+ "obsolete",
+ "piquant",
+ "fanatical",
+ "tame",
+ "perfect",
+ "animated",
+ "dark",
+ "stimulating",
+ "drunk",
+ "depressed",
+ "fumbling",
+ "like",
+ "undesirable",
+ "spurious",
+ "subsequent",
+ "spiteful",
+ "last",
+ "stale",
+ "hulking",
+ "giddy",
+ "minor",
+ "careful",
+ "possessive",
+ "gullible",
+ "fragile",
+ "divergent",
+ "ill-informed",
+ "false",
+ "jumpy",
+ "damaged",
+ "likeable",
+ "volatile",
+ "handsomely",
+ "wet",
+ "long-term",
+ "pretty",
+ "taboo",
+ "normal",
+ "magnificent",
+ "nutty",
+ "puzzling",
+ "small",
+ "kind",
+ "devilish",
+ "chubby",
+ "paltry",
+ "cultured",
+ "old",
+ "defective",
+ "hanging",
+ "innocent",
+ "jagged",
+ "economic",
+ "good",
+ "sulky",
+ "real",
+ "bent",
+ "shut",
+ "furry",
+ "terrific",
+ "hollow",
+ "terrible",
+ "mammoth",
+ "pleasant",
+ "scared",
+ "obnoxious",
+ "absorbing",
+ "imported",
+ "infamous",
+ "grieving",
+ "ill-fated",
+ "mighty",
+ "handy",
+ "comfortable",
+ "astonishing",
+ "brown",
+ "assorted",
+ "wrong",
+ "unsightly",
+ "spooky",
+ "delightful",
+ "acid",
+ "inconclusive",
+ "mere",
+ "careless",
+ "historical",
+ "flashy",
+ "squealing",
+ "quarrelsome",
+ "empty",
+ "long",
+ )
+ return random.choice(_list)
diff --git a/moonv4/python_moonutilities/python_moonutilities/security_functions.py b/moonv4/python_moonutilities/python_moonutilities/security_functions.py
new file mode 100644
index 00000000..6d9307fe
--- /dev/null
+++ b/moonv4/python_moonutilities/python_moonutilities/security_functions.py
@@ -0,0 +1,531 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+
+import copy
+import re
+import os
+import types
+import requests
+import time
+from functools import wraps
+from flask import request
+import logging
+from python_moonutilities import exceptions, configuration
+
+LOG = logging.getLogger("moon.utilities." + __name__)
+
+keystone_config = configuration.get_configuration("openstack/keystone")["openstack/keystone"]
+TOKENS = {}
+__targets = {}
+
+
+def filter_input(func_or_str):
+
+ def __filter(string):
+ if string and type(string) is str:
+ return "".join(re.findall("[\w\- +]*", string))
+ return string
+
+ def __filter_dict(arg):
+ result = dict()
+ for key in arg.keys():
+ if key == "email":
+ result["email"] = __filter_email(arg[key])
+ elif key == "password":
+ result["password"] = arg['password']
+ else:
+ result[key] = __filter(arg[key])
+ return result
+
+ def __filter_email(string):
+ if string and type(string) is str:
+ return "".join(re.findall("[\w@\._\- +]*", string))
+ return string
+
+ def wrapped(*args, **kwargs):
+ _args = []
+ for arg in args:
+ if isinstance(arg, str):
+ arg = __filter(arg)
+ elif isinstance(arg, list):
+ arg = [__filter(item) for item in arg]
+ elif isinstance(arg, tuple):
+ arg = (__filter(item) for item in arg)
+ elif isinstance(arg, dict):
+ arg = __filter_dict(arg)
+ _args.append(arg)
+ for arg in kwargs:
+ if type(kwargs[arg]) is str:
+ kwargs[arg] = __filter(kwargs[arg])
+ if isinstance(kwargs[arg], str):
+ kwargs[arg] = __filter(kwargs[arg])
+ elif isinstance(kwargs[arg], list):
+ kwargs[arg] = [__filter(item) for item in kwargs[arg]]
+ elif isinstance(kwargs[arg], tuple):
+ kwargs[arg] = (__filter(item) for item in kwargs[arg])
+ elif isinstance(kwargs[arg], dict):
+ kwargs[arg] = __filter_dict(kwargs[arg])
+ return func_or_str(*_args, **kwargs)
+
+ if isinstance(func_or_str, str):
+ return __filter(func_or_str)
+ if isinstance(func_or_str, list):
+ return [__filter(item) for item in func_or_str]
+ if isinstance(func_or_str, tuple):
+ return (__filter(item) for item in func_or_str)
+ if isinstance(func_or_str, dict):
+ return __filter_dict(func_or_str)
+ if isinstance(func_or_str, types.FunctionType):
+ return wrapped
+ return None
+
+
+def enforce(action_names, object_name, **extra):
+ """Fake version of the enforce decorator"""
+ def wrapper_func(func):
+ def wrapper_args(*args, **kwargs):
+ # LOG.info("kwargs={}".format(kwargs))
+ # kwargs['user_id'] = kwargs.pop('user_id', "admin")
+ # LOG.info("Calling enforce on {} with args={} kwargs={}".format(func.__name__, args, kwargs))
+ return func(*args, **kwargs)
+ return wrapper_args
+ return wrapper_func
+
+
+def login(user=None, password=None, domain=None, project=None, url=None):
+ start_time = time.time()
+ if not user:
+ user = keystone_config['user']
+ if not password:
+ password = keystone_config['password']
+ if not domain:
+ domain = keystone_config['domain']
+ if not project:
+ project = keystone_config['project']
+ if not url:
+ url = keystone_config['url']
+ headers = {
+ "Content-Type": "application/json"
+ }
+ data_auth = {
+ "auth": {
+ "identity": {
+ "methods": [
+ "password"
+ ],
+ "password": {
+ "user": {
+ "domain": {
+ "id": domain
+ },
+ "name": user,
+ "password": password
+ }
+ }
+ },
+ "scope": {
+ "project": {
+ "domain": {
+ "id": domain
+ },
+ "name": project
+ }
+ }
+ }
+ }
+
+ while True:
+ req = requests.post("{}/auth/tokens".format(url),
+ json=data_auth, headers=headers,
+ verify=keystone_config['certificate'])
+
+ if req.status_code in (200, 201, 204):
+ headers['X-Auth-Token'] = req.headers['X-Subject-Token']
+ return headers
+ LOG.warning("Waiting for Keystone...")
+ if time.time() - start_time == 100:
+ LOG.error(req.text)
+ raise exceptions.KeystoneError
+ time.sleep(5)
+
+
+def logout(headers, url=None):
+ if not url:
+ url = keystone_config['url']
+ headers['X-Subject-Token'] = headers['X-Auth-Token']
+ req = requests.delete("{}/auth/tokens".format(url), headers=headers, verify=keystone_config['certificate'])
+ if req.status_code in (200, 201, 204):
+ return
+ LOG.error(req.text)
+ raise exceptions.KeystoneError
+
+
+class Context:
+
+ def __init__(self, init_context, cache):
+ self.cache = cache
+ self.__keystone_project_id = init_context.get("project_id")
+ self.__pdp_id = None
+ self.__pdp_value = None
+ for _pdp_key, _pdp_value in self.cache.pdp.items():
+ if _pdp_value["keystone_project_id"] == self.__keystone_project_id:
+ self.__pdp_id = _pdp_key
+ self.__pdp_value = copy.deepcopy(_pdp_value)
+ break
+ if not self.__pdp_value:
+ raise exceptions.AuthzException(
+ "Cannot create context for authz "
+ "with Keystone project ID {}".format(
+ self.__keystone_project_id
+ ))
+ self.__subject = init_context.get("subject_name")
+ self.__object = init_context.get("object_name")
+ self.__action = init_context.get("action_name")
+ self.__current_request = None
+ self.__request_id = init_context.get("req_id")
+ self.__cookie = init_context.get("cookie")
+ self.__manager_url = init_context.get("manager_url")
+ self.__interface_name = init_context.get("interface_name")
+ self.__index = -1
+ # self.__init_initial_request()
+ self.__headers = []
+ policies = self.cache.policies
+ models = self.cache.models
+ for policy_id in self.__pdp_value["security_pipeline"]:
+ model_id = policies[policy_id]["model_id"]
+ for meta_rule in models[model_id]["meta_rules"]:
+ self.__headers.append(meta_rule)
+ self.__meta_rules = self.cache.meta_rules
+ self.__pdp_set = {}
+ # self.__init_pdp_set()
+
+ def delete_cache(self):
+ self.cache = {}
+
+ def set_cache(self, cache):
+ self.cache = cache
+
+ def increment_index(self):
+ self.__index += 1
+ self.__init_current_request()
+ self.__init_pdp_set()
+
+ @property
+ def current_state(self):
+ return self.__pdp_set[self.__headers[self.__index]]['effect']
+
+ @current_state.setter
+ def current_state(self, state):
+ if state not in ("grant", "deny", "passed"):
+ state = "passed"
+ self.__pdp_set[self.__headers[self.__index]]['effect'] = state
+
+ @current_state.deleter
+ def current_state(self):
+ self.__pdp_set[self.__headers[self.__index]]['effect'] = "unset"
+
+ @property
+ def current_policy_id(self):
+ return self.__pdp_value["security_pipeline"][self.__index]
+
+ @current_policy_id.setter
+ def current_policy_id(self, value):
+ pass
+
+ @current_policy_id.deleter
+ def current_policy_id(self):
+ pass
+
+ def __init_current_request(self):
+ self.__subject = self.cache.get_subject(
+ self.__pdp_value["security_pipeline"][self.__index],
+ self.__subject)
+ self.__object = self.cache.get_object(
+ self.__pdp_value["security_pipeline"][self.__index],
+ self.__object)
+ self.__action = self.cache.get_action(
+ self.__pdp_value["security_pipeline"][self.__index],
+ self.__action)
+ self.__current_request = dict(self.initial_request)
+
+ def __init_pdp_set(self):
+ for header in self.__headers:
+ self.__pdp_set[header] = dict()
+ self.__pdp_set[header]["meta_rules"] = self.__meta_rules[header]
+ self.__pdp_set[header]["target"] = self.__add_target(header)
+ self.__pdp_set[header]["effect"] = "unset"
+ self.__pdp_set["effect"] = "deny"
+
+ # def update_target(self, context):
+ # # result = dict()
+ # current_request = context['current_request']
+ # _subject = current_request.get("subject")
+ # _object = current_request.get("object")
+ # _action = current_request.get("action")
+ # meta_rule_id = context['headers'][context['index']]
+ # policy_id = self.cache.get_policy_from_meta_rules(meta_rule_id)
+ # meta_rules = self.cache.meta_rules()
+ # # for meta_rule_id in meta_rules:
+ # for sub_cat in meta_rules[meta_rule_id]['subject_categories']:
+ # if sub_cat not in context["pdp_set"][meta_rule_id]["target"]:
+ # context["pdp_set"][meta_rule_id]["target"][sub_cat] = []
+ # for assign in self.cache.get_subject_assignments(policy_id, _subject, sub_cat).values():
+ # for assign in assign["assignments"]:
+ # if assign not in context["pdp_set"][meta_rule_id]["target"][sub_cat]:
+ # context["pdp_set"][meta_rule_id]["target"][sub_cat].append(assign)
+ # for obj_cat in meta_rules[meta_rule_id]['object_categories']:
+ # if obj_cat not in context["pdp_set"][meta_rule_id]["target"]:
+ # context["pdp_set"][meta_rule_id]["target"][obj_cat] = []
+ # for assign in self.cache.get_object_assignments(policy_id, _object, obj_cat).values():
+ # for assign in assign["assignments"]:
+ # if assign not in context["pdp_set"][meta_rule_id]["target"][obj_cat]:
+ # context["pdp_set"][meta_rule_id]["target"][obj_cat].append(assign)
+ # for act_cat in meta_rules[meta_rule_id]['action_categories']:
+ # if act_cat not in context["pdp_set"][meta_rule_id]["target"]:
+ # context["pdp_set"][meta_rule_id]["target"][act_cat] = []
+ # for assign in self.cache.get_action_assignments(policy_id, _action, act_cat).values():
+ # for assign in assign["assignments"]:
+ # if assign not in context["pdp_set"][meta_rule_id]["target"][act_cat]:
+ # context["pdp_set"][meta_rule_id]["target"][act_cat].append(assign)
+ # # context["pdp_set"][meta_rule_id]["target"].update(result)
+
+ def __add_target(self, meta_rule_id):
+ """build target from meta_rule
+
+ Target is dict of categories as keys ; and the value of each category
+ will be a list of assignments
+
+ """
+ result = dict()
+ _subject = self.__current_request["subject"]
+ _object = self.__current_request["object"]
+ _action = self.__current_request["action"]
+ meta_rules = self.cache.meta_rules
+ policy_id = self.cache.get_policy_from_meta_rules(meta_rule_id)
+ for sub_cat in meta_rules[meta_rule_id]['subject_categories']:
+ if sub_cat not in result:
+ result[sub_cat] = []
+ result[sub_cat].extend(
+ self.cache.get_subject_assignments(policy_id, _subject, sub_cat))
+ for obj_cat in meta_rules[meta_rule_id]['object_categories']:
+ if obj_cat not in result:
+ result[obj_cat] = []
+ result[obj_cat].extend(
+ self.cache.get_object_assignments(policy_id, _object, obj_cat))
+ for act_cat in meta_rules[meta_rule_id]['action_categories']:
+ if act_cat not in result:
+ result[act_cat] = []
+ result[act_cat].extend(
+ self.cache.get_action_assignments(policy_id, _action, act_cat))
+ return result
+
+ def __repr__(self):
+ return """PDP ID: {id}
+current_request: {current_request}
+request_id: {request_id}
+index: {index}
+headers: {headers}
+pdp_set: {pdp_set}
+ """.format(
+ id=self.__pdp_id,
+ current_request=self.__current_request,
+ request_id=self.__request_id,
+ headers=self.__headers,
+ pdp_set=self.__pdp_set,
+ index=self.__index
+ )
+
+ def to_dict(self):
+ return {
+ "initial_request": copy.deepcopy(self.initial_request),
+ "current_request": copy.deepcopy(self.__current_request),
+ "headers": copy.deepcopy(self.__headers),
+ "index": copy.deepcopy(self.__index),
+ "pdp_set": copy.deepcopy(self.__pdp_set),
+ "request_id": copy.deepcopy(self.__request_id),
+ "manager_url": copy.deepcopy(self.__manager_url),
+ "interface_name": copy.deepcopy(self.__interface_name),
+ }
+
+ @property
+ def request_id(self):
+ return self.__request_id
+
+ @request_id.setter
+ def request_id(self, value):
+ raise Exception("You cannot update the request_id")
+
+ @request_id.deleter
+ def request_id(self):
+ raise Exception("You cannot update the request_id")
+
+ @property
+ def manager_url(self):
+ return self.__manager_url
+
+ @manager_url.setter
+ def manager_url(self, value):
+ raise Exception("You cannot update the manager_url")
+
+ @manager_url.deleter
+ def manager_url(self):
+ raise Exception("You cannot update the manager_url")
+
+ @property
+ def interface_name(self):
+ return self.__interface_name
+
+ @interface_name.setter
+ def interface_name(self, value):
+ raise Exception("You cannot update the interface_name")
+
+ @interface_name.deleter
+ def interface_name(self):
+ raise Exception("You cannot update the interface_name")
+
+ @property
+ def cookie(self):
+ return self.__cookie
+
+ @cookie.setter
+ def cookie(self, value):
+ raise Exception("You cannot update the cookie")
+
+ @cookie.deleter
+ def cookie(self):
+ raise Exception("You cannot delete the cookie")
+
+ @property
+ def initial_request(self):
+ return {
+ "subject": self.__subject,
+ "object": self.__object,
+ "action": self.__action,
+ }
+
+ @initial_request.setter
+ def initial_request(self, value):
+ raise Exception("You are not allowed to update the initial_request")
+
+ @initial_request.deleter
+ def initial_request(self):
+ raise Exception("You are not allowed to delete the initial_request")
+
+ @property
+ def current_request(self):
+ if not self.__current_request:
+ self.__current_request = copy.deepcopy(self.initial_request)
+ return self.__current_request
+
+ @current_request.setter
+ def current_request(self, value):
+ self.__current_request = copy.deepcopy(value)
+ # Note (asteroide): if the current request is modified,
+ # we must update the PDP Set.
+ self.__init_pdp_set()
+
+ @current_request.deleter
+ def current_request(self):
+ self.__current_request = {}
+ self.__pdp_set = {}
+
+ @property
+ def headers(self):
+ return self.__headers
+
+ @headers.setter
+ def headers(self, headers):
+ self.__headers = headers
+
+ @headers.deleter
+ def headers(self):
+ self.__headers = list()
+
+ @property
+ def index(self):
+ return self.__index
+
+ @index.setter
+ def index(self, index):
+ self.__index += 1
+
+ @index.deleter
+ def index(self):
+ self.__index = -1
+
+ @property
+ def pdp_set(self):
+ return self.__pdp_set
+
+ @pdp_set.setter
+ def pdp_set(self, value):
+ raise Exception("You are not allowed to modify the pdp_set")
+
+ @pdp_set.deleter
+ def pdp_set(self):
+ self.__pdp_set = {}
+
+
+def check_token(token, url=None):
+ _verify = False
+ if keystone_config['certificate']:
+ _verify = keystone_config['certificate']
+ try:
+ os.environ.pop("http_proxy")
+ os.environ.pop("https_proxy")
+ except KeyError:
+ pass
+ if not url:
+ url = keystone_config['url']
+ headers = {
+ "Content-Type": "application/json",
+ 'X-Subject-Token': token,
+ 'X-Auth-Token': token,
+ }
+ if not keystone_config['check_token']:
+ # TODO (asteroide): must send the admin id
+ return "admin" if not token else token
+ elif keystone_config['check_token'].lower() in ("false", "no", "n"):
+ # TODO (asteroide): must send the admin id
+ return "admin" if not token else token
+ if keystone_config['check_token'].lower() in ("yes", "y", "true"):
+ if token in TOKENS:
+ delta = time.mktime(TOKENS[token]["expires_at"]) - time.mktime(time.gmtime())
+ if delta > 0:
+ return TOKENS[token]["user"]
+ raise exceptions.KeystoneError
+ else:
+ req = requests.get("{}/auth/tokens".format(url), headers=headers, verify=_verify)
+ if req.status_code in (200, 201):
+ # Note (asteroide): the time stamps is not in ISO 8601, so it is necessary to delete
+ # characters after the dot
+ token_time = req.json().get("token").get("expires_at").split(".")
+ TOKENS[token] = dict()
+ TOKENS[token]["expires_at"] = time.strptime(token_time[0], "%Y-%m-%dT%H:%M:%S")
+ TOKENS[token]["user"] = req.json().get("token").get("user").get("id")
+ return TOKENS[token]["user"]
+ LOG.error("{} - {}".format(req.status_code, req.text))
+ raise exceptions.KeystoneError
+ elif keystone_config['check_token'].lower() == "strict":
+ req = requests.head("{}/auth/tokens".format(url), headers=headers, verify=_verify)
+ if req.status_code in (200, 201):
+ return token
+ LOG.error("{} - {}".format(req.status_code, req.text))
+ raise exceptions.KeystoneError
+ raise exceptions.KeystoneError
+
+
+def check_auth(function):
+ @wraps(function)
+ def wrapper(*args, **kwargs):
+ token = request.headers.get('X-Auth-Token')
+ token = check_token(token)
+ if not token:
+ raise exceptions.AuthException
+ user_id = kwargs.pop("user_id", token)
+ result = function(*args, **kwargs, user_id=user_id)
+ return result
+ return wrapper
diff --git a/moonv4/python_moonutilities/requirements.txt b/moonv4/python_moonutilities/requirements.txt
new file mode 100644
index 00000000..5b80e5f2
--- /dev/null
+++ b/moonv4/python_moonutilities/requirements.txt
@@ -0,0 +1,3 @@
+werkzeug
+flask
+requests \ No newline at end of file
diff --git a/moonv4/python_moonutilities/setup.py b/moonv4/python_moonutilities/setup.py
new file mode 100644
index 00000000..4a2eef5d
--- /dev/null
+++ b/moonv4/python_moonutilities/setup.py
@@ -0,0 +1,42 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+from setuptools import setup, find_packages
+import python_moonutilities
+
+with open('requirements.txt') as f:
+ required = f.read().splitlines()
+
+setup(
+
+ name='python-moonutilities',
+
+ version=python_moonutilities.__version__,
+
+ packages=find_packages(),
+
+ author='Thomas Duval',
+
+ author_email='thomas.duval@orange.com',
+
+ description='Some utilities for all the Moon components',
+
+ long_description=open('README.md').read(),
+
+ install_requires=required,
+
+ include_package_data=True,
+
+ url='https://git.opnfv.org/cgit/moon',
+
+ classifiers=[
+ 'Programming Language :: Python :: 3',
+ 'Development Status :: 1 - Planning',
+ 'License :: OSI Approved',
+ 'Natural Language :: English',
+ 'Operating System :: OS Independent',
+ ],
+
+)
diff --git a/moonv4/python_moonutilities/tests/unit_python/conftest.py b/moonv4/python_moonutilities/tests/unit_python/conftest.py
new file mode 100644
index 00000000..7217586a
--- /dev/null
+++ b/moonv4/python_moonutilities/tests/unit_python/conftest.py
@@ -0,0 +1,17 @@
+import pytest
+import requests_mock
+import mock_components
+import mock_keystone
+import mock_cache
+
+
+@pytest.fixture(autouse=True)
+def no_requests(monkeypatch):
+ """ Modify the response from Requests module
+ """
+ with requests_mock.Mocker(real_http=True) as m:
+ mock_components.register_components(m)
+ mock_keystone.register_keystone(m)
+ mock_cache.register_cache(m)
+ print("End registering URI")
+ yield m \ No newline at end of file
diff --git a/moonv4/python_moonutilities/tests/unit_python/mock_cache.py b/moonv4/python_moonutilities/tests/unit_python/mock_cache.py
new file mode 100644
index 00000000..b2b287a9
--- /dev/null
+++ b/moonv4/python_moonutilities/tests/unit_python/mock_cache.py
@@ -0,0 +1,321 @@
+from utilities import CONF
+
+pdp_mock = {
+ "pdp_id1": {
+ "name": "...",
+ "security_pipeline": ["policy_id_1", "policy_id_2"],
+ "keystone_project_id": "keystone_project_id1",
+ "description": "...",
+ },
+ "pdp_id12": {
+ "name": "...",
+ "security_pipeline": ["policy_id_1", "policy_id_2"],
+ "keystone_project_id": "keystone_project_id1",
+ "description": "...",
+ }
+}
+
+meta_rules_mock = {
+ "meta_rule_id1": {
+ "name": "meta_rule1",
+ "algorithm": "name of the meta rule algorithm",
+ "subject_categories": ["subject_category_id1",
+ "subject_category_id2"],
+ "object_categories": ["object_category_id1"],
+ "action_categories": ["action_category_id1"]
+ },
+ "meta_rule_id2": {
+ "name": "name of the meta rules2",
+ "algorithm": "name of the meta rule algorithm",
+ "subject_categories": ["subject_category_id1",
+ "subject_category_id2"],
+ "object_categories": ["object_category_id1"],
+ "action_categories": ["action_category_id1"]
+ }
+}
+
+policies_mock = {
+ "policy_id_1": {
+ "name": "test_policy1",
+ "model_id": "model_id_1",
+ "genre": "authz",
+ "description": "test",
+ },
+ "policy_id_2": {
+ "name": "test_policy2",
+ "model_id": "model_id_2",
+ "genre": "authz",
+ "description": "test",
+ }
+}
+
+subject_mock = {
+ "policy_id_1": {
+ "subject_id": {
+ "name": "subject_name",
+ "keystone_id": "keystone_project_id1",
+ "description": "a description"
+ }
+ },
+ "policy_id_2": {
+ "subject_id": {
+ "name": "subject_name",
+ "keystone_id": "keystone_project_id1",
+ "description": "a description"
+ }
+ }
+}
+
+subject_assignment_mock = {
+ "subject_id": {
+ "policy_id": "ID of the policy",
+ "subject_id": "ID of the subject",
+ "category_id": "ID of the category",
+ "assignments": [],
+ }
+}
+
+object_mock = {
+ "policy_id_1": {
+ "object_id": {
+ "name": "object_name",
+ "description": "a description"
+ }
+ },
+ "policy_id_2": {
+ "object_id": {
+ "name": "object_name",
+ "description": "a description"
+ }
+ }
+}
+
+object_assignment_mock = {
+ "object_id": {
+ "policy_id": "ID of the policy",
+ "object_id": "ID of the object",
+ "category_id": "ID of the category",
+ "assignments": [],
+ }
+}
+
+action_mock = {
+ "policy_id_1": {
+ "action_id": {
+ "name": "action_name",
+ "description": "a description"
+ }
+ },
+ "policy_id_2": {
+ "action_id": {
+ "name": "action_name",
+ "description": "a description"
+ }
+ }
+}
+
+action_assignment_mock = {
+ "action_id": {
+ "policy_id": "ID of the policy",
+ "action_id": "ID of the action",
+ "category_id": "ID of the category",
+ "assignments": [],
+ }
+}
+
+models_mock = {
+ "model_id_1": {
+ "name": "test_model",
+ "description": "test",
+ "meta_rules": ["meta_rule_id1"]
+ },
+ "model_id_2": {
+ "name": "test_model",
+ "description": "test",
+ "meta_rules": ["meta_rule_id2"]
+ },
+}
+
+rules_mock = {
+ "rules": {
+ "meta_rule_id": "meta_rule_id1",
+ "rule_id1": {
+ "rule": ["subject_data_id1",
+ "object_data_id1",
+ "action_data_id1"],
+ "instructions": (
+ {"decision": "grant"},
+ # "grant" to immediately exit,
+ # "continue" to wait for the result of next policy
+ # "deny" to deny the request
+ )
+ },
+ "rule_id2": {
+ "rule": ["subject_data_id2",
+ "object_data_id2",
+ "action_data_id2"],
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ # operations may be "add" or "delete"
+ "target": "rbac:role:admin"
+ # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}}
+ # chain with the policy named rbac
+ )
+ }
+ }
+}
+
+
+def register_cache(m):
+ """ Modify the response from Requests module
+ """
+ register_pdp(m)
+ register_meta_rules(m)
+ register_policies(m)
+ register_models(m)
+ register_policy_subject(m, "policy_id_1")
+ register_policy_subject(m, "policy_id_2")
+ register_policy_object(m, "policy_id_1")
+ register_policy_object(m, "policy_id_2")
+ register_policy_action(m, "policy_id_1")
+ register_policy_action(m, "policy_id_2")
+ register_policy_subject_assignment(m, "policy_id_1", "subject_id")
+ # register_policy_subject_assignment_list(m1, "policy_id_1")
+ register_policy_subject_assignment(m, "policy_id_2", "subject_id")
+ # register_policy_subject_assignment_list(m1, "policy_id_2")
+ register_policy_object_assignment(m, "policy_id_1", "object_id")
+ # register_policy_object_assignment_list(m1, "policy_id_1")
+ register_policy_object_assignment(m, "policy_id_2", "object_id")
+ # register_policy_object_assignment_list(m1, "policy_id_2")
+ register_policy_action_assignment(m, "policy_id_1", "action_id")
+ # register_policy_action_assignment_list(m1, "policy_id_1")
+ register_policy_action_assignment(m, "policy_id_2", "action_id")
+ # register_policy_action_assignment_list(m1, "policy_id_2")
+ register_rules(m, "policy_id1")
+
+
+def register_pdp(m):
+ m.register_uri(
+ 'GET', 'http://{}:{}/{}'.format(CONF['components']['manager']['hostname'],
+ CONF['components']['manager']['port'], 'pdp'),
+ json={'pdps': pdp_mock}
+ )
+
+
+def register_meta_rules(m):
+ m.register_uri(
+ 'GET', 'http://{}:{}/{}'.format(CONF['components']['manager']['hostname'],
+ CONF['components']['manager']['port'], 'meta_rules'),
+ json={'meta_rules': meta_rules_mock}
+ )
+
+
+def register_policies(m):
+ m.register_uri(
+ 'GET', 'http://{}:{}/{}'.format(CONF['components']['manager']['hostname'],
+ CONF['components']['manager']['port'], 'policies'),
+ json={'policies': policies_mock}
+ )
+
+
+def register_models(m):
+ m.register_uri(
+ 'GET', 'http://{}:{}/{}'.format(CONF['components']['manager']['hostname'],
+ CONF['components']['manager']['port'], 'models'),
+ json={'models': models_mock}
+ )
+
+
+def register_policy_subject(m, policy_id):
+ m.register_uri(
+ 'GET', 'http://{}:{}/{}/{}/subjects'.format(CONF['components']['manager']['hostname'],
+ CONF['components']['manager']['port'], 'policies', policy_id),
+ json={'subjects': subject_mock[policy_id]}
+ )
+
+
+def register_policy_object(m, policy_id):
+ m.register_uri(
+ 'GET', 'http://{}:{}/{}/{}/objects'.format(CONF['components']['manager']['hostname'],
+ CONF['components']['manager']['port'], 'policies', policy_id),
+ json={'objects': object_mock[policy_id]}
+ )
+
+
+def register_policy_action(m, policy_id):
+ m.register_uri(
+ 'GET', 'http://{}:{}/{}/{}/actions'.format(CONF['components']['manager']['hostname'],
+ CONF['components']['manager']['port'], 'policies', policy_id),
+ json={'actions': action_mock[policy_id]}
+ )
+
+
+def register_policy_subject_assignment(m, policy_id, subj_id):
+ m.register_uri(
+ 'GET', 'http://{}:{}/{}/{}/subject_assignments/{}'.format(CONF['components']['manager']['hostname'],
+ CONF['components']['manager']['port'], 'policies',
+ policy_id,
+ subj_id),
+ json={'subject_assignments': subject_assignment_mock}
+ )
+
+
+def register_policy_subject_assignment_list(m, policy_id):
+ m.register_uri(
+ 'GET', 'http://{}:{}/{}/{}/subject_assignments'.format(CONF['components']['manager']['hostname'],
+ CONF['components']['manager']['port'], 'policies',
+ policy_id),
+ json={'subject_assignments': subject_assignment_mock}
+ )
+
+
+def register_policy_object_assignment(m, policy_id, obj_id):
+ m.register_uri(
+ 'GET', 'http://{}:{}/{}/{}/object_assignments/{}'.format(CONF['components']['manager']['hostname'],
+ CONF['components']['manager']['port'], 'policies',
+ policy_id,
+ obj_id),
+ json={'object_assignments': object_assignment_mock}
+ )
+
+
+def register_policy_object_assignment_list(m, policy_id):
+ m.register_uri(
+ 'GET', 'http://{}:{}/{}/{}/object_assignments'.format(CONF['components']['manager']['hostname'],
+ CONF['components']['manager']['port'], 'policies',
+ policy_id),
+ json={'object_assignments': object_assignment_mock}
+ )
+
+
+def register_policy_action_assignment(m, policy_id, action_id):
+ m.register_uri(
+ 'GET', 'http://{}:{}/{}/{}/action_assignments/{}'.format(CONF['components']['manager']['hostname'],
+ CONF['components']['manager']['port'], 'policies',
+ policy_id,
+ action_id),
+ json={'action_assignments': action_assignment_mock}
+ )
+
+
+def register_policy_action_assignment_list(m, policy_id):
+ m.register_uri(
+ 'GET', 'http://{}:{}/{}/{}/action_assignments'.format(CONF['components']['manager']['hostname'],
+ CONF['components']['manager']['port'], 'policies',
+ policy_id),
+ json={'action_assignments': action_assignment_mock}
+ )
+
+
+def register_rules(m, policy_id):
+ m.register_uri(
+ 'GET', 'http://{}:{}/{}/{}/{}'.format(CONF['components']['manager']['hostname'],
+ CONF['components']['manager']['port'], 'policies',
+ policy_id, 'rules'),
+ json={'rules': rules_mock}
+ ) \ No newline at end of file
diff --git a/moonv4/python_moonutilities/tests/unit_python/mock_components.py b/moonv4/python_moonutilities/tests/unit_python/mock_components.py
new file mode 100644
index 00000000..a0319e1a
--- /dev/null
+++ b/moonv4/python_moonutilities/tests/unit_python/mock_components.py
@@ -0,0 +1,27 @@
+import utilities
+
+COMPONENTS = (
+ "logging",
+ "openstack/keystone",
+ "database",
+ "slave",
+ "components/manager",
+ "components/orchestrator",
+ "components/interface",
+)
+
+
+def register_components(m):
+ for component in COMPONENTS:
+ m.register_uri(
+ 'GET', 'http://consul:8500/v1/kv/{}'.format(component),
+ json=[{'Key': component, 'Value': utilities.get_b64_conf(component)}]
+ )
+
+ m.register_uri(
+ 'GET', 'http://consul:8500/v1/kv/components?recurse=true',
+ json=[
+ {"Key": key, "Value": utilities.get_b64_conf(key)} for key in COMPONENTS
+ ],
+ # json={'Key': "components", 'Value': get_b64_conf("components")}
+ ) \ No newline at end of file
diff --git a/moonv4/python_moonutilities/tests/unit_python/mock_keystone.py b/moonv4/python_moonutilities/tests/unit_python/mock_keystone.py
new file mode 100644
index 00000000..c0b26b88
--- /dev/null
+++ b/moonv4/python_moonutilities/tests/unit_python/mock_keystone.py
@@ -0,0 +1,23 @@
+def register_keystone(m):
+ m.register_uri(
+ 'POST', 'http://keystone:5000/v3/auth/tokens',
+ headers={'X-Subject-Token': "111111111"}
+ )
+ m.register_uri(
+ 'DELETE', 'http://keystone:5000/v3/auth/tokens',
+ headers={'X-Subject-Token': "111111111"}
+ )
+ m.register_uri(
+ 'POST', 'http://keystone:5000/v3/users?name=testuser&domain_id=default',
+ json={"users": {}}
+ )
+ m.register_uri(
+ 'GET', 'http://keystone:5000/v3/users?name=testuser&domain_id=default',
+ json={"users": {}}
+ )
+ m.register_uri(
+ 'POST', 'http://keystone:5000/v3/users/',
+ json={"users": [{
+ "id": "1111111111111"
+ }]}
+ ) \ No newline at end of file
diff --git a/moonv4/python_moonutilities/tests/unit_python/requirements.txt b/moonv4/python_moonutilities/tests/unit_python/requirements.txt
new file mode 100644
index 00000000..3c1ad607
--- /dev/null
+++ b/moonv4/python_moonutilities/tests/unit_python/requirements.txt
@@ -0,0 +1,2 @@
+pytest
+requests_mock \ No newline at end of file
diff --git a/moonv4/python_moonutilities/tests/unit_python/test_cache.py b/moonv4/python_moonutilities/tests/unit_python/test_cache.py
new file mode 100644
index 00000000..3d4f7292
--- /dev/null
+++ b/moonv4/python_moonutilities/tests/unit_python/test_cache.py
@@ -0,0 +1,75 @@
+import pytest
+
+
+def test_authz_request():
+ from moon_utilities import cache
+ c = cache.Cache()
+ assert isinstance(c.authz_requests, dict)
+
+
+def test_get_subject_success():
+ from moon_utilities import cache
+ cache_obj = cache.Cache()
+ policy_id = 'policy_id_1'
+ name = 'subject_name'
+ subject_id = cache_obj.get_subject(policy_id, name)
+ assert subject_id is not None
+
+
+def test_get_subject_failure():
+ from moon_utilities import cache
+ cache_obj = cache.Cache()
+ policy_id = 'policy_id_1'
+ name = 'invalid name'
+ with pytest.raises(Exception) as exception_info:
+ cache_obj.get_subject(policy_id, name)
+ assert str(exception_info.value) == '400: Subject Unknown'
+
+
+def test_get_object_success():
+ from moon_utilities import cache
+ cache_obj = cache.Cache()
+ policy_id = 'policy_id_1'
+ name = 'object_name'
+ object_id = cache_obj.get_object(policy_id, name)
+ assert object_id is not None
+
+
+def test_get_object_failure():
+ from moon_utilities import cache
+ cache_obj = cache.Cache()
+ policy_id = 'policy_id_1'
+ name = 'invalid name'
+ with pytest.raises(Exception) as exception_info:
+ cache_obj.get_object(policy_id, name)
+ assert str(exception_info.value) == '400: Subject Unknown'
+
+
+def test_get_action_success():
+ from moon_utilities import cache
+ cache_obj = cache.Cache()
+ policy_id = 'policy_id_1'
+ name = 'action_name'
+ action_id = cache_obj.get_action(policy_id, name)
+ assert action_id is not None
+
+
+def test_get_action_failure():
+ from moon_utilities import cache
+ cache_obj = cache.Cache()
+ policy_id = 'policy_id_1'
+ name = 'invalid name'
+ with pytest.raises(Exception) as exception_info:
+ cache_obj.get_action(policy_id, name)
+ assert str(exception_info.value) == '400: Subject Unknown'
+
+
+def test_cache_manager():
+ from moon_utilities import cache
+ cache_obj = cache.Cache()
+ assert cache_obj.pdp is not None
+ assert cache_obj.meta_rules is not None
+ assert len(cache_obj.meta_rules) == 2
+ assert cache_obj.policies is not None
+ assert len(cache_obj.policies) == 2
+ assert cache_obj.models is not None \ No newline at end of file
diff --git a/moonv4/python_moonutilities/tests/unit_python/test_configuration.py b/moonv4/python_moonutilities/tests/unit_python/test_configuration.py
new file mode 100644
index 00000000..0ebff995
--- /dev/null
+++ b/moonv4/python_moonutilities/tests/unit_python/test_configuration.py
@@ -0,0 +1,5 @@
+
+def test_get_components():
+ from moon_utilities import configuration
+ assert isinstance(configuration.get_components(), dict)
+
diff --git a/moonv4/python_moonutilities/tests/unit_python/utilities.py b/moonv4/python_moonutilities/tests/unit_python/utilities.py
new file mode 100644
index 00000000..1d79d890
--- /dev/null
+++ b/moonv4/python_moonutilities/tests/unit_python/utilities.py
@@ -0,0 +1,136 @@
+import base64
+import json
+
+
+CONF = {
+ "openstack": {
+ "keystone": {
+ "url": "http://keystone:5000/v3",
+ "user": "admin",
+ "check_token": False,
+ "password": "p4ssw0rd",
+ "domain": "default",
+ "certificate": False,
+ "project": "admin"
+ }
+ },
+ "components": {
+ "wrapper": {
+ "bind": "0.0.0.0",
+ "port": 8080,
+ "container": "wukongsun/moon_wrapper:v4.3",
+ "timeout": 5,
+ "hostname": "wrapper"
+ },
+ "manager": {
+ "bind": "0.0.0.0",
+ "port": 8082,
+ "container": "wukongsun/moon_manager:v4.3",
+ "hostname": "manager"
+ },
+ "port_start": 31001,
+ "orchestrator": {
+ "bind": "0.0.0.0",
+ "port": 8083,
+ "container": "wukongsun/moon_orchestrator:v4.3",
+ "hostname": "interface"
+ },
+ "interface": {
+ "bind": "0.0.0.0",
+ "port": 8080,
+ "container": "wukongsun/moon_interface:v4.3",
+ "hostname": "interface"
+ }
+ },
+ "plugins": {
+ "session": {
+ "port": 8082,
+ "container": "asteroide/session:latest"
+ },
+ "authz": {
+ "port": 8081,
+ "container": "wukongsun/moon_authz:v4.3"
+ }
+ },
+ "logging": {
+ "handlers": {
+ "file": {
+ "filename": "/tmp/moon.log",
+ "class": "logging.handlers.RotatingFileHandler",
+ "level": "DEBUG",
+ "formatter": "custom",
+ "backupCount": 3,
+ "maxBytes": 1048576
+ },
+ "console": {
+ "class": "logging.StreamHandler",
+ "formatter": "brief",
+ "level": "INFO",
+ "stream": "ext://sys.stdout"
+ }
+ },
+ "formatters": {
+ "brief": {
+ "format": "%(levelname)s %(name)s %(message)-30s"
+ },
+ "custom": {
+ "format": "%(asctime)-15s %(levelname)s %(name)s %(message)s"
+ }
+ },
+ "root": {
+ "handlers": [
+ "console"
+ ],
+ "level": "ERROR"
+ },
+ "version": 1,
+ "loggers": {
+ "moon": {
+ "handlers": [
+ "console",
+ "file"
+ ],
+ "propagate": False,
+ "level": "DEBUG"
+ }
+ }
+ },
+ "slave": {
+ "name": None,
+ "master": {
+ "url": None,
+ "login": None,
+ "password": None
+ }
+ },
+ "docker": {
+ "url": "tcp://172.88.88.1:2376",
+ "network": "moon"
+ },
+ "database": {
+ "url": "sqlite:///database.db",
+ # "url": "mysql+pymysql://moon:p4sswOrd1@db/moon",
+ "driver": "sql"
+ },
+ "messenger": {
+ "url": "rabbit://moon:p4sswOrd1@messenger:5672/moon"
+ }
+}
+
+
+def get_b64_conf(component=None):
+ if component == "components":
+ return base64.b64encode(
+ json.dumps(CONF["components"]).encode('utf-8')+b"\n").decode('utf-8')
+ elif component in CONF:
+ return base64.b64encode(
+ json.dumps(
+ CONF[component]).encode('utf-8')+b"\n").decode('utf-8')
+ elif not component:
+ return base64.b64encode(
+ json.dumps(CONF).encode('utf-8')+b"\n").decode('utf-8')
+ elif "/" in component:
+ key1, _, key2 = component.partition("/")
+ return base64.b64encode(
+ json.dumps(
+ CONF[key1][key2]).encode('utf-8')+b"\n").decode('utf-8')