aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorThomas Duval <thomas.duval@orange.com>2017-11-07 11:23:23 +0100
committerThomas Duval <thomas.duval@orange.com>2017-11-07 11:23:23 +0100
commit232d674bd645f961ff4f3e9765a806536cf3f3bf (patch)
treea8192ef940dd935784a7be50fe2d095d4ab4956c
parentd11ee09f6fc511d6f7000fba35ad6aedfc65c92b (diff)
Connect the Moon subjects with the Keystone users.
Change-Id: I67a8956e86cda0853f352743ab0886169bdc2902
-rw-r--r--moonv4/kubernetes/start_moon.sh2
-rw-r--r--moonv4/moon_db/Changelog4
-rw-r--r--moonv4/moon_db/moon_db/__init__.py2
-rw-r--r--moonv4/moon_db/moon_db/api/policy.py17
-rw-r--r--moonv4/moon_utilities/Changelog4
-rw-r--r--moonv4/moon_utilities/build.sh12
-rw-r--r--moonv4/moon_utilities/moon_utilities/__init__.py2
-rw-r--r--moonv4/moon_utilities/moon_utilities/security_functions.py23
8 files changed, 48 insertions, 18 deletions
diff --git a/moonv4/kubernetes/start_moon.sh b/moonv4/kubernetes/start_moon.sh
index 705ca223..8121e319 100644
--- a/moonv4/kubernetes/start_moon.sh
+++ b/moonv4/kubernetes/start_moon.sh
@@ -16,7 +16,7 @@ echo =========================================
kubectl get pods -n moon
echo =========================================
-sleep 5
+sleep 10
kubectl create -n moon -f kubernetes/templates/moon_configuration.yaml
echo Waiting for jobs moonforming
diff --git a/moonv4/moon_db/Changelog b/moonv4/moon_db/Changelog
index 16452f6e..fa84ca92 100644
--- a/moonv4/moon_db/Changelog
+++ b/moonv4/moon_db/Changelog
@@ -28,3 +28,7 @@ CHANGES
- Fix a bug in core.py
- Update db_manager
+1.1.0
+-----
+- When adding a subject, check the existence of that user in the Keystone DB and
+ create it if necessary
diff --git a/moonv4/moon_db/moon_db/__init__.py b/moonv4/moon_db/moon_db/__init__.py
index d42cdbdf..ac014182 100644
--- a/moonv4/moon_db/moon_db/__init__.py
+++ b/moonv4/moon_db/moon_db/__init__.py
@@ -3,5 +3,5 @@
# license which can be found in the file 'LICENSE' in this package distribution
# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-__version__ = "1.0.3"
+__version__ = "1.1.0"
diff --git a/moonv4/moon_db/moon_db/api/policy.py b/moonv4/moon_db/moon_db/api/policy.py
index e0413bdc..093d14bd 100644
--- a/moonv4/moon_db/moon_db/api/policy.py
+++ b/moonv4/moon_db/moon_db/api/policy.py
@@ -4,11 +4,10 @@
# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
from uuid import uuid4
-from oslo_log import log as logging
-from moon_utilities.security_functions import filter_input, enforce
+import logging
+from moon_utilities.security_functions import enforce
from moon_db.api.managers import Managers
-
LOG = logging.getLogger("moon.db.api.policy")
@@ -52,9 +51,17 @@ class PolicyManager(Managers):
@enforce(("read", "write"), "perimeter")
def add_subject(self, user_id, policy_id, perimeter_id=None, value=None):
+ k_user = Managers.KeystoneManager.get_user_by_name(value.get('name'))
+ if not k_user['users']:
+ k_user = Managers.KeystoneManager.create_user(value)
if not perimeter_id:
- perimeter_id = uuid4().hex
- # TODO (asteroide): must check and add Keystone ID here
+ try:
+ perimeter_id = k_user['users'][0].get('id', uuid4().hex)
+ except IndexError:
+ k_user = Managers.KeystoneManager.get_user_by_name(
+ value.get('name'))
+ perimeter_id = uuid4().hex
+ value.update(k_user['users'][0])
return self.driver.set_subject(policy_id=policy_id, perimeter_id=perimeter_id, value=value)
@enforce(("read", "write"), "perimeter")
diff --git a/moonv4/moon_utilities/Changelog b/moonv4/moon_utilities/Changelog
index ca67cbd4..81b7c46d 100644
--- a/moonv4/moon_utilities/Changelog
+++ b/moonv4/moon_utilities/Changelog
@@ -55,3 +55,7 @@ CHANGES
-----
- Fix a bug on the connection between interface and authz
+1.4.0
+-----
+- Add a waiting loop when the Keystone server is not currently available
+
diff --git a/moonv4/moon_utilities/build.sh b/moonv4/moon_utilities/build.sh
index b327e49d..3068b651 100644
--- a/moonv4/moon_utilities/build.sh
+++ b/moonv4/moon_utilities/build.sh
@@ -1,6 +1,6 @@
#!/usr/bin/env bash
-VERSION=moon_utilities-1.3.4
+VERSION=moon_utilities-1.4.0
python3 setup.py sdist bdist_wheel
@@ -12,17 +12,27 @@ gpg --detach-sign -u "A0A96E75" -a dist/${VERSION}.tar.gz
if [ "$1" = "upload" ]; then
twine upload dist/${VERSION}-py3-none-any.whl dist/${VERSION}-py3-none-any.whl.asc
twine upload dist/${VERSION}.tar.gz dist/${VERSION}.tar.gz.asc
+ rm -f ../moon_orchestrator/dist/moon_utilities*
+ rm -f ../moon_interface/dist/moon_utilities*
+ rm -f ../moon_manager/dist/moon_utilities*
+ rm -f ../moon_authz/dist/moon_utilities*
+ rm -f ../moon_wrapper/dist/moon_utilities*
fi
if [ "$1" = "copy" ]; then
mkdir -p ../moon_orchestrator/dist/ 2>/dev/null
+ rm -f ../moon_orchestrator/dist/moon_utilities*
cp -v dist/${VERSION}-py3-none-any.whl ../moon_orchestrator/dist/
mkdir -p ../moon_interface/dist/ 2>/dev/null
+ rm -f ../moon_interface/dist/moon_utilities*
cp -v dist/${VERSION}-py3-none-any.whl ../moon_interface/dist/
mkdir -p ../moon_manager/dist/ 2>/dev/null
+ rm -f ../moon_manager/dist/moon_utilities*
cp -v dist/${VERSION}-py3-none-any.whl ../moon_manager/dist/
mkdir -p ../moon_authz/dist/ 2>/dev/null
+ rm -f ../moon_authz/dist/moon_utilities*
cp -v dist/${VERSION}-py3-none-any.whl ../moon_authz/dist/
mkdir -p ../moon_wrapper/dist/ 2>/dev/null
+ rm -f ../moon_wrapper/dist/moon_utilities*
cp -v dist/${VERSION}-py3-none-any.whl ../moon_wrapper/dist/
fi
diff --git a/moonv4/moon_utilities/moon_utilities/__init__.py b/moonv4/moon_utilities/moon_utilities/__init__.py
index 3e59b6a0..8b353f9f 100644
--- a/moonv4/moon_utilities/moon_utilities/__init__.py
+++ b/moonv4/moon_utilities/moon_utilities/__init__.py
@@ -3,4 +3,4 @@
# license which can be found in the file 'LICENSE' in this package distribution
# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-__version__ = "1.3.4"
+__version__ = "1.4.0"
diff --git a/moonv4/moon_utilities/moon_utilities/security_functions.py b/moonv4/moon_utilities/moon_utilities/security_functions.py
index fc90d305..f55620b6 100644
--- a/moonv4/moon_utilities/moon_utilities/security_functions.py
+++ b/moonv4/moon_utilities/moon_utilities/security_functions.py
@@ -98,6 +98,7 @@ def enforce(action_names, object_name, **extra):
def login(user=None, password=None, domain=None, project=None, url=None):
+ start_time = time.time()
if not user:
user = keystone_config['user']
if not password:
@@ -138,15 +139,19 @@ def login(user=None, password=None, domain=None, project=None, url=None):
}
}
- req = requests.post("{}/auth/tokens".format(url),
- json=data_auth, headers=headers,
- verify=keystone_config['certificate'])
-
- if req.status_code in (200, 201, 204):
- headers['X-Auth-Token'] = req.headers['X-Subject-Token']
- return headers
- LOG.error(req.text)
- raise exceptions.KeystoneError
+ while True:
+ req = requests.post("{}/auth/tokens".format(url),
+ json=data_auth, headers=headers,
+ verify=keystone_config['certificate'])
+
+ if req.status_code in (200, 201, 204):
+ headers['X-Auth-Token'] = req.headers['X-Subject-Token']
+ return headers
+ LOG.warning("Waiting for Keystone...")
+ if time.time() - start_time == 100:
+ LOG.error(req.text)
+ raise exceptions.KeystoneError
+ time.sleep(5)
def logout(headers, url=None):