From 9dd62ad94b3b7aa2d5c71aefe1b43c108b2c9e6d Mon Sep 17 00:00:00 2001 From: Thomas Duval Date: Wed, 27 Dec 2017 17:19:44 +0100 Subject: Update moonclient with new commands Change-Id: I59560b179262ab68c0d6db50d0b555fb87be153b --- python_moonclient/Changelog | 12 ++++ python_moonclient/python_moonclient/__init__.py | 2 +- python_moonclient/python_moonclient/parse.py | 10 ++- python_moonclient/python_moonclient/pdp.py | 27 +++---- python_moonclient/python_moonclient/scripts.py | 96 ++++++++++++++++++++++--- python_moonclient/setup.py | 8 ++- 6 files changed, 125 insertions(+), 30 deletions(-) diff --git a/python_moonclient/Changelog b/python_moonclient/Changelog index cd099ae3..f6f6c3a4 100644 --- a/python_moonclient/Changelog +++ b/python_moonclient/Changelog @@ -18,3 +18,15 @@ CHANGES 1.0.1 ----- - Fix a bug in configuration + +1.1.0 +----- +- Add some commands: + - moon_get_pdp + - moon_delete_pdp + - moon_delete_policy + - moon_map_pdp_to_project +- Update some commands: + - moon_create_pdp + - moon_send_authz_to_wrapper +- Fix a bug in pdp library diff --git a/python_moonclient/python_moonclient/__init__.py b/python_moonclient/python_moonclient/__init__.py index 2249a1b6..2302dea9 100644 --- a/python_moonclient/python_moonclient/__init__.py +++ b/python_moonclient/python_moonclient/__init__.py @@ -3,4 +3,4 @@ # license which can be found in the file 'LICENSE' in this package distribution # or at 'http://www.apache.org/licenses/LICENSE-2.0'. -__version__ = "1.0.1" +__version__ = "1.1.0" diff --git a/python_moonclient/python_moonclient/parse.py b/python_moonclient/python_moonclient/parse.py index 34a4a996..8960c41c 100644 --- a/python_moonclient/python_moonclient/parse.py +++ b/python_moonclient/python_moonclient/parse.py @@ -2,18 +2,16 @@ import logging import argparse -logger = None +logger = logging.getLogger("python_moonclient.utils.parse") def parse(): - global logger - logger = logging.getLogger(__name__) requests_log = logging.getLogger("requests.packages.urllib3") requests_log.setLevel(logging.WARNING) requests_log.propagate = True parser = argparse.ArgumentParser() - parser.add_argument('filename', help='scenario filename', nargs=1) + parser.add_argument('filename', help='scenario filename', nargs="*") parser.add_argument("--verbose", "-v", action='store_true', help="verbose mode") parser.add_argument("--debug", "-d", action='store_true', @@ -31,8 +29,8 @@ def parse(): default="127.0.0.1") parser.add_argument("--consul-port", help="Set the port of the consult server" - "(default: 8082).", - default="8082") + "(default: 30005).", + default="30005") parser.add_argument("--authz-host", help="Set the name of the authz server to test" "(default: 127.0.0.1).", diff --git a/python_moonclient/python_moonclient/pdp.py b/python_moonclient/python_moonclient/pdp.py index a7c75a61..e628fe17 100644 --- a/python_moonclient/python_moonclient/pdp.py +++ b/python_moonclient/python_moonclient/pdp.py @@ -3,9 +3,9 @@ import logging import requests from python_moonclient import config -logger = logging.getLogger("moonforming.utils.policies") +logger = logging.getLogger("python_moonclient.utils.pdp") URL = None -HEADER = None +HEADERS = None KEYSTONE_USER = None KEYSTONE_PASSWORD = None KEYSTONE_PROJECT = None @@ -24,12 +24,12 @@ pdp_template = { def init(consul_host, consul_port): conf_data = config.get_config_data(consul_host, consul_port) - global URL, HEADER, KEYSTONE_USER, KEYSTONE_PASSWORD, KEYSTONE_PROJECT, KEYSTONE_SERVER + global URL, HEADERS, KEYSTONE_USER, KEYSTONE_PASSWORD, KEYSTONE_PROJECT, KEYSTONE_SERVER URL = "http://{}:{}".format( conf_data['manager_host'], conf_data['manager_port']) # URL = URL + "{}" - HEADER = {"content-type": "application/json"} + HEADERS = {"content-type": "application/json"} KEYSTONE_USER = conf_data['keystone_user'] KEYSTONE_PASSWORD = conf_data['keystone_password'] KEYSTONE_PROJECT = conf_data['keystone_project'] @@ -170,7 +170,8 @@ def update_pdp(pdp_id, policy_id=None): def map_to_keystone(pdp_id, keystone_project_id): - req = requests.patch(URL + "/pdp/{}".format(pdp_id), json={"keystone_project_id": keystone_project_id}, + req = requests.patch(URL + "/pdp/{}".format(pdp_id), + json={"keystone_project_id": keystone_project_id}, headers=HEADERS) assert req.status_code == 200 result = req.json() @@ -178,8 +179,8 @@ def map_to_keystone(pdp_id, keystone_project_id): if "result" in result: assert result["result"] assert pdp_id in result['pdps'] - assert "name" in result['pdps'][pdp_id] - assert pdp_template["name"] == result['pdps'][pdp_id]["name"] + # assert "name" in result['pdps'][pdp_id] + # assert pdp_template["name"] == result['pdps'][pdp_id]["name"] return pdp_id @@ -195,11 +196,11 @@ def delete_pdp(pdp_id): def create_pdp(scenario, policy_id=None, project_id=None): logger.info("Creating PDP {}".format(scenario.pdp_name)) projects = get_keystone_projects() - if not project_id: - for _project in projects['projects']: - if _project['name'] == "admin": - project_id = _project['id'] - assert project_id + # if not project_id: + # for _project in projects['projects']: + # if _project['name'] == "admin": + # project_id = _project['id'] + # assert project_id pdps = check_pdp()["pdps"] for pdp_id, pdp_value in pdps.items(): if scenario.pdp_name == pdp_value["name"]: @@ -207,5 +208,5 @@ def create_pdp(scenario, policy_id=None, project_id=None): logger.debug("Found existing PDP named {} (will add policy {})".format(scenario.pdp_name, policy_id)) return pdp_id _pdp_id = add_pdp(name=scenario.pdp_name, policy_id=policy_id) - map_to_keystone(pdp_id=_pdp_id, keystone_project_id=project_id) + # map_to_keystone(pdp_id=_pdp_id, keystone_project_id=project_id) return _pdp_id \ No newline at end of file diff --git a/python_moonclient/python_moonclient/scripts.py b/python_moonclient/python_moonclient/scripts.py index 69746a8b..30759743 100644 --- a/python_moonclient/python_moonclient/scripts.py +++ b/python_moonclient/python_moonclient/scripts.py @@ -3,7 +3,7 @@ from importlib.machinery import SourceFileLoader from . import parse, models, policies, pdp, authz -logger = logging.getLogger("moonclient.scripts") +logger = logging.getLogger("python_moonclient.scripts") def get_keystone_projects(): @@ -18,10 +18,10 @@ def get_keystone_projects(): projects = pdp.get_keystone_projects() for _project in projects['projects']: - print("{} {}".format(_project['id'], _project['name'])) + print(" {} {}".format(_project['id'], _project['name'])) -def populate_values(): +def create_pdp(): requests_log = logging.getLogger("requests.packages.urllib3") requests_log.setLevel(logging.WARNING) requests_log.propagate = True @@ -29,14 +29,14 @@ def populate_values(): args = parse.parse() consul_host = args.consul_host consul_port = args.consul_port - project_id = args.keystone_pid + # project_id = args.keystone_pid models.init(consul_host, consul_port) policies.init(consul_host, consul_port) pdp.init(consul_host, consul_port) if args.filename: - print("Loading: {}".format(args.filename[0])) + logger.info("Loading: {}".format(args.filename[0])) m = SourceFileLoader("scenario", args.filename[0]) scenario = m.load_module() @@ -50,10 +50,10 @@ def populate_values(): else: model_id, meta_rule_list = models.create_model(scenario) policy_id = policies.create_policy(scenario, model_id, meta_rule_list) - pdp_id = pdp.create_pdp(scenario, policy_id=policy_id, project_id=project_id) + pdp_id = pdp.create_pdp(scenario, policy_id=policy_id) -def send_authz(): +def send_authz_to_wrapper(): args = parse.parse() consul_host = args.consul_host consul_port = args.consul_port @@ -63,7 +63,7 @@ def send_authz(): pdp.init(consul_host, consul_port) if args.filename: - print("Loading: {}".format(args.filename[0])) + logger.info("Loading: {}".format(args.filename[0])) m = SourceFileLoader("scenario", args.filename[0]) scenario = m.load_module() @@ -81,3 +81,83 @@ def send_authz(): ) if not args.dry_run: authz.save_data(args.write, time_data) + + +def get_pdp(): + args = parse.parse() + consul_host = args.consul_host + consul_port = args.consul_port + + models.init(consul_host, consul_port) + policies.init(consul_host, consul_port) + pdp.init(consul_host, consul_port) + + pdps = pdp.check_pdp() + for _pdp_key, _pdp_value in pdps["pdps"].items(): + print(" {} {} ({})".format(_pdp_key, _pdp_value['name'], + _pdp_value['keystone_project_id'])) + + +def delete_pdp(): + args = parse.parse() + consul_host = args.consul_host + consul_port = args.consul_port + + models.init(consul_host, consul_port) + policies.init(consul_host, consul_port) + pdp.init(consul_host, consul_port) + + if args.filename: + logger.info("Deleting: {}".format(args.filename[0])) + _search = args.filename[0] + pdps = pdp.check_pdp() + for _pdp_key, _pdp_value in pdps["pdps"].items(): + if _pdp_key == _search or _pdp_value['name'] == _search: + logger.info("Found {}".format(_pdp_key)) + pdp.delete_pdp(_pdp_key) + pdps = pdp.check_pdp() + logger.info("Listing all PDP:") + for _pdp_key, _pdp_value in pdps["pdps"].items(): + print(" {} {}".format(_pdp_key, _pdp_value['name'])) + if _pdp_key == _search or _pdp_value['name'] == _search: + logger.error("Error in deleting {}".format(_search)) + + +def delete_policy(): + args = parse.parse() + consul_host = args.consul_host + consul_port = args.consul_port + + models.init(consul_host, consul_port) + policies.init(consul_host, consul_port) + pdp.init(consul_host, consul_port) + + if args.filename: + logger.info("Deleting: {}".format(args.filename[0])) + _search = args.filename[0] + _policies = policies.check_policy() + for _policy_key, _policy_value in _policies["policies"].items(): + if _policy_key == _search or _policy_value['name'] == _search: + logger.info("Found {}".format(_policy_key)) + pdp.delete_pdp(_policy_key) + _policies = policies.check_policy() + logger.info("Listing all Policies:") + for _policy_key, _policy_value in _policies["policies"].items(): + print(" {} {}".format(_policy_key, _policy_value['name'])) + if _policy_key == _search or _policy_value['name'] == _search: + logger.error("Error in deleting {}".format(_search)) + + +def map_pdp_to_project(): + args = parse.parse() + consul_host = args.consul_host + consul_port = args.consul_port + + models.init(consul_host, consul_port) + policies.init(consul_host, consul_port) + pdp.init(consul_host, consul_port) + + if args.filename and len(args.filename) == 2: + logger.info("Mapping: {}=>{}".format(args.filename[0], args.filename[1])) + # TODO: check if pdp_id and keystone_project_id exist + pdp.map_to_keystone(pdp_id=args.filename[0], keystone_project_id=args.filename[1]) diff --git a/python_moonclient/setup.py b/python_moonclient/setup.py index f2dbc580..1c3ddb80 100644 --- a/python_moonclient/setup.py +++ b/python_moonclient/setup.py @@ -42,8 +42,12 @@ setup( entry_points={ 'console_scripts': [ 'moon_get_keystone_projects = python_moonclient.scripts:get_keystone_projects', - 'moon_populate_values = python_moonclient.scripts:populate_values', - 'moon_send_authz = python_moonclient.scripts:send_authz', + 'moon_create_pdp = python_moonclient.scripts:create_pdp', + 'moon_get_pdp = python_moonclient.scripts:get_pdp', + 'moon_send_authz_to_wrapper = python_moonclient.scripts:send_authz_to_wrapper', + 'moon_delete_pdp = python_moonclient.scripts:delete_pdp', + 'moon_delete_policy = python_moonclient.scripts:delete_policy', + 'moon_map_pdp_to_project = python_moonclient.scripts:map_pdp_to_project' ], } -- cgit 1.2.3-korg