diff options
author | Thomas Duval <thomas.duval@orange.com> | 2017-11-07 11:23:23 +0100 |
---|---|---|
committer | Thomas Duval <thomas.duval@orange.com> | 2017-11-07 11:23:23 +0100 |
commit | 232d674bd645f961ff4f3e9765a806536cf3f3bf (patch) | |
tree | a8192ef940dd935784a7be50fe2d095d4ab4956c | |
parent | d11ee09f6fc511d6f7000fba35ad6aedfc65c92b (diff) |
Connect the Moon subjects with the Keystone users.
Change-Id: I67a8956e86cda0853f352743ab0886169bdc2902
-rw-r--r-- | moonv4/kubernetes/start_moon.sh | 2 | ||||
-rw-r--r-- | moonv4/moon_db/Changelog | 4 | ||||
-rw-r--r-- | moonv4/moon_db/moon_db/__init__.py | 2 | ||||
-rw-r--r-- | moonv4/moon_db/moon_db/api/policy.py | 17 | ||||
-rw-r--r-- | moonv4/moon_utilities/Changelog | 4 | ||||
-rw-r--r-- | moonv4/moon_utilities/build.sh | 12 | ||||
-rw-r--r-- | moonv4/moon_utilities/moon_utilities/__init__.py | 2 | ||||
-rw-r--r-- | moonv4/moon_utilities/moon_utilities/security_functions.py | 23 |
8 files changed, 48 insertions, 18 deletions
diff --git a/moonv4/kubernetes/start_moon.sh b/moonv4/kubernetes/start_moon.sh index 705ca223..8121e319 100644 --- a/moonv4/kubernetes/start_moon.sh +++ b/moonv4/kubernetes/start_moon.sh @@ -16,7 +16,7 @@ echo ========================================= kubectl get pods -n moon echo ========================================= -sleep 5 +sleep 10 kubectl create -n moon -f kubernetes/templates/moon_configuration.yaml echo Waiting for jobs moonforming diff --git a/moonv4/moon_db/Changelog b/moonv4/moon_db/Changelog index 16452f6e..fa84ca92 100644 --- a/moonv4/moon_db/Changelog +++ b/moonv4/moon_db/Changelog @@ -28,3 +28,7 @@ CHANGES - Fix a bug in core.py - Update db_manager +1.1.0 +----- +- When adding a subject, check the existence of that user in the Keystone DB and + create it if necessary diff --git a/moonv4/moon_db/moon_db/__init__.py b/moonv4/moon_db/moon_db/__init__.py index d42cdbdf..ac014182 100644 --- a/moonv4/moon_db/moon_db/__init__.py +++ b/moonv4/moon_db/moon_db/__init__.py @@ -3,5 +3,5 @@ # license which can be found in the file 'LICENSE' in this package distribution # or at 'http://www.apache.org/licenses/LICENSE-2.0'. -__version__ = "1.0.3" +__version__ = "1.1.0" diff --git a/moonv4/moon_db/moon_db/api/policy.py b/moonv4/moon_db/moon_db/api/policy.py index e0413bdc..093d14bd 100644 --- a/moonv4/moon_db/moon_db/api/policy.py +++ b/moonv4/moon_db/moon_db/api/policy.py @@ -4,11 +4,10 @@ # or at 'http://www.apache.org/licenses/LICENSE-2.0'. from uuid import uuid4 -from oslo_log import log as logging -from moon_utilities.security_functions import filter_input, enforce +import logging +from moon_utilities.security_functions import enforce from moon_db.api.managers import Managers - LOG = logging.getLogger("moon.db.api.policy") @@ -52,9 +51,17 @@ class PolicyManager(Managers): @enforce(("read", "write"), "perimeter") def add_subject(self, user_id, policy_id, perimeter_id=None, value=None): + k_user = Managers.KeystoneManager.get_user_by_name(value.get('name')) + if not k_user['users']: + k_user = Managers.KeystoneManager.create_user(value) if not perimeter_id: - perimeter_id = uuid4().hex - # TODO (asteroide): must check and add Keystone ID here + try: + perimeter_id = k_user['users'][0].get('id', uuid4().hex) + except IndexError: + k_user = Managers.KeystoneManager.get_user_by_name( + value.get('name')) + perimeter_id = uuid4().hex + value.update(k_user['users'][0]) return self.driver.set_subject(policy_id=policy_id, perimeter_id=perimeter_id, value=value) @enforce(("read", "write"), "perimeter") diff --git a/moonv4/moon_utilities/Changelog b/moonv4/moon_utilities/Changelog index ca67cbd4..81b7c46d 100644 --- a/moonv4/moon_utilities/Changelog +++ b/moonv4/moon_utilities/Changelog @@ -55,3 +55,7 @@ CHANGES ----- - Fix a bug on the connection between interface and authz +1.4.0 +----- +- Add a waiting loop when the Keystone server is not currently available + diff --git a/moonv4/moon_utilities/build.sh b/moonv4/moon_utilities/build.sh index b327e49d..3068b651 100644 --- a/moonv4/moon_utilities/build.sh +++ b/moonv4/moon_utilities/build.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -VERSION=moon_utilities-1.3.4 +VERSION=moon_utilities-1.4.0 python3 setup.py sdist bdist_wheel @@ -12,17 +12,27 @@ gpg --detach-sign -u "A0A96E75" -a dist/${VERSION}.tar.gz if [ "$1" = "upload" ]; then twine upload dist/${VERSION}-py3-none-any.whl dist/${VERSION}-py3-none-any.whl.asc twine upload dist/${VERSION}.tar.gz dist/${VERSION}.tar.gz.asc + rm -f ../moon_orchestrator/dist/moon_utilities* + rm -f ../moon_interface/dist/moon_utilities* + rm -f ../moon_manager/dist/moon_utilities* + rm -f ../moon_authz/dist/moon_utilities* + rm -f ../moon_wrapper/dist/moon_utilities* fi if [ "$1" = "copy" ]; then mkdir -p ../moon_orchestrator/dist/ 2>/dev/null + rm -f ../moon_orchestrator/dist/moon_utilities* cp -v dist/${VERSION}-py3-none-any.whl ../moon_orchestrator/dist/ mkdir -p ../moon_interface/dist/ 2>/dev/null + rm -f ../moon_interface/dist/moon_utilities* cp -v dist/${VERSION}-py3-none-any.whl ../moon_interface/dist/ mkdir -p ../moon_manager/dist/ 2>/dev/null + rm -f ../moon_manager/dist/moon_utilities* cp -v dist/${VERSION}-py3-none-any.whl ../moon_manager/dist/ mkdir -p ../moon_authz/dist/ 2>/dev/null + rm -f ../moon_authz/dist/moon_utilities* cp -v dist/${VERSION}-py3-none-any.whl ../moon_authz/dist/ mkdir -p ../moon_wrapper/dist/ 2>/dev/null + rm -f ../moon_wrapper/dist/moon_utilities* cp -v dist/${VERSION}-py3-none-any.whl ../moon_wrapper/dist/ fi diff --git a/moonv4/moon_utilities/moon_utilities/__init__.py b/moonv4/moon_utilities/moon_utilities/__init__.py index 3e59b6a0..8b353f9f 100644 --- a/moonv4/moon_utilities/moon_utilities/__init__.py +++ b/moonv4/moon_utilities/moon_utilities/__init__.py @@ -3,4 +3,4 @@ # license which can be found in the file 'LICENSE' in this package distribution # or at 'http://www.apache.org/licenses/LICENSE-2.0'. -__version__ = "1.3.4" +__version__ = "1.4.0" diff --git a/moonv4/moon_utilities/moon_utilities/security_functions.py b/moonv4/moon_utilities/moon_utilities/security_functions.py index fc90d305..f55620b6 100644 --- a/moonv4/moon_utilities/moon_utilities/security_functions.py +++ b/moonv4/moon_utilities/moon_utilities/security_functions.py @@ -98,6 +98,7 @@ def enforce(action_names, object_name, **extra): def login(user=None, password=None, domain=None, project=None, url=None): + start_time = time.time() if not user: user = keystone_config['user'] if not password: @@ -138,15 +139,19 @@ def login(user=None, password=None, domain=None, project=None, url=None): } } - req = requests.post("{}/auth/tokens".format(url), - json=data_auth, headers=headers, - verify=keystone_config['certificate']) - - if req.status_code in (200, 201, 204): - headers['X-Auth-Token'] = req.headers['X-Subject-Token'] - return headers - LOG.error(req.text) - raise exceptions.KeystoneError + while True: + req = requests.post("{}/auth/tokens".format(url), + json=data_auth, headers=headers, + verify=keystone_config['certificate']) + + if req.status_code in (200, 201, 204): + headers['X-Auth-Token'] = req.headers['X-Subject-Token'] + return headers + LOG.warning("Waiting for Keystone...") + if time.time() - start_time == 100: + LOG.error(req.text) + raise exceptions.KeystoneError + time.sleep(5) def logout(headers, url=None): |