aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRHE <rebirthmonkey@gmail.com>2017-12-28 15:19:05 +0100
committerRHE <rebirthmonkey@gmail.com>2017-12-28 15:19:05 +0100
commitb7cf76d39eab9d292b8d58db4b0934557cad4509 (patch)
tree556b0e617b5921ad3779b7aed3b669bb475331c6
parent9cf58823b4fa426816acfef81a562054d26afde8 (diff)
moonv4.3 review
Change-Id: I0d137df21136292b58194def44ac5b32183368fc Signed-off-by: RHE <rebirthmonkey@gmail.com>
-rw-r--r--moon_authz/Dockerfile8
-rw-r--r--moon_authz/README.md (renamed from moon_authz/README.rst)3
-rw-r--r--moon_authz/moon_authz/api/authorization.py96
-rw-r--r--moon_authz/moon_authz/api/generic.py131
-rw-r--r--moon_authz/moon_authz/http_server.py2
-rw-r--r--moon_authz/moon_authz/server.py7
-rw-r--r--moon_authz/setup.py2
-rw-r--r--moon_forming/Dockerfile1
-rw-r--r--moon_interface/Dockerfile8
-rw-r--r--moon_interface/Makefile12
-rw-r--r--moon_interface/README.md (renamed from moon_manager/README.rst)4
-rw-r--r--moon_interface/moon_interface/api/authz.py35
-rw-r--r--moon_interface/moon_interface/containers.py102
-rw-r--r--moon_interface/moon_interface/http_server.py10
-rw-r--r--moon_interface/moon_interface/server.py7
-rw-r--r--moon_interface/setup.py2
-rw-r--r--moon_interface/tools/run.sh5
-rw-r--r--moon_manager/Dockerfile6
-rw-r--r--moon_manager/README.md (renamed from moon_interface/README.rst)3
-rw-r--r--moon_manager/moon_manager/api/containers.py178
-rw-r--r--moon_manager/moon_manager/api/generic.py15
-rw-r--r--moon_manager/moon_manager/api/meta_rules.py10
-rw-r--r--moon_manager/moon_manager/http_server.py29
-rw-r--r--moon_manager/moon_manager/server.py8
-rw-r--r--moon_manager/requirements.txt1
-rw-r--r--moon_manager/setup.py2
-rw-r--r--moon_orchestrator/Dockerfile13
-rw-r--r--moon_orchestrator/README.md3
-rw-r--r--moon_orchestrator/conf/dockers/template.dockerfile25
-rw-r--r--moon_orchestrator/conf/moon.conf84
-rw-r--r--moon_orchestrator/conf/plugins/authz.py67
-rw-r--r--moon_orchestrator/conf/plugins/session.py67
-rw-r--r--moon_orchestrator/conf/policies/policy_authz/assignment.json55
-rw-r--r--moon_orchestrator/conf/policies/policy_authz/metadata.json23
-rw-r--r--moon_orchestrator/conf/policies/policy_authz/metarule.json24
-rw-r--r--moon_orchestrator/conf/policies/policy_authz/perimeter.json21
-rw-r--r--moon_orchestrator/conf/policies/policy_authz/rule.json25
-rw-r--r--moon_orchestrator/conf/policies/policy_authz/scope.json49
-rw-r--r--moon_orchestrator/conf/policies/policy_empty_admin/assignment.json7
-rw-r--r--moon_orchestrator/conf/policies/policy_empty_admin/metadata.json12
-rw-r--r--moon_orchestrator/conf/policies/policy_empty_admin/metarule.json12
-rw-r--r--moon_orchestrator/conf/policies/policy_empty_admin/perimeter.json39
-rw-r--r--moon_orchestrator/conf/policies/policy_empty_admin/rule.json3
-rw-r--r--moon_orchestrator/conf/policies/policy_empty_admin/scope.json7
-rw-r--r--moon_orchestrator/conf/policies/policy_empty_authz/assignment.json7
-rw-r--r--moon_orchestrator/conf/policies/policy_empty_authz/metadata.json12
-rw-r--r--moon_orchestrator/conf/policies/policy_empty_authz/metarule.json12
-rw-r--r--moon_orchestrator/conf/policies/policy_empty_authz/perimeter.json5
-rw-r--r--moon_orchestrator/conf/policies/policy_empty_authz/rule.json3
-rw-r--r--moon_orchestrator/conf/policies/policy_empty_authz/scope.json7
-rw-r--r--moon_orchestrator/conf/policies/policy_mls_authz/assignment.json29
-rw-r--r--moon_orchestrator/conf/policies/policy_mls_authz/metadata.json18
-rw-r--r--moon_orchestrator/conf/policies/policy_mls_authz/metarule.json12
-rw-r--r--moon_orchestrator/conf/policies/policy_mls_authz/perimeter.json21
-rw-r--r--moon_orchestrator/conf/policies/policy_mls_authz/rule.json16
-rw-r--r--moon_orchestrator/conf/policies/policy_mls_authz/scope.json26
-rw-r--r--moon_orchestrator/conf/policies/policy_rbac_admin/assignment.json48
-rw-r--r--moon_orchestrator/conf/policies/policy_rbac_admin/metadata.json18
-rw-r--r--moon_orchestrator/conf/policies/policy_rbac_admin/metarule.json12
-rw-r--r--moon_orchestrator/conf/policies/policy_rbac_admin/perimeter.json42
-rw-r--r--moon_orchestrator/conf/policies/policy_rbac_admin/rule.json94
-rw-r--r--moon_orchestrator/conf/policies/policy_rbac_admin/scope.json48
-rw-r--r--moon_orchestrator/conf/policies/policy_root/assignment.json39
-rw-r--r--moon_orchestrator/conf/policies/policy_root/metadata.json19
-rw-r--r--moon_orchestrator/conf/policies/policy_root/metarule.json12
-rw-r--r--moon_orchestrator/conf/policies/policy_root/perimeter.json31
-rw-r--r--moon_orchestrator/conf/policies/policy_root/rule.json44
-rw-r--r--moon_orchestrator/conf/policies/policy_root/scope.json39
-rw-r--r--moon_orchestrator/moon_orchestrator/http_server.py10
-rw-r--r--moon_orchestrator/moon_orchestrator/server.py7
-rw-r--r--moon_wrapper/Dockerfile8
-rw-r--r--moon_wrapper/README.md3
-rw-r--r--moon_wrapper/moon_wrapper/api/oslowrapper.py (renamed from moon_wrapper/moon_wrapper/api/wrapper.py)13
-rw-r--r--moon_wrapper/moon_wrapper/http_server.py15
-rw-r--r--moon_wrapper/moon_wrapper/server.py5
-rw-r--r--python_moonclient/README.md8
-rw-r--r--python_moonclient/python_moonclient/authz.py4
-rw-r--r--python_moonclient/python_moonclient/parse.py2
-rw-r--r--python_moonclient/python_moonclient/pdp.py5
-rw-r--r--python_moonclient/python_moonclient/policies.py4
-rw-r--r--python_moonclient/python_moonclient/scripts.py2
-rw-r--r--python_moonclient/setup.py7
-rw-r--r--python_moondb/python_moondb/backends/sql.py58
-rw-r--r--python_moondb/python_moondb/core.py69
-rw-r--r--tools/bin/README.md9
-rw-r--r--tools/bin/api2rst.py (renamed from moon_interface/tools/api2rst.py)0
-rw-r--r--tools/bin/get_keystone_token.py (renamed from moon_interface/tools/get_keystone_token.py)0
-rw-r--r--tools/moon_kubernetes/start_moon.sh2
88 files changed, 157 insertions, 1911 deletions
diff --git a/moon_authz/Dockerfile b/moon_authz/Dockerfile
index 7ab172b0..fea9555d 100644
--- a/moon_authz/Dockerfile
+++ b/moon_authz/Dockerfile
@@ -1,12 +1,8 @@
-FROM ubuntu:latest
-
-RUN apt update && apt install python3.5 python3-pip -y
-RUN pip3 install pip --upgrade
+FROM python:3
ADD . /root
WORKDIR /root/
-RUN pip3 install -r requirements.txt --upgrade
-RUN pip3 install /root/dist/* --upgrade
+RUN pip3 install -r requirements.txt
RUN pip3 install .
CMD ["python3", "-m", "moon_authz"] \ No newline at end of file
diff --git a/moon_authz/README.rst b/moon_authz/README.md
index ded4e99a..696c29a1 100644
--- a/moon_authz/README.rst
+++ b/moon_authz/README.md
@@ -1,5 +1,4 @@
-Core module for the Moon project
-================================
+# moon_authz
This package contains the core module for the Moon project
It is designed to provide authorization features to all OpenStack components.
diff --git a/moon_authz/moon_authz/api/authorization.py b/moon_authz/moon_authz/api/authorization.py
index 4cd8de06..d7832ef0 100644
--- a/moon_authz/moon_authz/api/authorization.py
+++ b/moon_authz/moon_authz/api/authorization.py
@@ -19,20 +19,20 @@ from flask_restful import Resource
# - call the next security function
# - call the master if an element is absent
-LOG = logging.getLogger("moon.api." + __name__)
+LOG = logging.getLogger("moon.authz.api." + __name__)
class Authz(Resource):
"""
Endpoint for authz requests
"""
+ __version__ = "0.1.0"
__urls__ = (
"/authz",
"/authz/",
- "/authz/<string:uuid>/<string:subject_name>/<string:object_name>/<string:action_name>",
)
- __version__ = "0.1.0"
+
pdp_id = None
meta_rule_id = None
keystone_project_id = None
@@ -47,13 +47,11 @@ class Authz(Resource):
self.cache = kwargs.get("cache")
self.context = None
- def post(self, uuid=None, subject_name=None, object_name=None, action_name=None):
+ def post(self):
"""Get a response on an authorization request
- :param uuid: uuid of a tenant or an intra_extension
- :param subject_name: name of the subject or the request
- :param object_name: name of the object
- :param action_name: name of the action
+ :request:
+
:return: {
"args": {},
"ctx": {
@@ -255,47 +253,47 @@ class Authz(Resource):
self.context.current_state = "passed"
LOG.info("__exec_instructions False {}".format(self.context.current_state))
- def __update_current_request(self):
- index = self.payload["authz_context"]["index"]
- current_header_id = self.payload["authz_context"]['headers'][index]
- previous_header_id = self.payload["authz_context"]['headers'][index - 1]
- current_policy_id = PolicyManager.get_policy_from_meta_rules("admin", current_header_id)
- previous_policy_id = PolicyManager.get_policy_from_meta_rules("admin", previous_header_id)
- # FIXME (asteroide): must change those lines to be ubiquitous against any type of policy
- if self.payload["authz_context"]['pdp_set'][current_header_id]['meta_rules']['name'] == "session":
- subject = self.payload["authz_context"]['current_request'].get("subject")
- subject_category_id = None
- role_names = []
- for category_id, category_value in ModelManager.get_subject_categories("admin").items():
- if category_value["name"] == "role":
- subject_category_id = category_id
- break
- for assignment_id, assignment_value in PolicyManager.get_subject_assignments(
- "admin", previous_policy_id, subject, subject_category_id).items():
- for data_id in assignment_value["assignments"]:
- data = PolicyManager.get_subject_data("admin", previous_policy_id, data_id, subject_category_id)
- for _data in data:
- for key, value in _data["data"].items():
- role_names.append(value["name"])
- new_role_ids = []
- for perimeter_id, perimeter_value in PolicyManager.get_objects("admin", current_policy_id).items():
- if perimeter_value["name"] in role_names:
- new_role_ids.append(perimeter_id)
- break
- perimeter_id = None
- for perimeter_id, perimeter_value in PolicyManager.get_actions("admin", current_policy_id).items():
- if perimeter_value["name"] == "*":
- break
-
- self.payload["authz_context"]['current_request']['object'] = new_role_ids[0]
- self.payload["authz_context"]['current_request']['action'] = perimeter_id
- elif self.payload["authz_context"]['pdp_set'][current_header_id]['meta_rules']['name'] == "rbac":
- self.payload["authz_context"]['current_request']['subject'] = \
- self.payload["authz_context"]['initial_request']['subject']
- self.payload["authz_context"]['current_request']['object'] = \
- self.payload["authz_context"]['initial_request']['object']
- self.payload["authz_context"]['current_request']['action'] = \
- self.payload["authz_context"]['initial_request']['action']
+ # def __update_current_request(self):
+ # index = self.payload["authz_context"]["index"]
+ # current_header_id = self.payload["authz_context"]['headers'][index]
+ # previous_header_id = self.payload["authz_context"]['headers'][index - 1]
+ # current_policy_id = PolicyManager.get_policy_from_meta_rules("admin", current_header_id)
+ # previous_policy_id = PolicyManager.get_policy_from_meta_rules("admin", previous_header_id)
+ # # FIXME (asteroide): must change those lines to be ubiquitous against any type of policy
+ # if self.payload["authz_context"]['pdp_set'][current_header_id]['meta_rules']['name'] == "session":
+ # subject = self.payload["authz_context"]['current_request'].get("subject")
+ # subject_category_id = None
+ # role_names = []
+ # for category_id, category_value in ModelManager.get_subject_categories("admin").items():
+ # if category_value["name"] == "role":
+ # subject_category_id = category_id
+ # break
+ # for assignment_id, assignment_value in PolicyManager.get_subject_assignments(
+ # "admin", previous_policy_id, subject, subject_category_id).items():
+ # for data_id in assignment_value["assignments"]:
+ # data = PolicyManager.get_subject_data("admin", previous_policy_id, data_id, subject_category_id)
+ # for _data in data:
+ # for key, value in _data["data"].items():
+ # role_names.append(value["name"])
+ # new_role_ids = []
+ # for perimeter_id, perimeter_value in PolicyManager.get_objects("admin", current_policy_id).items():
+ # if perimeter_value["name"] in role_names:
+ # new_role_ids.append(perimeter_id)
+ # break
+ # perimeter_id = None
+ # for perimeter_id, perimeter_value in PolicyManager.get_actions("admin", current_policy_id).items():
+ # if perimeter_value["name"] == "*":
+ # break
+ #
+ # self.payload["authz_context"]['current_request']['object'] = new_role_ids[0]
+ # self.payload["authz_context"]['current_request']['action'] = perimeter_id
+ # elif self.payload["authz_context"]['pdp_set'][current_header_id]['meta_rules']['name'] == "rbac":
+ # self.payload["authz_context"]['current_request']['subject'] = \
+ # self.payload["authz_context"]['initial_request']['subject']
+ # self.payload["authz_context"]['current_request']['object'] = \
+ # self.payload["authz_context"]['initial_request']['object']
+ # self.payload["authz_context"]['current_request']['action'] = \
+ # self.payload["authz_context"]['initial_request']['action']
def get_authz(self):
# self.keystone_project_id = payload["id"]
diff --git a/moon_authz/moon_authz/api/generic.py b/moon_authz/moon_authz/api/generic.py
deleted file mode 100644
index f4e13e42..00000000
--- a/moon_authz/moon_authz/api/generic.py
+++ /dev/null
@@ -1,131 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-"""
-Those API are helping API used to manage the Moon platform.
-"""
-
-from flask_restful import Resource, request
-from oslo_log import log as logging
-import moon_authz.api
-from python_moonutilities.security_functions import check_auth
-
-__version__ = "0.1.0"
-
-LOG = logging.getLogger("moon.authz.api." + __name__)
-
-
-class Status(Resource):
- """
- Endpoint for status requests
- """
-
- __urls__ = ("/status", "/status/", "/status/<string:component_id>")
-
- def get(self, component_id=None):
- """Retrieve status of all components
-
- :return: {
- "orchestrator": {
- "status": "Running"
- },
- "security_router": {
- "status": "Running"
- }
- }
- """
- raise NotImplemented
-
-
-class Logs(Resource):
- """
- Endpoint for logs requests
- """
-
- __urls__ = ("/logs", "/logs/", "/logs/<string:component_id>")
-
- def get(self, component_id=None):
- """Get logs from the Moon platform
-
- :param component_id: the ID of the component your are looking for (optional)
- :return: [
- "2015-04-15-13:45:20
- "2015-04-15-13:45:21
- "2015-04-15-13:45:22
- "2015-04-15-13:45:23
- ]
- """
- filter_str = request.args.get('filter', '')
- from_str = request.args.get('from', '')
- to_str = request.args.get('to', '')
- event_number = request.args.get('event_number', '')
- try:
- event_number = int(event_number)
- except ValueError:
- event_number = None
- args = dict()
- args["filter"] = filter_str
- args["from"] = from_str
- args["to"] = to_str
- args["event_number"] = event_number
-
- raise NotImplemented
-
-
-class API(Resource):
- """
- Endpoint for API requests
- """
-
- __urls__ = (
- "/api",
- "/api/",
- "/api/<string:group_id>",
- "/api/<string:group_id>/",
- "/api/<string:group_id>/<string:endpoint_id>")
-
- @check_auth
- def get(self, group_id="", endpoint_id="", user_id=""):
- """Retrieve all API endpoints or a specific endpoint if endpoint_id is given
-
- :param group_id: the name of one existing group (ie generic, ...)
- :param endpoint_id: the name of one existing component (ie Logs, Status, ...)
- :return: {
- "group_name": {
- "endpoint_name": {
- "description": "a description",
- "methods": {
- "get": "description of the HTTP method"
- },
- "urls": ('/api', '/api/', '/api/<string:endpoint_id>')
- }
- }
- """
- __methods = ("get", "post", "put", "delete", "options", "patch")
- api_list = filter(lambda x: "__" not in x, dir(moon_authz.api))
- api_desc = dict()
- for api_name in api_list:
- api_desc[api_name] = {}
- group_api_obj = eval("moon_interface.api.{}".format(api_name))
- api_desc[api_name]["description"] = group_api_obj.__doc__
- if "__version__" in dir(group_api_obj):
- api_desc[api_name]["version"] = group_api_obj.__version__
- object_list = list(filter(lambda x: "__" not in x, dir(group_api_obj)))
- for obj in map(lambda x: eval("moon_interface.api.{}.{}".format(api_name, x)), object_list):
- if "__urls__" in dir(obj):
- api_desc[api_name][obj.__name__] = dict()
- api_desc[api_name][obj.__name__]["urls"] = obj.__urls__
- api_desc[api_name][obj.__name__]["methods"] = dict()
- for _method in filter(lambda x: x in __methods, dir(obj)):
- docstring = eval("moon_interface.api.{}.{}.{}.__doc__".format(api_name, obj.__name__, _method))
- api_desc[api_name][obj.__name__]["methods"][_method] = docstring
- api_desc[api_name][obj.__name__]["description"] = str(obj.__doc__)
- if group_id in api_desc:
- if endpoint_id in api_desc[group_id]:
- return {group_id: {endpoint_id: api_desc[group_id][endpoint_id]}}
- elif len(endpoint_id) > 0:
- LOG.error("Unknown endpoint_id {}".format(endpoint_id))
- return {"error": "Unknown endpoint_id {}".format(endpoint_id)}
- return {group_id: api_desc[group_id]}
- return api_desc
diff --git a/moon_authz/moon_authz/http_server.py b/moon_authz/moon_authz/http_server.py
index 50e878d3..d24a02ca 100644
--- a/moon_authz/moon_authz/http_server.py
+++ b/moon_authz/moon_authz/http_server.py
@@ -12,7 +12,7 @@ from moon_authz.api.authorization import Authz
from python_moonutilities.cache import Cache
from python_moonutilities import exceptions
-logger = logging.getLogger("moon." + __name__)
+logger = logging.getLogger("moon.authz.http_server")
CACHE = Cache()
CACHE.update()
diff --git a/moon_authz/moon_authz/server.py b/moon_authz/moon_authz/server.py
index 974012dc..1919ebe5 100644
--- a/moon_authz/moon_authz/server.py
+++ b/moon_authz/moon_authz/server.py
@@ -8,20 +8,19 @@ from oslo_log import log as logging
from moon_authz.http_server import HTTPServer as Server
from python_moonutilities import configuration
-LOG = logging.getLogger("moon.server")
+LOG = logging.getLogger("moon.authz.server")
DOMAIN = "moon_authz"
-__CWD__ = os.path.dirname(os.path.abspath(__file__))
-
def main():
+ configuration.init_logging()
+
component_id = os.getenv("UUID")
component_type = os.getenv("TYPE")
tcp_port = os.getenv("PORT")
pdp_id = os.getenv("PDP_ID")
meta_rule_id = os.getenv("META_RULE_ID")
keystone_project_id = os.getenv("KEYSTONE_PROJECT_ID")
- configuration.init_logging()
LOG.info("component_type={}".format(component_type))
conf = configuration.get_configuration("plugins/{}".format(component_type))
conf["plugins/{}".format(component_type)]['id'] = component_id
diff --git a/moon_authz/setup.py b/moon_authz/setup.py
index a8dcd0c4..c3ac33c7 100644
--- a/moon_authz/setup.py
+++ b/moon_authz/setup.py
@@ -21,7 +21,7 @@ setup(
description="",
- long_description=open('README.rst').read(),
+ long_description=open('README.md').read(),
# install_requires= ,
diff --git a/moon_forming/Dockerfile b/moon_forming/Dockerfile
index bc6b699e..ca0eba76 100644
--- a/moon_forming/Dockerfile
+++ b/moon_forming/Dockerfile
@@ -1,4 +1,5 @@
FROM python:3
+
WORKDIR /usr/src/app
RUN pip install --no-cache-dir --upgrade requests pyyaml python_moonutilities python_moondb python_moonclient
diff --git a/moon_interface/Dockerfile b/moon_interface/Dockerfile
index 82160cc9..f4de15eb 100644
--- a/moon_interface/Dockerfile
+++ b/moon_interface/Dockerfile
@@ -1,12 +1,8 @@
-FROM ubuntu:latest
-
-RUN apt update && apt install python3.5 python3-pip -y
-RUN pip3 install python_moonutilities python_moondb pip --upgrade
+FROM python:3
ADD . /root
WORKDIR /root/
-RUN pip3 install -r requirements.txt --upgrade
-#RUN pip3 install /root/dist/* --upgrade
+RUN pip3 install -r requirements.txt
RUN pip3 install .
CMD ["python3", "-m", "moon_interface"] \ No newline at end of file
diff --git a/moon_interface/Makefile b/moon_interface/Makefile
deleted file mode 100644
index af91b904..00000000
--- a/moon_interface/Makefile
+++ /dev/null
@@ -1,12 +0,0 @@
-all: built run
-
-built:
- docker build -t moon_policy:16.04 .
-
-run:
- docker run -p 8000:8000 moon_policy:16.04
-
-.PHONY: clean
-
-clean:
- find . -name "*.py" -exec echo rm {}\;
diff --git a/moon_manager/README.rst b/moon_interface/README.md
index ded4e99a..4c0e483d 100644
--- a/moon_manager/README.rst
+++ b/moon_interface/README.md
@@ -1,5 +1,5 @@
-Core module for the Moon project
-================================
+# moon_interface
+
This package contains the core module for the Moon project
It is designed to provide authorization features to all OpenStack components.
diff --git a/moon_interface/moon_interface/api/authz.py b/moon_interface/moon_interface/api/authz.py
index c9f4697f..a284ff3a 100644
--- a/moon_interface/moon_interface/api/authz.py
+++ b/moon_interface/moon_interface/api/authz.py
@@ -18,7 +18,7 @@ from moon_interface.authz_requests import AuthzRequest
__version__ = "0.1.0"
-LOG = logging.getLogger("moon.interface.api." + __name__)
+LOG = logging.getLogger("moon.interface.api.authz." + __name__)
def pdp_in_cache(cache, uuid):
@@ -45,39 +45,6 @@ def pdp_in_manager(cache, uuid):
return pdp_in_cache(cache, uuid)
-def container_exist(cache, uuid):
- """Check if a PDP exist with this Keystone Project ID in the Manager component
-
- :param cache: Cache to use
- :param uuid: Keystone Project ID
- :return: True or False
- """
- for key, value in cache.containers.items():
- if "keystone_project_id" not in value:
- continue
- if value["keystone_project_id"] == uuid:
- try:
- req = requests.head("http://{}:{}/".format(
- value.get("hostname"),
- value.get("port")[0].get("PublicPort")))
- LOG.info("container_exist {}".format(req.status_code))
- if req.status_code in (200, 201):
- return value
- return
- except requests.exceptions.ConnectionError:
- pass
- # maybe hostname is not working so trying with IP address
- try:
- req = requests.head("http://{}:{}/".format(
- value.get("ip"),
- value.get("port")[0].get("PublicPort")))
- if req.status_code in (200, 201):
- return value
- return
- except requests.exceptions.ConnectionError:
- return
-
-
def create_authz_request(cache, interface_name, manager_url, uuid, subject_name, object_name, action_name):
"""Create the authorization request and make the first call to the Authz function
diff --git a/moon_interface/moon_interface/containers.py b/moon_interface/moon_interface/containers.py
deleted file mode 100644
index 4f93d742..00000000
--- a/moon_interface/moon_interface/containers.py
+++ /dev/null
@@ -1,102 +0,0 @@
-# Copyright 2017 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-
-import docker
-import logging
-import re
-import requests
-import time
-from python_moonutilities import configuration, exceptions
-
-__version__ = "0.1.0"
-
-LOG = logging.getLogger("moon.interface.container")
-
-
-class DockerManager:
-
- def __init__(self):
- docker_conf = configuration.get_configuration("docker")['docker']
- self.docker = docker.DockerClient(base_url=docker_conf['url'])
-
- def create_container(self, data):
- """Create the container through the docker client
-
- :param data: {
- "name": "authz",
- "hostname": "authz123456789",
- "port": {
- "PrivatePort": 8090,
- "Type": "tcp",
- "IP": "0.0.0.0",
- "PublicPort": 8090
- },
- "keystone_project_id": "keystone_project_id1",
- "pdp_id": "123456789",
- "container_name": "wukongsun/moon_authz:v4.1"
- }
- :return: container output
- """
- output = self.docker.containers.run(
- image=data.get("container_name"),
- hostname=data.get("hostname", data.get("name"))[:63],
- name=data.get("name"),
- network='moon',
- ports={'{}/{}'.format(
- data.get("port").get("PrivatePort"),
- data.get("port").get("Type")
- ): int(data.get("port").get("PrivatePort"))},
- environment={
- "UUID": data.get("hostname"),
- "BIND": data.get("port").get("IP"),
- "TYPE": data.get("plugin_name"),
- "PORT": data.get("port").get("PrivatePort"),
- "PDP_ID": data.get("pdp_id"),
- "META_RULE_ID": data.get("meta_rule_id"),
- "KEYSTONE_PROJECT_ID": data.get("keystone_project_id"),
- },
- detach=True
- )
- try:
- req = requests.head("http://{}:{}/".format(data.get("hostname"), data.get("port").get("PublicPort")))
- except requests.exceptions.ConnectionError:
- pass
- else:
- if req.status_code != 200:
- raise exceptions.DockerError("Container {} is not running!".format(data.get("hostname")))
- output.ip = "0.0.0.0"
- return output
-
- # Note: host is not reachable through hostname so trying to find th IP address
- res = output.exec_run("ip addr")
- find = re.findall("inet (\d+\.\d+\.\d+\.\d+)", res.decode("utf-8"))
- ip = "127.0.0.1"
- for ip in find:
- if ip.startswith("127"):
- continue
- break
- cpt = 0
- while True:
- try:
- req = requests.head("http://{}:{}/".format(ip, data.get("port").get("PublicPort")))
- except requests.exceptions.ConnectionError:
- pass
- else:
- if req.status_code not in (200, 201):
- LOG.error("url={}".format("http://{}:{}/".format(ip, data.get("port").get("PublicPort"))))
- LOG.error("req={}".format(req))
- raise exceptions.DockerError("Container {} is not running!".format(data.get("hostname")))
- output.ip = ip
- return output
- finally:
- cpt += 1
- time.sleep(0.1)
- if cpt > 20:
- break
- output.ip = ip
- return output
-
- def delete_container(self, uuid):
- raise NotImplementedError
diff --git a/moon_interface/moon_interface/http_server.py b/moon_interface/moon_interface/http_server.py
index 890bb82f..72576f6c 100644
--- a/moon_interface/moon_interface/http_server.py
+++ b/moon_interface/moon_interface/http_server.py
@@ -15,6 +15,10 @@ from python_moonutilities import configuration, exceptions
logger = logging.getLogger("moon.interface.http")
+__API__ = (
+ Status, Logs, API
+ )
+
class Server:
"""Base class for HTTP server"""
@@ -59,10 +63,6 @@ class Server:
def run(self):
raise NotImplementedError()
-__API__ = (
- Status, Logs, API
- )
-
class Root(Resource):
"""
@@ -132,5 +132,3 @@ class HTTPServer(Server):
def run(self):
self.app.run(host=self._host, port=self._port) # nosec
- # self.app.run(debug=True, host=self._host, port=self._port) # nosec
-
diff --git a/moon_interface/moon_interface/server.py b/moon_interface/moon_interface/server.py
index e53b4504..8b53d7f3 100644
--- a/moon_interface/moon_interface/server.py
+++ b/moon_interface/moon_interface/server.py
@@ -7,7 +7,7 @@ import logging
from python_moonutilities import configuration, exceptions
from moon_interface.http_server import HTTPServer
-LOG = logging.getLogger("moon.interface")
+LOG = logging.getLogger("moon.interface.server")
def main():
@@ -23,10 +23,7 @@ def main():
port = 80
configuration.add_component(uuid="interface", name=hostname, port=port, bind=bind)
LOG.info("Starting server with IP {} on port {} bind to {}".format(hostname, port, bind))
- server = HTTPServer(host=bind, port=port)
- # LOG.info("Starting server")
- # server = HTTPServer(host="0.0.0.0", port=8081)
- return server
+ return HTTPServer(host=bind, port=port)
if __name__ == '__main__':
diff --git a/moon_interface/setup.py b/moon_interface/setup.py
index 3460c991..db15ff54 100644
--- a/moon_interface/setup.py
+++ b/moon_interface/setup.py
@@ -21,7 +21,7 @@ setup(
description="",
- long_description=open('README.rst').read(),
+ long_description=open('README.md').read(),
# install_requires= ,
diff --git a/moon_interface/tools/run.sh b/moon_interface/tools/run.sh
deleted file mode 100644
index d1db1f00..00000000
--- a/moon_interface/tools/run.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/usr/bin/env bash
-
-http_proxy= /usr/bin/python3 /home/vdsq3226/projets/opnfv/opnfv-moon/moon_interface/tools/api2rst.py
-pandoc api.rst --toc -o api.pdf
-evince api.pdf
diff --git a/moon_manager/Dockerfile b/moon_manager/Dockerfile
index 873e3aa2..b5eb4e02 100644
--- a/moon_manager/Dockerfile
+++ b/moon_manager/Dockerfile
@@ -1,12 +1,8 @@
-FROM ubuntu:latest
-
-RUN apt update && apt install python3.5 python3-pip -y
-RUN pip3 install pip --upgrade
+FROM python:3
ADD . /root
WORKDIR /root/
RUN pip3 install -r requirements.txt
-#RUN pip3 install /root/dist/* --upgrade
RUN pip3 install .
CMD ["python3", "-m", "moon_manager"] \ No newline at end of file
diff --git a/moon_interface/README.rst b/moon_manager/README.md
index ded4e99a..c74ccc28 100644
--- a/moon_interface/README.rst
+++ b/moon_manager/README.md
@@ -1,5 +1,4 @@
-Core module for the Moon project
-================================
+# moon_manager
This package contains the core module for the Moon project
It is designed to provide authorization features to all OpenStack components.
diff --git a/moon_manager/moon_manager/api/containers.py b/moon_manager/moon_manager/api/containers.py
deleted file mode 100644
index 6dc50ea5..00000000
--- a/moon_manager/moon_manager/api/containers.py
+++ /dev/null
@@ -1,178 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-"""
-PDP are Policy Decision Point.
-
-"""
-
-import copy
-from docker import Client
-from flask import request
-from flask_restful import Resource
-from oslo_log import log as logging
-from python_moonutilities.security_functions import check_auth
-from python_moonutilities import configuration
-
-docker_conf = configuration.get_configuration("docker")['docker']
-docker = Client(base_url=docker_conf['url'])
-
-__version__ = "0.1.0"
-
-LOG = logging.getLogger("moon.manager.api." + __name__)
-
-
-class Container(Resource):
- """
- Endpoint for container requests
- """
-
- __urls__ = (
- "/containers",
- "/containers/",
- "/containers/<string:uuid>",
- "/containers/<string:uuid>/",
- )
-
- def __init__(self):
- self.containers = {}
- self.update()
-
- def update(self):
- for _container in docker.containers():
- if _container['Id'] not in self.containers:
- self.containers[_container['Id']] = {
- "name": _container["Names"],
- "port": _container["Ports"],
- }
-
- @check_auth
- def get(self, uuid=None, user_id=None):
- """Retrieve all containers
-
- :param uuid: uuid of the container
- :param user_id: user ID who do the request
- :return: {
- "containers": {
- "da0fd80fc1dc146e1b...a2e07d240cde09f0a": {
- "name": [
- "/wrapper"
- ],
- "port": [
- {
- "PrivatePort": 8080,
- "Type": "tcp",
- "IP": "0.0.0.0",
- "PublicPort": 8080
- }
- ]
- },
- }
- }
- :internal_api: get_containers
- """
- # try:
- # data = [{"name": item["Names"], "port": item["Ports"], } for item in docker.containers()]
- # except Exception as e:
- # LOG.error(e, exc_info=True)
- # return {"result": False,
- # "error": str(e)}
- return {"containers": self.containers}
-
- @check_auth
- def post(self, uuid=None, user_id=None):
- """Add a new container.
-
- :param uuid: uuid of the pdp (not used here)
- :param user_id: user ID who do the request
- :request body: {
- "id": "id of the new container",
- "name": "name of the new container",
- "hostname": "hostname of the new container",
- "port": {
- "PrivatePort": 8080,
- "Type": "tcp",
- "IP": "0.0.0.0",
- "PublicPort": 8080
- },
- "keystone_project_id": "keystone_project_id1",
- "pdp_id": "PDP UUID",
- "container_name": "wukongsun/moon_authz:v4.1"
- }
- :return: {
- "containers": {
- "da0fd80fc1dc146e1b...a2e07d240cde09f0a": {
- "name": [
- "/wrapper"
- ],
- "port": [
- {
- "PrivatePort": 8080,
- "Type": "tcp",
- "IP": "0.0.0.0",
- "PublicPort": 8080
- }
- ]
- },
- }
- }
- :internal_api: add_container
- """
- try:
- self.update()
- self.containers[request.json.get('id')] = copy.deepcopy(request.json)
- LOG.info("Added a new container {}".format(request.json.get('name')))
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"containers": self.containers}
-
- @check_auth
- def delete(self, uuid=None, user_id=None):
- """Delete a pdp
-
- :param uuid: uuid of the pdp to delete
- :param user_id: user ID who do the request
- :return: {
- "result": "True or False",
- "message": "optional message"
- }
- :internal_api: delete_pdp
- """
- # try:
- # data = PDPManager.delete_pdp(user_id=user_id, pdp_id=uuid)
- # except Exception as e:
- # LOG.error(e, exc_info=True)
- # return {"result": False,
- # "error": str(e)}
- # return {"result": True}
- raise NotImplementedError
-
- @check_auth
- def patch(self, uuid=None, user_id=None):
- """Update a pdp
-
- :param uuid: uuid of the pdp to update
- :param user_id: user ID who do the request
- :return: {
- "pdp_id1": {
- "name": "...",
- "security_pipeline": [...],
- "keystone_project_id": "keystone_project_id1",
- "description": "...",
- }
- }
- :internal_api: update_pdp
- """
- # try:
- # data = PDPManager.update_pdp(user_id=user_id, pdp_id=uuid, value=request.json)
- # add_container(uuid=uuid, pipeline=data[uuid]['security_pipeline'])
- # except Exception as e:
- # LOG.error(e, exc_info=True)
- # return {"result": False,
- # "error": str(e)}
- # return {"pdps": data}
- raise NotImplementedError
-
diff --git a/moon_manager/moon_manager/api/generic.py b/moon_manager/moon_manager/api/generic.py
index bd7dcdac..f46bfd35 100644
--- a/moon_manager/moon_manager/api/generic.py
+++ b/moon_manager/moon_manager/api/generic.py
@@ -21,7 +21,11 @@ class Status(Resource):
Endpoint for status requests
"""
- __urls__ = ("/status", "/status/", "/status/<string:component_id>")
+ __urls__ = (
+ "/status",
+ "/status/",
+ "/status/<string:component_id>"
+ )
def get(self, component_id=None):
"""Retrieve status of all components
@@ -43,7 +47,11 @@ class Logs(Resource):
Endpoint for logs requests
"""
- __urls__ = ("/logs", "/logs/", "/logs/<string:component_id>")
+ __urls__ = (
+ "/logs",
+ "/logs/",
+ "/logs/<string:component_id>"
+ )
def get(self, component_id=None):
"""Get logs from the Moon platform
@@ -83,7 +91,8 @@ class API(Resource):
"/api/",
"/api/<string:group_id>",
"/api/<string:group_id>/",
- "/api/<string:group_id>/<string:endpoint_id>")
+ "/api/<string:group_id>/<string:endpoint_id>"
+ )
@check_auth
def get(self, group_id="", endpoint_id="", user_id=""):
diff --git a/moon_manager/moon_manager/api/meta_rules.py b/moon_manager/moon_manager/api/meta_rules.py
index ceba0ffb..21552dd7 100644
--- a/moon_manager/moon_manager/api/meta_rules.py
+++ b/moon_manager/moon_manager/api/meta_rules.py
@@ -23,10 +23,12 @@ class MetaRules(Resource):
Endpoint for meta rules requests
"""
- __urls__ = ("/meta_rules",
- "/meta_rules/",
- "/meta_rules/<string:meta_rule_id>",
- "/meta_rules/<string:meta_rule_id>/")
+ __urls__ = (
+ "/meta_rules",
+ "/meta_rules/",
+ "/meta_rules/<string:meta_rule_id>",
+ "/meta_rules/<string:meta_rule_id>/"
+ )
@check_auth
def get(self, meta_rule_id=None, user_id=None):
diff --git a/moon_manager/moon_manager/http_server.py b/moon_manager/moon_manager/http_server.py
index 584e71a2..6aa2cd44 100644
--- a/moon_manager/moon_manager/http_server.py
+++ b/moon_manager/moon_manager/http_server.py
@@ -20,12 +20,20 @@ from moon_manager.api.perimeter import Subjects, Objects, Actions
from moon_manager.api.data import SubjectData, ObjectData, ActionData
from moon_manager.api.assignments import SubjectAssignments, ObjectAssignments, ActionAssignments
from moon_manager.api.rules import Rules
-# from moon_manager.api.containers import Container
from python_moonutilities import configuration, exceptions
from python_moondb.core import PDPManager
-LOG = logging.getLogger("moon.manager.http")
+LOG = logging.getLogger("moon.manager.http_server")
+
+__API__ = (
+ Status, Logs, API,
+ MetaRules, SubjectCategories, ObjectCategories, ActionCategories,
+ Subjects, Objects, Actions, Rules,
+ SubjectAssignments, ObjectAssignments, ActionAssignments,
+ SubjectData, ObjectData, ActionData,
+ Models, Policies, PDP
+ )
class Server:
@@ -71,16 +79,6 @@ class Server:
def run(self):
raise NotImplementedError()
-__API__ = (
- Status, Logs, API,
- MetaRules, SubjectCategories, ObjectCategories, ActionCategories,
- Subjects, Objects, Actions,
- SubjectAssignments, ObjectAssignments, ActionAssignments,
- SubjectData, ObjectData, ActionData,
- Rules, #Container,
- Models, Policies, PDP
- )
-
class Root(Resource):
"""
@@ -113,7 +111,7 @@ class HTTPServer(Server):
conf = configuration.get_configuration("components/manager")
self.manager_hostname = conf["components/manager"].get("hostname", "manager")
self.manager_port = conf["components/manager"].get("port", 80)
- #Todo : specify only few urls instead of *
+ # TODO : specify only few urls instead of *
CORS(self.app)
self.api = Api(self.app)
self.__set_route()
@@ -133,8 +131,8 @@ class HTTPServer(Server):
def __set_route(self):
self.api.add_resource(Root, '/')
- for api in __API__:
- self.api.add_resource(api, *api.__urls__)
+ for _api in __API__:
+ self.api.add_resource(_api, *_api.__urls__)
@staticmethod
def __check_if_db_is_up():
@@ -154,4 +152,3 @@ class HTTPServer(Server):
def run(self):
self.__check_if_db_is_up()
self.app.run(debug=True, host=self._host, port=self._port) # nosec
-
diff --git a/moon_manager/moon_manager/server.py b/moon_manager/moon_manager/server.py
index bcc52cb3..f4c01611 100644
--- a/moon_manager/moon_manager/server.py
+++ b/moon_manager/moon_manager/server.py
@@ -3,18 +3,15 @@
# license which can be found in the file 'LICENSE' in this package distribution
# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-import os
from oslo_config import cfg
from oslo_log import log as logging
from python_moonutilities import configuration, exceptions
from moon_manager.http_server import HTTPServer
-LOG = logging.getLogger("moon.manager")
+LOG = logging.getLogger("moon.manager.server")
CONF = cfg.CONF
DOMAIN = "moon_manager"
-__CWD__ = os.path.dirname(os.path.abspath(__file__))
-
def main():
configuration.init_logging()
@@ -29,8 +26,7 @@ def main():
port = 80
configuration.add_component(uuid="manager", name=hostname, port=port, bind=bind)
LOG.info("Starting server with IP {} on port {} bind to {}".format(hostname, port, bind))
- server = HTTPServer(host=bind, port=port)
- return server
+ return HTTPServer(host=bind, port=port)
if __name__ == '__main__':
diff --git a/moon_manager/requirements.txt b/moon_manager/requirements.txt
index 15ba715b..e2dd5c96 100644
--- a/moon_manager/requirements.txt
+++ b/moon_manager/requirements.txt
@@ -3,4 +3,3 @@ flask_restful
flask_cors
python_moonutilities
python_moondb
-docker-py
diff --git a/moon_manager/setup.py b/moon_manager/setup.py
index a6fc5fc7..bd8a70f0 100644
--- a/moon_manager/setup.py
+++ b/moon_manager/setup.py
@@ -21,7 +21,7 @@ setup(
description="",
- long_description=open('README.rst').read(),
+ long_description=open('README.md').read(),
# install_requires= ,
diff --git a/moon_orchestrator/Dockerfile b/moon_orchestrator/Dockerfile
index aafe1784..e9f83094 100644
--- a/moon_orchestrator/Dockerfile
+++ b/moon_orchestrator/Dockerfile
@@ -1,15 +1,8 @@
-FROM ubuntu:latest
-
-ENV CONSUL_HOST=consul
-ENV CONSUL_PORT=8500
-
-RUN apt update && apt install python3.5 python3-pip python3-mysql.connector -y
-RUN pip3 install pip --upgrade
+FROM python:3
ADD . /root
WORKDIR /root/
-RUN pip3 install -r requirements.txt --upgrade
-#RUN pip3 install /root/dist/* --upgrade
-RUN pip3 install . --upgrade
+RUN pip3 install -r requirements.txt
+RUN pip3 install .
CMD ["python3", "-m", "moon_orchestrator"] \ No newline at end of file
diff --git a/moon_orchestrator/README.md b/moon_orchestrator/README.md
index d4cdc4fb..aec5cda2 100644
--- a/moon_orchestrator/README.md
+++ b/moon_orchestrator/README.md
@@ -1,3 +1,4 @@
-# Moon Orchestrator
+# moon_orchestrator
+
Internal orchestrator used for the Moon framework
diff --git a/moon_orchestrator/conf/dockers/template.dockerfile b/moon_orchestrator/conf/dockers/template.dockerfile
deleted file mode 100644
index 6bb8a0c6..00000000
--- a/moon_orchestrator/conf/dockers/template.dockerfile
+++ /dev/null
@@ -1,25 +0,0 @@
-# Pull base image.
-FROM ubuntu:latest
-
-{{ proxy }}
-
-RUN apt-get update && apt-get install python3.5 python3-pip -y
-
-ADD dist/moon_utilities-0.1.0.tar.gz /root
-WORKDIR /root/moon_utilities-0.1.0
-RUN pip3 install pip --upgrade
-RUN pip3 install --upgrade -r requirements.txt
-RUN pip3 install --upgrade .
-
-ADD dist/moon_db-0.1.0.tar.gz /root
-WORKDIR /root/moon_db-0.1.0
-RUN pip3 install --upgrade -r requirements.txt
-RUN pip3 install --upgrade .
-
-{{ run }}
-
-{% for port in ports %}
-EXPOSE {{ port }}
-{% endfor %}
-
-CMD {{ cmd }}
diff --git a/moon_orchestrator/conf/moon.conf b/moon_orchestrator/conf/moon.conf
deleted file mode 100644
index 49086d48..00000000
--- a/moon_orchestrator/conf/moon.conf
+++ /dev/null
@@ -1,84 +0,0 @@
-database:
- url: mysql+pymysql://moon:p4sswOrd1@db/moon
- driver: sql
-
-messenger:
- url: rabbit://moon:p4sswOrd1@messenger:5672/moon
-
-docker:
- url: tcp://172.88.88.1:2376
- network: moon
-
-slave:
- name:
- master:
- url:
- login:
- password:
-
-openstack:
- keystone:
- url: http://keystone:5000/v3
- user: admin
- password: p4ssw0rd
- domain: default
- project: admin
- check_token: false
- certificate: false
-
-plugins:
- authz:
- container: wukongsun/moon_authz:v4.1
- session:
- container: asteroide/session:latest
-
-components:
- interface:
- port: 8081
- hostname: interface
- bind: 0.0.0.0
- container: wukongsun/moon_interface:v4.1
- router:
- container: wukongsun/moon_router:v4.1
- hostname: router
- manager:
- container: wukongsun/moon_manager:v4.1
- hostname: manager
- orchestrator:
- container: wukongsun/moon_orchestrator:v4.1
- hostname: orchestrator
- port_start: 38001
-
-logging:
- version: 1
-
- formatters:
- brief:
- format: "%(levelname)s %(name)s %(message)-30s"
- custom:
- format: "%(asctime)-15s %(levelname)s %(name)s %(message)s"
-
- handlers:
- console:
- class : logging.StreamHandler
- formatter: brief
- level : INFO
- stream : ext://sys.stdout
- file:
- class : logging.handlers.RotatingFileHandler
- formatter: custom
- level : DEBUG
- filename: /tmp/moon.log
- maxBytes: 1048576
- backupCount: 3
-
- loggers:
- moon:
- level: DEBUG
- handlers: [console, file]
- propagate: no
-
- root:
- level: ERROR
- handlers: [console]
-
diff --git a/moon_orchestrator/conf/plugins/authz.py b/moon_orchestrator/conf/plugins/authz.py
deleted file mode 100644
index 4a1441c9..00000000
--- a/moon_orchestrator/conf/plugins/authz.py
+++ /dev/null
@@ -1,67 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-
-import os
-import time
-import hashlib
-from oslo_config import cfg
-from oslo_log import log as logging
-import oslo_messaging
-from moon_orchestrator.dockers import DockerBase
-
-LOG = logging.getLogger(__name__)
-CONF = cfg.CONF
-DOMAIN = "moon_orchestrator"
-
-__CWD__ = os.path.dirname(os.path.abspath(__file__))
-# TODO (asteroide): select the right template folder
-TEMPLATES_FOLDER = os.path.join(__CWD__, "..", "conf", "dockers")
-# TODO (asteroide): add specific configuration options for that plugin
-
-
-class AuthzFunction(DockerBase):
-
- id = "moon_authz_function"
- __build = """RUN mkdir -p /etc/moon/
-COPY conf /etc/moon/
-ADD dist/{py_pkg}.tar.gz /root
-WORKDIR /root/{py_pkg}
-RUN pip3 install -r requirements.txt
-RUN pip3 install .
-"""
-
- def __init__(self, uuid, conf_file="", docker=None, network_config=None):
- self.id = "authz_"+hashlib.sha224(uuid.encode("utf-8")).hexdigest()
- super(AuthzFunction, self).__init__(
- name="moon_authz",
- run_cmd=["python3", "-m", "moon_authz", uuid],
- conf_file=conf_file,
- docker=docker,
- network_config=network_config,
- build_cmd=self.__build,
- id=self.id,
- tag=""
- # tag=CONF.security_function.container
- )
- # note(asteroide): time to let the new docker boot
- time.sleep(3)
- # self.get_status()
-
- def get_status(self):
- return True
- # transport = oslo_messaging.get_transport(CONF)
- # target = oslo_messaging.Target(topic=self.id, version='1.0')
- # client = oslo_messaging.RPCClient(transport, target)
- # LOG.info("Calling Status on {}".format(self.id))
- # ret = client.call({"component_id": self.id}, 'get_status', args=None)
- # LOG.info(ret)
- # return ret
-
-
-def run(uuid, conf_file="", docker=None, network_config=None):
- return AuthzFunction(uuid,
- conf_file=conf_file,
- docker=docker,
- network_config=network_config)
diff --git a/moon_orchestrator/conf/plugins/session.py b/moon_orchestrator/conf/plugins/session.py
deleted file mode 100644
index 6fa2cfe2..00000000
--- a/moon_orchestrator/conf/plugins/session.py
+++ /dev/null
@@ -1,67 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-
-import os
-import time
-import hashlib
-from oslo_config import cfg
-from oslo_log import log as logging
-import oslo_messaging
-from moon_orchestrator.dockers import DockerBase
-
-LOG = logging.getLogger(__name__)
-CONF = cfg.CONF
-DOMAIN = "moon_orchestrator"
-
-__CWD__ = os.path.dirname(os.path.abspath(__file__))
-# TODO (asteroide): select the right template folder
-TEMPLATES_FOLDER = os.path.join(__CWD__, "..", "conf", "dockers")
-# TODO (asteroide): add specific configuration options for that plugin
-
-
-class AuthzFunction(DockerBase):
-
- id = "moon_session_function"
- __build = """RUN mkdir -p /etc/moon/
-COPY conf /etc/moon/
-ADD dist/{py_pkg}.tar.gz /root
-WORKDIR /root/{py_pkg}
-RUN pip3 install -r requirements.txt
-RUN pip3 install .
-"""
-
- def __init__(self, uuid, conf_file="", docker=None, network_config=None):
- self.id = "session_"+hashlib.sha224(uuid.encode("utf-8")).hexdigest()
- super(AuthzFunction, self).__init__(
- name="moon_authz",
- run_cmd=["python3", "-m", "moon_authz", uuid],
- conf_file=conf_file,
- docker=docker,
- network_config=network_config,
- build_cmd=self.__build,
- id=self.id,
- tag=""
- # tag=CONF.security_function.container
- )
- # note(asteroide): time to let the new docker boot
- time.sleep(3)
- # self.get_status()
-
- def get_status(self):
- return True
- # transport = oslo_messaging.get_transport(CONF)
- # target = oslo_messaging.Target(topic=self.id, version='1.0')
- # client = oslo_messaging.RPCClient(transport, target)
- # LOG.info("Calling Status on {}".format(self.id))
- # ret = client.call({"component_id": self.id}, 'get_status', args=None)
- # LOG.info(ret)
- # return ret
-
-
-def run(uuid, conf_file="", docker=None, network_config=None):
- return AuthzFunction(uuid,
- conf_file=conf_file,
- docker=docker,
- network_config=network_config)
diff --git a/moon_orchestrator/conf/policies/policy_authz/assignment.json b/moon_orchestrator/conf/policies/policy_authz/assignment.json
deleted file mode 100644
index 7a6c722e..00000000
--- a/moon_orchestrator/conf/policies/policy_authz/assignment.json
+++ /dev/null
@@ -1,55 +0,0 @@
-{
- "subject_assignments": {
- "subject_security_level":{
- "admin": ["high"],
- "demo": ["medium"]
- },
- "domain":{
- "admin": ["ft"],
- "demo": ["xx"]
- },
- "role": {
- "admin": ["admin"],
- "demo": ["dev"]
- }
- },
-
- "action_assignments": {
- "resource_action":{
- "pause": ["vm_admin"],
- "unpause": ["vm_admin"],
- "start": ["vm_admin"],
- "stop": ["vm_admin"],
- "list": ["vm_access", "vm_admin"],
- "create": ["vm_admin"],
- "storage_list": ["storage_access"],
- "download": ["storage_access"],
- "post": ["storage_admin"],
- "upload": ["storage_admin"]
- },
- "access": {
- "pause": ["write"],
- "unpause": ["write"],
- "start": ["write"],
- "stop": ["write"],
- "list": ["read"],
- "create": ["write"],
- "storage_list": ["read"],
- "download": ["read"],
- "post": ["write"],
- "upload": ["write"]
- }
- },
-
- "object_assignments": {
- "object_security_level": {
- "servers": ["low"]
- },
- "type": {
- "servers": ["computing"]
- },
- "object_id": {
- "servers": ["servers"]
- }
- }
-}
diff --git a/moon_orchestrator/conf/policies/policy_authz/metadata.json b/moon_orchestrator/conf/policies/policy_authz/metadata.json
deleted file mode 100644
index 21a99eb2..00000000
--- a/moon_orchestrator/conf/policies/policy_authz/metadata.json
+++ /dev/null
@@ -1,23 +0,0 @@
-{
- "name": "Simple_Policy",
- "genre": "authz",
- "description": "Simple Security Policy",
- "pdp_pipeline": ["authz:rbac_rule", "authz:mls_rule"],
-
- "subject_categories": [
- "subject_security_level",
- "domain",
- "role"
- ],
-
- "action_categories": [
- "resource_action",
- "access"
- ],
-
- "object_categories": [
- "object_security_level",
- "type",
- "object_id"
- ]
-}
diff --git a/moon_orchestrator/conf/policies/policy_authz/metarule.json b/moon_orchestrator/conf/policies/policy_authz/metarule.json
deleted file mode 100644
index c9afd6c2..00000000
--- a/moon_orchestrator/conf/policies/policy_authz/metarule.json
+++ /dev/null
@@ -1,24 +0,0 @@
-{
- "sub_meta_rules": {
- "mls_rule": {
- "subject_categories": ["subject_security_level"],
- "action_categories": ["resource_action"],
- "object_categories": ["object_security_level"],
- "algorithm": "inclusion"
- },
- "dte_rule": {
- "subject_categories": ["domain"],
- "action_categories": ["access"],
- "object_categories": ["type"],
- "algorithm": "inclusion"
- },
- "rbac_rule": {
- "subject_categories": ["role", "domain"],
- "action_categories": ["access"],
- "object_categories": ["object_id"],
- "algorithm": "inclusion"
- }
- },
- "aggregation": "all_true"
-}
-
diff --git a/moon_orchestrator/conf/policies/policy_authz/perimeter.json b/moon_orchestrator/conf/policies/policy_authz/perimeter.json
deleted file mode 100644
index 47a8ee45..00000000
--- a/moon_orchestrator/conf/policies/policy_authz/perimeter.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
- "subjects": [
- "admin",
- "demo"
- ],
- "actions": [
- "pause",
- "unpause",
- "start",
- "stop",
- "create",
- "list",
- "upload",
- "download",
- "post",
- "storage_list"
- ],
- "objects": [
- "servers"
- ]
-}
diff --git a/moon_orchestrator/conf/policies/policy_authz/rule.json b/moon_orchestrator/conf/policies/policy_authz/rule.json
deleted file mode 100644
index 25f9d93a..00000000
--- a/moon_orchestrator/conf/policies/policy_authz/rule.json
+++ /dev/null
@@ -1,25 +0,0 @@
-{
- "mls_rule":[
- ["high", "vm_admin", "medium"],
- ["high", "vm_admin", "low"],
- ["medium", "vm_admin", "low"],
- ["high", "vm_access", "high"],
- ["high", "vm_access", "medium"],
- ["high", "vm_access", "low"],
- ["medium", "vm_access", "medium"],
- ["medium", "vm_access", "low"],
- ["low", "vm_access", "low"]
- ],
- "dte_rule":[
- ["ft", "read", "computing"],
- ["ft", "write", "computing"],
- ["ft", "read", "storage"],
- ["ft", "write", "storage"],
- ["xx", "read", "storage"]
- ],
- "rbac_rule":[
- ["dev", "xx", "read", "servers"],
- ["admin", "xx", "read", "servers"],
- ["admin", "ft", "read", "servers"]
- ]
-}
diff --git a/moon_orchestrator/conf/policies/policy_authz/scope.json b/moon_orchestrator/conf/policies/policy_authz/scope.json
deleted file mode 100644
index 9b313daf..00000000
--- a/moon_orchestrator/conf/policies/policy_authz/scope.json
+++ /dev/null
@@ -1,49 +0,0 @@
-{
- "subject_scopes": {
- "role": [
- "admin",
- "dev"
- ],
- "subject_security_level": [
- "high",
- "medium",
- "low"
- ],
- "domain": [
- "ft",
- "xx"
- ]
- },
-
- "action_scopes": {
- "resource_action": [
- "vm_admin",
- "vm_access",
- "storage_admin",
- "storage_access"
- ],
- "access": [
- "write",
- "read"
- ]
- },
-
- "object_scopes": {
- "object_security_level": [
- "high",
- "medium",
- "low"
- ],
- "type": [
- "computing",
- "storage"
- ],
- "object_id": [
- "servers",
- "vm1",
- "vm2",
- "file1",
- "file2"
- ]
- }
-}
diff --git a/moon_orchestrator/conf/policies/policy_empty_admin/assignment.json b/moon_orchestrator/conf/policies/policy_empty_admin/assignment.json
deleted file mode 100644
index 24018a09..00000000
--- a/moon_orchestrator/conf/policies/policy_empty_admin/assignment.json
+++ /dev/null
@@ -1,7 +0,0 @@
-{
- "subject_assignments": {},
-
- "action_assignments": {},
-
- "object_assignments": {}
-}
diff --git a/moon_orchestrator/conf/policies/policy_empty_admin/metadata.json b/moon_orchestrator/conf/policies/policy_empty_admin/metadata.json
deleted file mode 100644
index 3c9be2e5..00000000
--- a/moon_orchestrator/conf/policies/policy_empty_admin/metadata.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{
- "name": "Empty_Policy",
- "model": "",
- "genre": "admin",
- "description": "Empty Policy",
-
- "subject_categories": [],
-
- "action_categories": [],
-
- "object_categories": []
-}
diff --git a/moon_orchestrator/conf/policies/policy_empty_admin/metarule.json b/moon_orchestrator/conf/policies/policy_empty_admin/metarule.json
deleted file mode 100644
index 7acd8848..00000000
--- a/moon_orchestrator/conf/policies/policy_empty_admin/metarule.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{
- "sub_meta_rules": {
- "mls_rule": {
- "subject_categories": [],
- "action_categories": [],
- "object_categories": [],
- "algorithm": ""
- }
- },
- "aggregation": ""
-}
-
diff --git a/moon_orchestrator/conf/policies/policy_empty_admin/perimeter.json b/moon_orchestrator/conf/policies/policy_empty_admin/perimeter.json
deleted file mode 100644
index 54dbfc31..00000000
--- a/moon_orchestrator/conf/policies/policy_empty_admin/perimeter.json
+++ /dev/null
@@ -1,39 +0,0 @@
-{
- "subjects": [],
- "actions": [
- "read",
- "write"
- ],
- "objects": [
- "authz.subjects",
- "authz.objects",
- "authz.actions",
- "authz.subject_categories",
- "authz.object_categories",
- "authz.action_categories",
- "authz.subject_scopes",
- "authz.object_scopes",
- "authz.action_scopes",
- "authz.subject_assignments",
- "authz.object_assignments",
- "authz.action_assignments",
- "authz.aggregation_algorithm",
- "authz.sub_meta_rules",
- "authz.rules",
- "admin.subjects",
- "admin.objects",
- "admin.actions",
- "admin.subject_categories",
- "admin.object_categories",
- "admin.action_categories",
- "admin.subject_scopes",
- "admin.object_scopes",
- "admin.action_scopes",
- "admin.subject_assignments",
- "admin.object_assignments",
- "admin.action_assignments",
- "admin.aggregation_algorithm",
- "admin.sub_meta_rules",
- "admin.rules"
- ]
-}
diff --git a/moon_orchestrator/conf/policies/policy_empty_admin/rule.json b/moon_orchestrator/conf/policies/policy_empty_admin/rule.json
deleted file mode 100644
index fe4fae5a..00000000
--- a/moon_orchestrator/conf/policies/policy_empty_admin/rule.json
+++ /dev/null
@@ -1,3 +0,0 @@
-{
- "mls_rule":[]
-}
diff --git a/moon_orchestrator/conf/policies/policy_empty_admin/scope.json b/moon_orchestrator/conf/policies/policy_empty_admin/scope.json
deleted file mode 100644
index 1efebe6f..00000000
--- a/moon_orchestrator/conf/policies/policy_empty_admin/scope.json
+++ /dev/null
@@ -1,7 +0,0 @@
-{
- "subject_scopes": {},
-
- "action_scopes": {},
-
- "object_scopes": {}
-}
diff --git a/moon_orchestrator/conf/policies/policy_empty_authz/assignment.json b/moon_orchestrator/conf/policies/policy_empty_authz/assignment.json
deleted file mode 100644
index 24018a09..00000000
--- a/moon_orchestrator/conf/policies/policy_empty_authz/assignment.json
+++ /dev/null
@@ -1,7 +0,0 @@
-{
- "subject_assignments": {},
-
- "action_assignments": {},
-
- "object_assignments": {}
-}
diff --git a/moon_orchestrator/conf/policies/policy_empty_authz/metadata.json b/moon_orchestrator/conf/policies/policy_empty_authz/metadata.json
deleted file mode 100644
index 4f300d78..00000000
--- a/moon_orchestrator/conf/policies/policy_empty_authz/metadata.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{
- "name": "MLS_Policy",
- "model": "MLS",
- "genre": "authz",
- "description": "Multi Level Security Policy",
-
- "subject_categories": [],
-
- "action_categories": [],
-
- "object_categories": []
-}
diff --git a/moon_orchestrator/conf/policies/policy_empty_authz/metarule.json b/moon_orchestrator/conf/policies/policy_empty_authz/metarule.json
deleted file mode 100644
index 7acd8848..00000000
--- a/moon_orchestrator/conf/policies/policy_empty_authz/metarule.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{
- "sub_meta_rules": {
- "mls_rule": {
- "subject_categories": [],
- "action_categories": [],
- "object_categories": [],
- "algorithm": ""
- }
- },
- "aggregation": ""
-}
-
diff --git a/moon_orchestrator/conf/policies/policy_empty_authz/perimeter.json b/moon_orchestrator/conf/policies/policy_empty_authz/perimeter.json
deleted file mode 100644
index 9da8a8c0..00000000
--- a/moon_orchestrator/conf/policies/policy_empty_authz/perimeter.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
- "subjects": [],
- "actions": [],
- "objects": []
-}
diff --git a/moon_orchestrator/conf/policies/policy_empty_authz/rule.json b/moon_orchestrator/conf/policies/policy_empty_authz/rule.json
deleted file mode 100644
index fe4fae5a..00000000
--- a/moon_orchestrator/conf/policies/policy_empty_authz/rule.json
+++ /dev/null
@@ -1,3 +0,0 @@
-{
- "mls_rule":[]
-}
diff --git a/moon_orchestrator/conf/policies/policy_empty_authz/scope.json b/moon_orchestrator/conf/policies/policy_empty_authz/scope.json
deleted file mode 100644
index 1efebe6f..00000000
--- a/moon_orchestrator/conf/policies/policy_empty_authz/scope.json
+++ /dev/null
@@ -1,7 +0,0 @@
-{
- "subject_scopes": {},
-
- "action_scopes": {},
-
- "object_scopes": {}
-}
diff --git a/moon_orchestrator/conf/policies/policy_mls_authz/assignment.json b/moon_orchestrator/conf/policies/policy_mls_authz/assignment.json
deleted file mode 100644
index 0712dfbc..00000000
--- a/moon_orchestrator/conf/policies/policy_mls_authz/assignment.json
+++ /dev/null
@@ -1,29 +0,0 @@
-{
- "subject_assignments": {
- "subject_security_level":{
- "admin": ["high"],
- "demo": ["medium"]
- }
- },
-
- "action_assignments": {
- "resource_action":{
- "pause": ["vm_admin"],
- "unpause": ["vm_admin"],
- "start": ["vm_admin"],
- "stop": ["vm_admin"],
- "list": ["vm_access", "vm_admin"],
- "create": ["vm_admin"],
- "storage_list": ["storage_access"],
- "download": ["storage_access"],
- "post": ["storage_admin"],
- "upload": ["storage_admin"]
- }
- },
-
- "object_assignments": {
- "object_security_level": {
- "servers": ["low"]
- }
- }
-}
diff --git a/moon_orchestrator/conf/policies/policy_mls_authz/metadata.json b/moon_orchestrator/conf/policies/policy_mls_authz/metadata.json
deleted file mode 100644
index c419c815..00000000
--- a/moon_orchestrator/conf/policies/policy_mls_authz/metadata.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
- "name": "MLS_Policy",
- "model": "MLS",
- "genre": "authz",
- "description": "Multi Level Security Policy",
-
- "subject_categories": [
- "subject_security_level"
- ],
-
- "action_categories": [
- "resource_action"
- ],
-
- "object_categories": [
- "object_security_level"
- ]
-}
diff --git a/moon_orchestrator/conf/policies/policy_mls_authz/metarule.json b/moon_orchestrator/conf/policies/policy_mls_authz/metarule.json
deleted file mode 100644
index e068927c..00000000
--- a/moon_orchestrator/conf/policies/policy_mls_authz/metarule.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{
- "sub_meta_rules": {
- "mls_rule": {
- "subject_categories": ["subject_security_level"],
- "action_categories": ["resource_action"],
- "object_categories": ["object_security_level"],
- "algorithm": "inclusion"
- }
- },
- "aggregation": "all_true"
-}
-
diff --git a/moon_orchestrator/conf/policies/policy_mls_authz/perimeter.json b/moon_orchestrator/conf/policies/policy_mls_authz/perimeter.json
deleted file mode 100644
index 47a8ee45..00000000
--- a/moon_orchestrator/conf/policies/policy_mls_authz/perimeter.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
- "subjects": [
- "admin",
- "demo"
- ],
- "actions": [
- "pause",
- "unpause",
- "start",
- "stop",
- "create",
- "list",
- "upload",
- "download",
- "post",
- "storage_list"
- ],
- "objects": [
- "servers"
- ]
-}
diff --git a/moon_orchestrator/conf/policies/policy_mls_authz/rule.json b/moon_orchestrator/conf/policies/policy_mls_authz/rule.json
deleted file mode 100644
index b17dc822..00000000
--- a/moon_orchestrator/conf/policies/policy_mls_authz/rule.json
+++ /dev/null
@@ -1,16 +0,0 @@
-{
- "mls_rule":[
- ["high", "vm_admin", "medium"],
- ["high", "vm_admin", "low"],
- ["medium", "vm_admin", "low"],
- ["high", "vm_access", "medium"],
- ["high", "vm_access", "low"],
- ["medium", "vm_access", "low"],
- ["high", "storage_admin", "medium"],
- ["high", "storage_admin", "low"],
- ["medium", "storage_admin", "low"],
- ["high", "storage_access", "medium"],
- ["high", "storage_access", "low"],
- ["medium", "storage_access", "low"]
- ]
-}
diff --git a/moon_orchestrator/conf/policies/policy_mls_authz/scope.json b/moon_orchestrator/conf/policies/policy_mls_authz/scope.json
deleted file mode 100644
index 6cc1c28e..00000000
--- a/moon_orchestrator/conf/policies/policy_mls_authz/scope.json
+++ /dev/null
@@ -1,26 +0,0 @@
-{
- "subject_scopes": {
- "subject_security_level": [
- "high",
- "medium",
- "low"
- ]
- },
-
- "action_scopes": {
- "resource_action": [
- "vm_admin",
- "vm_access",
- "storage_admin",
- "storage_access"
- ]
- },
-
- "object_scopes": {
- "object_security_level": [
- "high",
- "medium",
- "low"
- ]
- }
-}
diff --git a/moon_orchestrator/conf/policies/policy_rbac_admin/assignment.json b/moon_orchestrator/conf/policies/policy_rbac_admin/assignment.json
deleted file mode 100644
index f2378333..00000000
--- a/moon_orchestrator/conf/policies/policy_rbac_admin/assignment.json
+++ /dev/null
@@ -1,48 +0,0 @@
-{
- "subject_assignments": {
- "role": {
- "admin": ["root_role"],
- "demo": ["dev_role"]
- }
- },
- "action_assignments": {
- "action_id": {
- "read": ["read"],
- "write": ["write"]
- }
- },
- "object_assignments": {
- "object_id": {
- "authz.subjects": ["authz.subjects"],
- "authz.objects": ["authz.objects"],
- "authz.actions": ["authz.actions"],
- "authz.subject_categories": ["authz.subject_categories"],
- "authz.object_categories": ["authz.object_categories"],
- "authz.action_categories": ["authz.action_categories"],
- "authz.subject_scopes": ["authz.subject_scopes"],
- "authz.object_scopes": ["authz.object_scopes"],
- "authz.action_scopes": ["authz.action_scopes"],
- "authz.subject_assignments": ["authz.subject_assignments"],
- "authz.object_assignments": ["authz.object_assignments"],
- "authz.action_assignments": ["authz.action_assignments"],
- "authz.aggregation_algorithm": ["authz.aggregation_algorithm"],
- "authz.sub_meta_rules": ["authz.sub_meta_rules"],
- "authz.rules": ["authz.rules"],
- "admin.subjects": ["admin.subjects"],
- "admin.objects": ["admin.objects"],
- "admin.actions": ["admin.actions"],
- "admin.subject_categories": ["admin.subject_categories"],
- "admin.object_categories": ["admin.object_categories"],
- "admin.action_categories": ["admin.action_categories"],
- "admin.subject_scopes": ["admin.subject_scopes"],
- "admin.object_scopes": ["admin.object_scopes"],
- "admin.action_scopes": ["admin.action_scopes"],
- "admin.subject_assignments": ["admin.subject_assignments"],
- "admin.object_assignments": ["admin.object_assignments"],
- "admin.action_assignments": ["admin.action_assignments"],
- "admin.aggregation_algorithm": ["admin.aggregation_algorithm"],
- "admin.sub_meta_rules": ["admin.sub_meta_rules"],
- "admin.rules": ["admin.rules"]
- }
- }
-}
diff --git a/moon_orchestrator/conf/policies/policy_rbac_admin/metadata.json b/moon_orchestrator/conf/policies/policy_rbac_admin/metadata.json
deleted file mode 100644
index 9ee8a11d..00000000
--- a/moon_orchestrator/conf/policies/policy_rbac_admin/metadata.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
- "name": "RBAC Admin Policy",
- "model": "RBAC",
- "genre": "admin",
- "description": "",
-
- "subject_categories": [
- "role"
- ],
-
- "action_categories": [
- "action_id"
- ],
-
- "object_categories": [
- "object_id"
- ]
-}
diff --git a/moon_orchestrator/conf/policies/policy_rbac_admin/metarule.json b/moon_orchestrator/conf/policies/policy_rbac_admin/metarule.json
deleted file mode 100644
index 86dbfad2..00000000
--- a/moon_orchestrator/conf/policies/policy_rbac_admin/metarule.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{
- "sub_meta_rules": {
- "rbac_rule": {
- "subject_categories": ["role"],
- "action_categories": ["action_id"],
- "object_categories": ["object_id"],
- "algorithm": "inclusion"
- }
- },
- "aggregation": "all_true"
-}
-
diff --git a/moon_orchestrator/conf/policies/policy_rbac_admin/perimeter.json b/moon_orchestrator/conf/policies/policy_rbac_admin/perimeter.json
deleted file mode 100644
index 1155533e..00000000
--- a/moon_orchestrator/conf/policies/policy_rbac_admin/perimeter.json
+++ /dev/null
@@ -1,42 +0,0 @@
-{
- "subjects": [
- "admin",
- "demo"
- ],
- "actions": [
- "read",
- "write"
- ],
- "objects": [
- "authz.subjects",
- "authz.objects",
- "authz.actions",
- "authz.subject_categories",
- "authz.object_categories",
- "authz.action_categories",
- "authz.subject_scopes",
- "authz.object_scopes",
- "authz.action_scopes",
- "authz.subject_assignments",
- "authz.object_assignments",
- "authz.action_assignments",
- "authz.aggregation_algorithm",
- "authz.sub_meta_rules",
- "authz.rules",
- "admin.subjects",
- "admin.objects",
- "admin.actions",
- "admin.subject_categories",
- "admin.object_categories",
- "admin.action_categories",
- "admin.subject_scopes",
- "admin.object_scopes",
- "admin.action_scopes",
- "admin.subject_assignments",
- "admin.object_assignments",
- "admin.action_assignments",
- "admin.aggregation_algorithm",
- "admin.sub_meta_rules",
- "admin.rules"
- ]
-}
diff --git a/moon_orchestrator/conf/policies/policy_rbac_admin/rule.json b/moon_orchestrator/conf/policies/policy_rbac_admin/rule.json
deleted file mode 100644
index c89ceff3..00000000
--- a/moon_orchestrator/conf/policies/policy_rbac_admin/rule.json
+++ /dev/null
@@ -1,94 +0,0 @@
-{
- "rbac_rule":[
- ["root_role" , "read", "authz.subjects"],
- ["root_role" , "read", "authz.objects"],
- ["root_role" , "read", "authz.actions"],
- ["root_role" , "read", "authz.subject_categories"],
- ["root_role" , "read", "authz.object_categories"],
- ["root_role" , "read", "authz.action_categories"],
- ["root_role" , "read", "authz.subject_scopes"],
- ["root_role" , "read", "authz.object_scopes"],
- ["root_role" , "read", "authz.action_scopes"],
- ["root_role" , "read", "authz.subject_assignments"],
- ["root_role" , "read", "authz.object_assignments"],
- ["root_role" , "read", "authz.action_assignments"],
- ["root_role" , "read", "authz.aggregation_algorithm"],
- ["root_role" , "read", "authz.sub_meta_rules"],
- ["root_role" , "read", "authz.rules"],
- ["root_role" , "write", "authz.subjects"],
- ["root_role" , "write", "authz.objects"],
- ["root_role" , "write", "authz.actions"],
- ["root_role" , "write", "authz.subject_categories"],
- ["root_role" , "write", "authz.object_categories"],
- ["root_role" , "write", "authz.action_categories"],
- ["root_role" , "write", "authz.subject_scopes"],
- ["root_role" , "write", "authz.object_scopes"],
- ["root_role" , "write", "authz.action_scopes"],
- ["root_role" , "write", "authz.subject_assignments"],
- ["root_role" , "write", "authz.object_assignments"],
- ["root_role" , "write", "authz.action_assignments"],
- ["root_role" , "write", "authz.aggregation_algorithm"],
- ["root_role" , "write", "authz.sub_meta_rules"],
- ["root_role" , "write", "authz.rules"],
- ["root_role" , "read", "admin.subjects"],
- ["root_role" , "read", "admin.objects"],
- ["root_role" , "read", "admin.actions"],
- ["root_role" , "read", "admin.subject_categories"],
- ["root_role" , "read", "admin.object_categories"],
- ["root_role" , "read", "admin.action_categories"],
- ["root_role" , "read", "admin.subject_scopes"],
- ["root_role" , "read", "admin.object_scopes"],
- ["root_role" , "read", "admin.action_scopes"],
- ["root_role" , "read", "admin.subject_assignments"],
- ["root_role" , "read", "admin.object_assignments"],
- ["root_role" , "read", "admin.action_assignments"],
- ["root_role" , "read", "admin.aggregation_algorithm"],
- ["root_role" , "read", "admin.sub_meta_rules"],
- ["root_role" , "read", "admin.rules"],
- ["root_role" , "write", "admin.subjects"],
- ["root_role" , "write", "admin.objects"],
- ["root_role" , "write", "admin.actions"],
- ["root_role" , "write", "admin.subject_categories"],
- ["root_role" , "write", "admin.object_categories"],
- ["root_role" , "write", "admin.action_categories"],
- ["root_role" , "write", "admin.subject_scopes"],
- ["root_role" , "write", "admin.object_scopes"],
- ["root_role" , "write", "admin.action_scopes"],
- ["root_role" , "write", "admin.subject_assignments"],
- ["root_role" , "write", "admin.object_assignments"],
- ["root_role" , "write", "admin.action_assignments"],
- ["root_role" , "write", "admin.aggregation_algorithm"],
- ["root_role" , "write", "admin.sub_meta_rules"],
- ["root_role" , "write", "admin.rules"],
- ["dev_role" , "read", "authz.subjects"],
- ["dev_role" , "read", "authz.objects"],
- ["dev_role" , "read", "authz.actions"],
- ["dev_role" , "read", "authz.subject_categories"],
- ["dev_role" , "read", "authz.object_categories"],
- ["dev_role" , "read", "authz.action_categories"],
- ["dev_role" , "read", "authz.subject_scopes"],
- ["dev_role" , "read", "authz.object_scopes"],
- ["dev_role" , "read", "authz.action_scopes"],
- ["dev_role" , "read", "authz.subject_assignments"],
- ["dev_role" , "read", "authz.object_assignments"],
- ["dev_role" , "read", "authz.action_assignments"],
- ["dev_role" , "read", "authz.aggregation_algorithm"],
- ["dev_role" , "read", "authz.sub_meta_rules"],
- ["dev_role" , "read", "authz.rules"],
- ["dev_role" , "read", "admin.subjects"],
- ["dev_role" , "read", "admin.objects"],
- ["dev_role" , "read", "admin.actions"],
- ["dev_role" , "read", "admin.subject_categories"],
- ["dev_role" , "read", "admin.object_categories"],
- ["dev_role" , "read", "admin.action_categories"],
- ["dev_role" , "read", "admin.subject_scopes"],
- ["dev_role" , "read", "admin.object_scopes"],
- ["dev_role" , "read", "admin.action_scopes"],
- ["dev_role" , "read", "admin.subject_assignments"],
- ["dev_role" , "read", "admin.object_assignments"],
- ["dev_role" , "read", "admin.action_assignments"],
- ["dev_role" , "read", "admin.aggregation_algorithm"],
- ["dev_role" , "read", "admin.sub_meta_rules"],
- ["dev_role" , "read", "admin.rules"]
- ]
-}
diff --git a/moon_orchestrator/conf/policies/policy_rbac_admin/scope.json b/moon_orchestrator/conf/policies/policy_rbac_admin/scope.json
deleted file mode 100644
index 149056a6..00000000
--- a/moon_orchestrator/conf/policies/policy_rbac_admin/scope.json
+++ /dev/null
@@ -1,48 +0,0 @@
-{
- "subject_scopes": {
- "role": [
- "root_role",
- "dev_role"
- ]
- },
- "action_scopes": {
- "action_id": [
- "read",
- "write"
- ]
- },
- "object_scopes": {
- "object_id": [
- "authz.subjects",
- "authz.objects",
- "authz.actions",
- "authz.subject_categories",
- "authz.object_categories",
- "authz.action_categories",
- "authz.subject_scopes",
- "authz.object_scopes",
- "authz.action_scopes",
- "authz.subject_assignments",
- "authz.object_assignments",
- "authz.action_assignments",
- "authz.aggregation_algorithm",
- "authz.sub_meta_rules",
- "authz.rules",
- "admin.subjects",
- "admin.objects",
- "admin.actions",
- "admin.subject_categories",
- "admin.object_categories",
- "admin.action_categories",
- "admin.subject_scopes",
- "admin.object_scopes",
- "admin.action_scopes",
- "admin.subject_assignments",
- "admin.object_assignments",
- "admin.action_assignments",
- "admin.aggregation_algorithm",
- "admin.sub_meta_rules",
- "admin.rules"
- ]
- }
-}
diff --git a/moon_orchestrator/conf/policies/policy_root/assignment.json b/moon_orchestrator/conf/policies/policy_root/assignment.json
deleted file mode 100644
index e849ae13..00000000
--- a/moon_orchestrator/conf/policies/policy_root/assignment.json
+++ /dev/null
@@ -1,39 +0,0 @@
-{
- "subject_assignments": {
- "role": {
- "admin": ["root_role"]
- }
- },
-
- "action_assignments": {
- "action_id": {
- "read": ["read"],
- "write": ["write"]
- }
- },
-
- "object_assignments": {
- "object_id": {
- "templates": ["templates"],
- "sub_meta_rule_algorithms": ["sub_meta_rule_algorithms"],
- "aggregation_algorithms": ["aggregation_algorithms"],
- "tenants": ["tenants"],
- "intra_extensions": ["intra_extensions"],
- "admin.subjects": ["admin.subjects"],
- "admin.objects": ["admin.objects"],
- "admin.actions": ["admin.actions"],
- "admin.subject_categories": ["admin.subject_categories"],
- "admin.object_categories": ["admin.object_categories"],
- "admin.action_categories": ["admin.action_categories"],
- "admin.subject_category_scopes": ["admin.subject_category_scopes"],
- "admin.object_category_scopes": ["admin.object_category_scopes"],
- "admin.action_category_scopes": ["admin.action_category_scopes"],
- "admin.subject_assignments": ["admin.subject_assignments"],
- "admin.object_assignments": ["admin.object_assignments"],
- "admin.action_assignments": ["admin.action_assignments"],
- "admin.aggregation_algorithm": ["admin.aggregation_algorithm"],
- "admin.sub_meta_rules": ["admin.sub_meta_rules"],
- "admin.rules": ["admin.rules"]
- }
- }
-}
diff --git a/moon_orchestrator/conf/policies/policy_root/metadata.json b/moon_orchestrator/conf/policies/policy_root/metadata.json
deleted file mode 100644
index 9dd7a928..00000000
--- a/moon_orchestrator/conf/policies/policy_root/metadata.json
+++ /dev/null
@@ -1,19 +0,0 @@
-{
- "name": "Root Policy",
- "model": "RBAC",
- "genre": "admin",
- "description": "root extension",
- "pdp_pipeline": ["authz:rbac_rule"],
-
- "subject_categories": [
- "role"
- ],
-
- "action_categories": [
- "action_id"
- ],
-
- "object_categories": [
- "object_id"
- ]
-}
diff --git a/moon_orchestrator/conf/policies/policy_root/metarule.json b/moon_orchestrator/conf/policies/policy_root/metarule.json
deleted file mode 100644
index 86dbfad2..00000000
--- a/moon_orchestrator/conf/policies/policy_root/metarule.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{
- "sub_meta_rules": {
- "rbac_rule": {
- "subject_categories": ["role"],
- "action_categories": ["action_id"],
- "object_categories": ["object_id"],
- "algorithm": "inclusion"
- }
- },
- "aggregation": "all_true"
-}
-
diff --git a/moon_orchestrator/conf/policies/policy_root/perimeter.json b/moon_orchestrator/conf/policies/policy_root/perimeter.json
deleted file mode 100644
index 788a27f2..00000000
--- a/moon_orchestrator/conf/policies/policy_root/perimeter.json
+++ /dev/null
@@ -1,31 +0,0 @@
-{
- "subjects": [
- "admin"
- ],
- "actions": [
- "read",
- "write"
- ],
- "objects": [
- "templates",
- "aggregation_algorithms",
- "sub_meta_rule_algorithms",
- "tenants",
- "intra_extensions",
- "admin.subjects",
- "admin.objects",
- "admin.actions",
- "admin.subject_categories",
- "admin.object_categories",
- "admin.action_categories",
- "admin.subject_category_scopes",
- "admin.object_category_scopes",
- "admin.action_category_scopes",
- "admin.subject_assignments",
- "admin.object_assignments",
- "admin.action_assignments",
- "admin.aggregation_algorithm",
- "admin.sub_meta_rules",
- "admin.rules"
- ]
-}
diff --git a/moon_orchestrator/conf/policies/policy_root/rule.json b/moon_orchestrator/conf/policies/policy_root/rule.json
deleted file mode 100644
index 9bbd5e4c..00000000
--- a/moon_orchestrator/conf/policies/policy_root/rule.json
+++ /dev/null
@@ -1,44 +0,0 @@
-{
- "rbac_rule":[
- ["root_role" , "read", "templates"],
- ["root_role" , "read", "aggregation_algorithms"],
- ["root_role" , "read", "sub_meta_rule_algorithms"],
- ["root_role" , "read", "tenants"],
- ["root_role" , "read", "intra_extensions"],
- ["root_role" , "write", "templates"],
- ["root_role" , "write", "aggregation_algorithms"],
- ["root_role" , "write", "sub_meta_rule_algorithms"],
- ["root_role" , "write", "tenants"],
- ["root_role" , "write", "intra_extensions"],
- ["root_role" , "read", "admin.subjects"],
- ["root_role" , "read", "admin.objects"],
- ["root_role" , "read", "admin.actions"],
- ["root_role" , "read", "admin.subject_categories"],
- ["root_role" , "read", "admin.object_categories"],
- ["root_role" , "read", "admin.action_categories"],
- ["root_role" , "read", "admin.subject_category_scopes"],
- ["root_role" , "read", "admin.object_category_scopes"],
- ["root_role" , "read", "admin.action_category_scopes"],
- ["root_role" , "read", "admin.subject_assignments"],
- ["root_role" , "read", "admin.object_assignments"],
- ["root_role" , "read", "admin.action_assignments"],
- ["root_role" , "read", "admin.aggregation_algorithm"],
- ["root_role" , "read", "admin.sub_meta_rules"],
- ["root_role" , "read", "admin.rules"],
- ["root_role" , "write", "admin.subjects"],
- ["root_role" , "write", "admin.objects"],
- ["root_role" , "write", "admin.actions"],
- ["root_role" , "write", "admin.subject_categories"],
- ["root_role" , "write", "admin.object_categories"],
- ["root_role" , "write", "admin.action_categories"],
- ["root_role" , "write", "admin.subject_category_scopes"],
- ["root_role" , "write", "admin.object_category_scopes"],
- ["root_role" , "write", "admin.action_category_scopes"],
- ["root_role" , "write", "admin.subject_assignments"],
- ["root_role" , "write", "admin.object_assignments"],
- ["root_role" , "write", "admin.action_assignments"],
- ["root_role" , "write", "admin.aggregation_algorithm"],
- ["root_role" , "write", "admin.sub_meta_rules"],
- ["root_role" , "write", "admin.rules"]
- ]
-}
diff --git a/moon_orchestrator/conf/policies/policy_root/scope.json b/moon_orchestrator/conf/policies/policy_root/scope.json
deleted file mode 100644
index 43f9ced8..00000000
--- a/moon_orchestrator/conf/policies/policy_root/scope.json
+++ /dev/null
@@ -1,39 +0,0 @@
-{
- "subject_scopes": {
- "role": [
- "root_role"
- ]
- },
-
- "action_scopes": {
- "action_id": [
- "read",
- "write"
- ]
- },
-
- "object_scopes": {
- "object_id": [
- "templates",
- "aggregation_algorithms",
- "sub_meta_rule_algorithms",
- "tenants",
- "intra_extensions",
- "admin.subjects",
- "admin.objects",
- "admin.actions",
- "admin.subject_categories",
- "admin.object_categories",
- "admin.action_categories",
- "admin.subject_category_scopes",
- "admin.object_category_scopes",
- "admin.action_category_scopes",
- "admin.subject_assignments",
- "admin.object_assignments",
- "admin.action_assignments",
- "admin.aggregation_algorithm",
- "admin.sub_meta_rules",
- "admin.rules"
- ]
- }
-}
diff --git a/moon_orchestrator/moon_orchestrator/http_server.py b/moon_orchestrator/moon_orchestrator/http_server.py
index e6a5ee57..62d785a2 100644
--- a/moon_orchestrator/moon_orchestrator/http_server.py
+++ b/moon_orchestrator/moon_orchestrator/http_server.py
@@ -18,7 +18,11 @@ from python_moonutilities import configuration, exceptions
from python_moonutilities.misc import get_random_name
from moon_orchestrator.drivers import get_driver
-LOG = logging.getLogger("moon.orchestrator.http")
+LOG = logging.getLogger("moon.orchestrator.http_server")
+
+__API__ = (
+ Status, Logs
+ )
class Server:
@@ -64,10 +68,6 @@ class Server:
def run(self):
raise NotImplementedError()
-__API__ = (
- Status, Logs
- )
-
class Root(Resource):
"""
diff --git a/moon_orchestrator/moon_orchestrator/server.py b/moon_orchestrator/moon_orchestrator/server.py
index 0cbd535a..ea1a0fbc 100644
--- a/moon_orchestrator/moon_orchestrator/server.py
+++ b/moon_orchestrator/moon_orchestrator/server.py
@@ -8,11 +8,9 @@ import logging
from python_moonutilities import configuration, exceptions
from moon_orchestrator.http_server import HTTPServer
-LOG = logging.getLogger("moon.orchestrator")
+LOG = logging.getLogger("moon.orchestrator.server")
DOMAIN = "moon_orchestrator"
-__CWD__ = os.path.dirname(os.path.abspath(__file__))
-
def main():
configuration.init_logging()
@@ -27,8 +25,7 @@ def main():
port = 80
configuration.add_component(uuid="orchestrator", name=hostname, port=port, bind=bind)
LOG.info("Starting server with IP {} on port {} bind to {}".format(hostname, port, bind))
- server = HTTPServer(host=bind, port=port)
- return server
+ return HTTPServer(host=bind, port=port)
if __name__ == '__main__':
diff --git a/moon_wrapper/Dockerfile b/moon_wrapper/Dockerfile
index 55e7208d..77ffaee9 100644
--- a/moon_wrapper/Dockerfile
+++ b/moon_wrapper/Dockerfile
@@ -1,12 +1,8 @@
-FROM ubuntu:latest
-
-RUN apt update && apt install python3.5 python3-pip -y
-RUN pip3 install pip --upgrade
+FROM python:3
ADD . /root
WORKDIR /root/
-RUN pip3 install -r requirements.txt --upgrade
-RUN pip3 install /root/dist/* --upgrade
+RUN pip3 install -r requirements.txt
RUN pip3 install .
CMD ["python3", "-m", "moon_wrapper"]
diff --git a/moon_wrapper/README.md b/moon_wrapper/README.md
index 4e8fd05c..cdd043a9 100644
--- a/moon_wrapper/README.md
+++ b/moon_wrapper/README.md
@@ -1,5 +1,4 @@
-Wrapper module for the Moon project
-===================================
+# moon_wrapper
This package contains the core module for the Moon project
It is designed to provide authorization features to all OpenStack components.
diff --git a/moon_wrapper/moon_wrapper/api/wrapper.py b/moon_wrapper/moon_wrapper/api/oslowrapper.py
index e1ce783a..a422ee42 100644
--- a/moon_wrapper/moon_wrapper/api/wrapper.py
+++ b/moon_wrapper/moon_wrapper/api/oslowrapper.py
@@ -19,14 +19,14 @@ __version__ = "0.1.0"
LOG = logging.getLogger("moon.wrapper.api." + __name__)
-class Wrapper(Resource):
+class OsloWrapper(Resource):
"""
Endpoint for authz requests
"""
__urls__ = (
- "/authz",
- "/authz/",
+ "/authz/oslo",
+ "/authz/oslo/",
)
def __init__(self, **kwargs):
@@ -34,10 +34,6 @@ class Wrapper(Resource):
self.CACHE = kwargs.get("cache", {})
self.TIMEOUT = 5
- # def get(self):
- # LOG.info("GET")
- # return self.manage_data()
-
def post(self):
LOG.debug("POST {}".format(request.form))
response = flask.make_response("False")
@@ -101,6 +97,7 @@ class Wrapper(Resource):
rule = data.get('rule', "")
_subject = self.__get_subject(target, credentials)
_object = self.__get_object(target, credentials)
+ _action = rule
_project_id = self.__get_project_id(target, credentials)
LOG.debug("POST with args project={} / "
"subject={} - object={} - action={}".format(
@@ -112,7 +109,7 @@ class Wrapper(Resource):
_project_id,
_subject,
_object,
- rule
+ _action
))
LOG.debug("Get interface {}".format(req.text))
if req.status_code == 200:
diff --git a/moon_wrapper/moon_wrapper/http_server.py b/moon_wrapper/moon_wrapper/http_server.py
index 1b429bc5..8027a0d3 100644
--- a/moon_wrapper/moon_wrapper/http_server.py
+++ b/moon_wrapper/moon_wrapper/http_server.py
@@ -8,15 +8,19 @@ from flask_restful import Resource, Api
import logging
from moon_wrapper import __version__
from moon_wrapper.api.generic import Status, Logs, API
-from moon_wrapper.api.wrapper import Wrapper
+from moon_wrapper.api.oslowrapper import OsloWrapper
from python_moonutilities.cache import Cache
from python_moonutilities import configuration, exceptions
-logger = logging.getLogger("moon.wrapper.http")
+logger = logging.getLogger("moon.wrapper.http_server")
CACHE = Cache()
+__API__ = (
+ Status, Logs, API
+ )
+
class Server:
"""Base class for HTTP server"""
@@ -61,10 +65,6 @@ class Server:
def run(self):
raise NotImplementedError()
-__API__ = (
- Status, Logs, API
- )
-
class Root(Resource):
"""
@@ -127,7 +127,7 @@ class HTTPServer(Server):
for api in __API__:
self.api.add_resource(api, *api.__urls__)
- self.api.add_resource(Wrapper, *Wrapper.__urls__,
+ self.api.add_resource(OsloWrapper, *OsloWrapper.__urls__,
resource_class_kwargs={
"orchestrator_url": self.orchestrator_url,
"cache": CACHE,
@@ -136,5 +136,4 @@ class HTTPServer(Server):
def run(self):
self.app.run(host=self._host, port=self._port) # nosec
- # self.app.run(debug=True, host=self._host, port=self._port) # nosec
diff --git a/moon_wrapper/moon_wrapper/server.py b/moon_wrapper/moon_wrapper/server.py
index 2f236c4f..280fdb68 100644
--- a/moon_wrapper/moon_wrapper/server.py
+++ b/moon_wrapper/moon_wrapper/server.py
@@ -7,7 +7,7 @@ import logging
from python_moonutilities import configuration, exceptions
from moon_wrapper.http_server import HTTPServer
-LOG = logging.getLogger("moon.wrapper")
+LOG = logging.getLogger("moon.wrapper.server")
def main():
@@ -24,8 +24,7 @@ def main():
port = 80
configuration.add_component(uuid="wrapper", name=hostname, port=port, bind=bind)
LOG.info("Starting server with IP {} on port {} bind to {}".format(hostname, port, bind))
- server = HTTPServer(host=bind, port=port)
- return server
+ return HTTPServer(host=bind, port=port)
if __name__ == '__main__':
diff --git a/python_moonclient/README.md b/python_moonclient/README.md
index d1ebc786..1a9731e7 100644
--- a/python_moonclient/README.md
+++ b/python_moonclient/README.md
@@ -1,4 +1,4 @@
-# python-moonclient Package
+# python-moonclient
This package contains the core module for the Moon project.
It is designed to provide authorization feature to all OpenStack components.
@@ -11,13 +11,13 @@ python_moonutilities is a common Python lib for other Moon Python packages
## Build
### Build Python Package
```bash
-cd ${MOON_HOME}/moonv4/python_moonclient
+cd ${MOON_HOME}/python_moonclient
python3 setup.py sdist bdist_wheel
```
### Push Python Package to PIP
```bash
-cd ${MOON_HOME}/moonv4/python_moonclient
+cd ${MOON_HOME}/python_moonclient
gpg --detach-sign -u "${GPG_ID}" -a dist/python_moonclient-X.Y.Z-py3-none-any.whl
gpg --detach-sign -u "${GPG_ID}" -a dist/python_moonclient-X.Y.Z.tar.gz
twine upload dist/python_moonclient-X.Y.Z-py3-none-any.whl dist/python_moonclient-X.Y.Z-py3-none-any.whl.asc
@@ -28,6 +28,6 @@ twine upload dist/python_moonclient-X.Y.Z.tar.gz dist/python_moonclient-X.Y.Z.ta
### Python Unit Test
launch Docker for Python unit tests
```bash
-cd ${MOON_HOME}/moonv4/python_moonclient
+cd ${MOON_HOME}/python_moonclient
docker run --rm --volume $(pwd):/data wukongsun/moon_python_unit_test:latest
```
diff --git a/python_moonclient/python_moonclient/authz.py b/python_moonclient/python_moonclient/authz.py
index 9458767e..b90bf00f 100644
--- a/python_moonclient/python_moonclient/authz.py
+++ b/python_moonclient/python_moonclient/authz.py
@@ -13,7 +13,7 @@ HOST_KEYSTONE = None
PORT_KEYSTONE = None
lock = threading.Lock()
-logger = logging.getLogger(__name__)
+logger = logging.getLogger("moonclient.authz")
def _construct_payload(creds, current_rule, enforcer, target):
@@ -122,7 +122,7 @@ def send_requests(scenario, authz_host, authz_port, keystone_project_id, request
while request_cpt < limit:
rule = (random.choice(SUBJECTS), random.choice(OBJECTS), random.choice(ACTIONS))
if destination.lower() == "wrapper":
- url = "http://{}:{}/authz".format(authz_host, authz_port)
+ url = "http://{}:{}/authz/oslo".format(authz_host, authz_port)
data = {
'target': {
"user_id": random.choice(SUBJECTS),
diff --git a/python_moonclient/python_moonclient/parse.py b/python_moonclient/python_moonclient/parse.py
index 8960c41c..d31b3ebd 100644
--- a/python_moonclient/python_moonclient/parse.py
+++ b/python_moonclient/python_moonclient/parse.py
@@ -2,7 +2,7 @@ import logging
import argparse
-logger = logging.getLogger("python_moonclient.utils.parse")
+logger = logging.getLogger("python_moonclient.parse")
def parse():
diff --git a/python_moonclient/python_moonclient/pdp.py b/python_moonclient/python_moonclient/pdp.py
index e628fe17..6841a276 100644
--- a/python_moonclient/python_moonclient/pdp.py
+++ b/python_moonclient/python_moonclient/pdp.py
@@ -3,7 +3,8 @@ import logging
import requests
from python_moonclient import config
-logger = logging.getLogger("python_moonclient.utils.pdp")
+logger = logging.getLogger("python_moonclient.pdp")
+
URL = None
HEADERS = None
KEYSTONE_USER = None
@@ -11,8 +12,6 @@ KEYSTONE_PASSWORD = None
KEYSTONE_PROJECT = None
KEYSTONE_SERVER = None
-# config = utils.config.get_config_data()
-
pdp_template = {
"name": "test_pdp",
diff --git a/python_moonclient/python_moonclient/policies.py b/python_moonclient/python_moonclient/policies.py
index 80210811..0fae63c2 100644
--- a/python_moonclient/python_moonclient/policies.py
+++ b/python_moonclient/python_moonclient/policies.py
@@ -2,12 +2,10 @@ import logging
import requests
from . import config, models
-logger = logging.getLogger("moonclient.models")
+logger = logging.getLogger("moonclient.policies")
URL = None
HEADERS = None
-FILE = open("/tmp/test.log", "w")
-logger = logging.getLogger("utils.policies")
policy_template = {
"name": "test_policy",
diff --git a/python_moonclient/python_moonclient/scripts.py b/python_moonclient/python_moonclient/scripts.py
index 30759743..c880e497 100644
--- a/python_moonclient/python_moonclient/scripts.py
+++ b/python_moonclient/python_moonclient/scripts.py
@@ -3,7 +3,7 @@ from importlib.machinery import SourceFileLoader
from . import parse, models, policies, pdp, authz
-logger = logging.getLogger("python_moonclient.scripts")
+logger = logging.getLogger("moonclient.scripts")
def get_keystone_projects():
diff --git a/python_moonclient/setup.py b/python_moonclient/setup.py
index 1c3ddb80..709e3ffa 100644
--- a/python_moonclient/setup.py
+++ b/python_moonclient/setup.py
@@ -9,6 +9,7 @@ import python_moonclient
with open('requirements.txt') as f:
required = f.read().splitlines()
+
setup(
name='python-moonclient',
@@ -42,12 +43,12 @@ setup(
entry_points={
'console_scripts': [
'moon_get_keystone_projects = python_moonclient.scripts:get_keystone_projects',
- 'moon_create_pdp = python_moonclient.scripts:create_pdp',
'moon_get_pdp = python_moonclient.scripts:get_pdp',
- 'moon_send_authz_to_wrapper = python_moonclient.scripts:send_authz_to_wrapper',
+ 'moon_create_pdp = python_moonclient.scripts:create_pdp',
'moon_delete_pdp = python_moonclient.scripts:delete_pdp',
'moon_delete_policy = python_moonclient.scripts:delete_policy',
- 'moon_map_pdp_to_project = python_moonclient.scripts:map_pdp_to_project'
+ 'moon_map_pdp_to_project = python_moonclient.scripts:map_pdp_to_project',
+ 'moon_send_authz_to_wrapper = python_moonclient.scripts:send_authz_to_wrapper'
],
}
diff --git a/python_moondb/python_moondb/backends/sql.py b/python_moondb/python_moondb/backends/sql.py
index 5dba8eb2..b4a8531f 100644
--- a/python_moondb/python_moondb/backends/sql.py
+++ b/python_moondb/python_moondb/backends/sql.py
@@ -1815,61 +1815,3 @@ class ModelConnector(BaseConnector, ModelDriver):
class SQLConnector(PDPConnector, PolicyConnector, ModelConnector):
pass
-
-# class InterExtension(Base):
-# __tablename__ = 'inter_extension'
-# attributes = [
-# 'id',
-# 'requesting_intra_extension_id',
-# 'requested_intra_extension_id',
-# 'virtual_entity_uuid',
-# 'genre',
-# 'description',
-# ]
-# id = sql.Column(sql.String(64), primary_key=True)
-# requesting_intra_extension_id = sql.Column(sql.String(64))
-# requested_intra_extension_id = sql.Column(sql.String(64))
-# virtual_entity_uuid = sql.Column(sql.String(64))
-# genre = sql.Column(sql.String(64))
-# description = sql.Column(sql.Text())
-#
-# @classmethod
-# def from_dict(cls, d):
-# """Override parent from_dict() method with a simpler implementation.
-# """
-# new_d = d.copy()
-# return cls(**new_d)
-#
-# def to_dict(self):
-# """Override parent to_dict() method with a simpler implementation.
-# """
-# return dict(six.iteritems(self))
-#
-#
-# class InterExtensionBaseConnector(InterExtensionDriver):
-#
-# def get_inter_extensions(self):
-# with self.get_session_for_read() as session:
-# query = session.query(InterExtension.id)
-# interextensions = query.all()
-# return [interextension.id for interextension in interextensions]
-#
-# def create_inter_extensions(self, inter_id, inter_extension):
-# with self.get_session_for_read() as session:
-# ie_ref = InterExtension.from_dict(inter_extension)
-# session.add(ie_ref)
-# return InterExtension.to_dict(ie_ref)
-#
-# def get_inter_extension(self, uuid):
-# with self.get_session_for_read() as session:
-# query = session.query(InterExtension)
-# query = query.filter_by(id=uuid)
-# ref = query.first()
-# if not ref:
-# raise exception.NotFound
-# return ref.to_dict()
-#
-# def delete_inter_extensions(self, inter_extension_id):
-# with self.get_session_for_read() as session:
-# ref = session.query(InterExtension).get(inter_extension_id)
-# session.delete(ref)
diff --git a/python_moondb/python_moondb/core.py b/python_moondb/python_moondb/core.py
index 49e9f711..49b3c7dd 100644
--- a/python_moondb/python_moondb/core.py
+++ b/python_moondb/python_moondb/core.py
@@ -212,6 +212,7 @@ class KeystoneDriver(Driver):
conf = configuration.get_configuration("database")['database']
+
KeystoneManager = keystone.KeystoneManager(
KeystoneDriver(conf['driver'], conf['url'])
)
@@ -227,71 +228,3 @@ PolicyManager = policy.PolicyManager(
PDPManager = pdp.PDPManager(
PDPDriver(conf['driver'], conf['url'])
)
-
-
-# class LogDriver(object):
-#
-# def authz(self, message):
-# """Log authorization message
-#
-# :param message: the message to log
-# :type message: string
-# :return: None
-# """
-# raise NotImplementedError() # pragma: no cover
-#
-# def debug(self, message):
-# """Log debug message
-#
-# :param message: the message to log
-# :type message: string
-# :return: None
-# """
-# raise NotImplementedError() # pragma: no cover
-#
-# def info(self, message):
-# """Log informational message
-#
-# :param message: the message to log
-# :type message: string
-# :return: None
-# """
-# raise NotImplementedError() # pragma: no cover
-#
-# def warning(self, message):
-# """Log warning message
-#
-# :param message: the message to log
-# :type message: string
-# :return: None
-# """
-# raise NotImplementedError() # pragma: no cover
-#
-# def error(self, message):
-# """Log error message
-#
-# :param message: the message to log
-# :type message: string
-# :return: None
-# """
-# raise NotImplementedError() # pragma: no cover
-#
-# def critical(self, message):
-# """Log critical message
-#
-# :param message: the message to log
-# :type message: string
-# :return: None
-# """
-# raise NotImplementedError() # pragma: no cover
-#
-# def get_logs(self, options):
-# """Get logs
-#
-# :param options: options to filter log events
-# :type options: string eg: "event_number=10,from=2014-01-01-10:10:10,to=2014-01-01-12:10:10,filter=expression"
-# :return: a list of log events
-#
-# TIME_FORMAT is '%Y-%m-%d-%H:%M:%S'
-# """
-# raise NotImplementedError() # pragma: no cover
diff --git a/tools/bin/README.md b/tools/bin/README.md
index 3125c468..71ff4a44 100644
--- a/tools/bin/README.md
+++ b/tools/bin/README.md
@@ -1,5 +1,8 @@
# Automated Tools/Scripts
-## moon_utilities_update
-- update moon_utilities to PIP: `./moon_utilities_update.sh upload`
-- locally update moon_utilities for each moon Python package: `./moon_utilities_update.sh copy` \ No newline at end of file
+## api2pdf
+```bash
+python3 $MOON_HOME/tools/bin/api2rst.py
+pandoc api.rst --toc -o api.pdf
+evince api.pdf
+```
diff --git a/moon_interface/tools/api2rst.py b/tools/bin/api2rst.py
index 6d407bdf..6d407bdf 100644
--- a/moon_interface/tools/api2rst.py
+++ b/tools/bin/api2rst.py
diff --git a/moon_interface/tools/get_keystone_token.py b/tools/bin/get_keystone_token.py
index 1856aab8..1856aab8 100644
--- a/moon_interface/tools/get_keystone_token.py
+++ b/tools/bin/get_keystone_token.py
diff --git a/tools/moon_kubernetes/start_moon.sh b/tools/moon_kubernetes/start_moon.sh
index 47d6998b..32d9740d 100644
--- a/tools/moon_kubernetes/start_moon.sh
+++ b/tools/moon_kubernetes/start_moon.sh
@@ -33,4 +33,6 @@ kubectl create -n moon -f tools/moon_kubernetes/templates/moon_orchestrator.yaml
kubectl create -n moon -f tools/moon_kubernetes/templates/moon_gui.yaml
+# load moon_wrapper on both master and slaves
+# moon_create_wrapper