aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRuan HE <ruan.he@orange.com>2017-12-28 14:31:54 +0000
committerGerrit Code Review <gerrit@opnfv.org>2017-12-28 14:31:54 +0000
commit6b0d5c0bad36bf6879d6c9abebf7a3ee79b9e154 (patch)
treee7b9a56478d7a9fc745f6ce288773ce055e975df
parentb7cf76d39eab9d292b8d58db4b0934557cad4509 (diff)
parent5bdbd6fc5b3f1aac00e20958c2d1307dd36a9f44 (diff)
Merge "Clean the code"
-rw-r--r--python_moonutilities/Changelog4
-rw-r--r--python_moonutilities/python_moonutilities/__init__.py4
-rw-r--r--python_moonutilities/python_moonutilities/api.py28
-rw-r--r--python_moonutilities/python_moonutilities/auth.py6
-rw-r--r--python_moonutilities/python_moonutilities/cache.py10
-rw-r--r--python_moonutilities/python_moonutilities/configuration.py19
-rw-r--r--python_moonutilities/python_moonutilities/context.py319
-rw-r--r--python_moonutilities/python_moonutilities/exceptions.py24
-rw-r--r--python_moonutilities/python_moonutilities/misc.py28
-rw-r--r--python_moonutilities/python_moonutilities/security_functions.py319
-rw-r--r--python_moonutilities/tests/unit_python/mock_repo/components_utilities.py2
-rw-r--r--python_moonutilities/tests/unit_python/test_configuration.py5
12 files changed, 367 insertions, 401 deletions
diff --git a/python_moonutilities/Changelog b/python_moonutilities/Changelog
index dd441427..91f09cbf 100644
--- a/python_moonutilities/Changelog
+++ b/python_moonutilities/Changelog
@@ -70,3 +70,7 @@ CHANGES
1.4.3
-----
- Fix a bug in MANIFEST.in
+
+1.4.4
+-----
+- Code cleaning
diff --git a/python_moonutilities/python_moonutilities/__init__.py b/python_moonutilities/python_moonutilities/__init__.py
index fb899fe2..6d1ac746 100644
--- a/python_moonutilities/python_moonutilities/__init__.py
+++ b/python_moonutilities/python_moonutilities/__init__.py
@@ -3,4 +3,6 @@
# license which can be found in the file 'LICENSE' in this package distribution
# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-__version__ = "1.4.3"
+__version__ = "1.4.4"
+
+
diff --git a/python_moonutilities/python_moonutilities/api.py b/python_moonutilities/python_moonutilities/api.py
deleted file mode 100644
index 8e80c21d..00000000
--- a/python_moonutilities/python_moonutilities/api.py
+++ /dev/null
@@ -1,28 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-
-
-class APIList(object):
-
- API_LIST = ()
-
- def __init__(self, api_list):
- self.API_LIST = api_list
-
- def list_api(self, ctx):
- api = dict()
- for obj in self.API_LIST:
- api[obj.__name__] = dict()
- api[obj.__name__]["description"] = obj.__doc__.strip() if obj.__doc__ else ""
- api[obj.__name__]["version"] = obj.__version__
- api[obj.__name__]["commands"] = dict()
- for cmd in filter(lambda x: not x.startswith("__"), dir(obj)):
- doc = eval("obj.{}.__doc__".format(cmd))
- if not doc:
- doc = ""
- api[obj.__name__]["commands"][cmd] = doc.strip()
- return api
-
-
diff --git a/python_moonutilities/python_moonutilities/auth.py b/python_moonutilities/python_moonutilities/auth.py
index 7656f4e7..5f921d0b 100644
--- a/python_moonutilities/python_moonutilities/auth.py
+++ b/python_moonutilities/python_moonutilities/auth.py
@@ -12,7 +12,7 @@ from oslo_log import log as logging
from python_moonutilities import exceptions, configuration
-LOG = logging.getLogger(__name__)
+logger = logging.getLogger(__name__)
KEYSTONE_CONFIG = configuration.get_configuration("openstack/keystone")["openstack/keystone"]
TOKENS = {}
@@ -52,13 +52,13 @@ def check_token(token, url=None):
TOKENS[token]["expires_at"] = time.strptime(token_time[0], "%Y-%m-%dT%H:%M:%S")
TOKENS[token]["user"] = req.json().get("token").get("user").get("id")
return TOKENS[token]["user"]
- LOG.error("{} - {}".format(req.status_code, req.text))
+ logger.error("{} - {}".format(req.status_code, req.text))
raise exceptions.KeystoneError
elif KEYSTONE_CONFIG['check_token'].lower() == "strict":
req = requests.head("{}/auth/tokens".format(url), headers=headers, verify=_verify)
if req.status_code in (200, 201):
return token
- LOG.error("{} - {}".format(req.status_code, req.text))
+ logger.error("{} - {}".format(req.status_code, req.text))
raise exceptions.KeystoneError
raise exceptions.KeystoneError
diff --git a/python_moonutilities/python_moonutilities/cache.py b/python_moonutilities/python_moonutilities/cache.py
index 93e3daca..49f1dd53 100644
--- a/python_moonutilities/python_moonutilities/cache.py
+++ b/python_moonutilities/python_moonutilities/cache.py
@@ -4,7 +4,7 @@ import requests
from uuid import uuid4
from python_moonutilities import configuration, exceptions
-LOG = logging.getLogger("moon.utilities.cache")
+logger = logging.getLogger("moon.utilities.cache")
class Cache(object):
@@ -174,12 +174,12 @@ class Cache(object):
def __update_rules(self):
for policy_id in self.__POLICIES:
- LOG.info("Get {}".format("{}/policies/{}/rules".format(
+ logger.info("Get {}".format("{}/policies/{}/rules".format(
self.manager_url, policy_id)))
req = requests.get("{}/policies/{}/rules".format(
self.manager_url, policy_id))
self.__RULES[policy_id] = req.json()['rules']
- LOG.info("UPDATE RULES {}".format(self.__RULES))
+ logger.info("UPDATE RULES {}".format(self.__RULES))
# assignment functions
@@ -509,7 +509,7 @@ class Cache(object):
continue
self.__update_container_chaining(value["keystone_project_id"])
self.__CONTAINER_CHAINING_UPDATE = current_time
- LOG.info(self.__CONTAINER_CHAINING_UPDATE)
+ logger.info(self.__CONTAINER_CHAINING_UPDATE)
return self.__CONTAINER_CHAINING
def __update_container_chaining(self, keystone_project_id):
@@ -527,7 +527,7 @@ class Cache(object):
_raw = requests.get("{}/pods/{}".format(
self.orchestrator_url, container_value["name"])
)
- LOG.debug("_raw={}".format(_raw.text))
+ logger.debug("_raw={}".format(_raw.text))
container_ids.append(
{
"container_id": container_value["name"],
diff --git a/python_moonutilities/python_moonutilities/configuration.py b/python_moonutilities/python_moonutilities/configuration.py
index f0ef74a6..51587582 100644
--- a/python_moonutilities/python_moonutilities/configuration.py
+++ b/python_moonutilities/python_moonutilities/configuration.py
@@ -7,11 +7,10 @@
import base64
import json
import requests
-import logging
import logging.config
from python_moonutilities import exceptions
-LOG = logging.getLogger("moon.utilities")
+logger = logging.getLogger("moon.utilities.configuration")
CONSUL_HOST = "consul"
CONSUL_PORT = "8500"
@@ -33,7 +32,7 @@ def increment_port():
url = "http://{}:{}/v1/kv/components_port_start".format(CONSUL_HOST, CONSUL_PORT)
req = requests.put(url, json=str(components_port_start))
if req.status_code != 200:
- LOG.info("url={}".format(url))
+ logger.info("url={}".format(url))
raise exceptions.ConsulError
return components_port_start
@@ -42,7 +41,7 @@ def get_configuration(key):
url = "http://{}:{}/v1/kv/{}".format(CONSUL_HOST, CONSUL_PORT, key)
req = requests.get(url)
if req.status_code != 200:
- LOG.error("url={}".format(url))
+ logger.error("url={}".format(url))
raise exceptions.ConsulComponentNotFound("error={}: {}".format(req.status_code, req.text))
data = req.json()
if len(data) == 1:
@@ -70,18 +69,18 @@ def add_component(name, uuid, port=None, bind="127.0.0.1", keystone_id="", extra
json=data
)
if req.status_code != 200:
- LOG.debug("url={}".format("http://{}:{}/v1/kv/components/{}".format(CONSUL_HOST, CONSUL_PORT, uuid)))
- LOG.debug("data={}".format(data))
+ logger.debug("url={}".format("http://{}:{}/v1/kv/components/{}".format(CONSUL_HOST, CONSUL_PORT, uuid)))
+ logger.debug("data={}".format(data))
raise exceptions.ConsulError
- LOG.info("Add component {}".format(req.text))
- return get_configuration("components/"+uuid)
+ logger.info("Add component {}".format(req.text))
+ return configuration.get_configuration("components/"+uuid)
def get_plugins():
url = "http://{}:{}/v1/kv/plugins?recurse=true".format(CONSUL_HOST, CONSUL_PORT)
req = requests.get(url)
if req.status_code != 200:
- LOG.info("url={}".format(url))
+ logger.info("url={}".format(url))
raise exceptions.ConsulError
data = req.json()
if len(data) == 1:
@@ -98,7 +97,7 @@ def get_components():
url = "http://{}:{}/v1/kv/components?recurse=true".format(CONSUL_HOST, CONSUL_PORT)
req = requests.get(url)
if req.status_code != 200:
- LOG.info("url={}".format(url))
+ logger.info("url={}".format(url))
raise exceptions.ConsulError
data = req.json()
if len(data) == 1:
diff --git a/python_moonutilities/python_moonutilities/context.py b/python_moonutilities/python_moonutilities/context.py
new file mode 100644
index 00000000..626b25dc
--- /dev/null
+++ b/python_moonutilities/python_moonutilities/context.py
@@ -0,0 +1,319 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+
+import copy
+import logging
+from python_moonutilities import exceptions
+
+logger = logging.getLogger("moon.utilities." + __name__)
+
+
+class Context:
+
+ def __init__(self, init_context, cache):
+ self.cache = cache
+ self.__keystone_project_id = init_context.get("project_id")
+ self.__pdp_id = None
+ self.__pdp_value = None
+ for _pdp_key, _pdp_value in self.cache.pdp.items():
+ if _pdp_value["keystone_project_id"] == self.__keystone_project_id:
+ self.__pdp_id = _pdp_key
+ self.__pdp_value = copy.deepcopy(_pdp_value)
+ break
+ if not self.__pdp_value:
+ raise exceptions.AuthzException(
+ "Cannot create context for authz "
+ "with Keystone project ID {}".format(
+ self.__keystone_project_id
+ ))
+ self.__subject = init_context.get("subject_name")
+ self.__object = init_context.get("object_name")
+ self.__action = init_context.get("action_name")
+ self.__current_request = None
+ self.__request_id = init_context.get("req_id")
+ self.__cookie = init_context.get("cookie")
+ self.__manager_url = init_context.get("manager_url")
+ self.__interface_name = init_context.get("interface_name")
+ self.__index = -1
+ # self.__init_initial_request()
+ self.__headers = []
+ policies = self.cache.policies
+ models = self.cache.models
+ for policy_id in self.__pdp_value["security_pipeline"]:
+ model_id = policies[policy_id]["model_id"]
+ for meta_rule in models[model_id]["meta_rules"]:
+ self.__headers.append(meta_rule)
+ self.__meta_rules = self.cache.meta_rules
+ self.__pdp_set = {}
+ # self.__init_pdp_set()
+
+ def delete_cache(self):
+ self.cache = {}
+
+ def set_cache(self, cache):
+ self.cache = cache
+
+ def increment_index(self):
+ self.__index += 1
+ self.__init_current_request()
+ self.__init_pdp_set()
+
+ @property
+ def current_state(self):
+ return self.__pdp_set[self.__headers[self.__index]]['effect']
+
+ @current_state.setter
+ def current_state(self, state):
+ if state not in ("grant", "deny", "passed"):
+ state = "passed"
+ self.__pdp_set[self.__headers[self.__index]]['effect'] = state
+
+ @current_state.deleter
+ def current_state(self):
+ self.__pdp_set[self.__headers[self.__index]]['effect'] = "unset"
+
+ @property
+ def current_policy_id(self):
+ return self.__pdp_value["security_pipeline"][self.__index]
+
+ @current_policy_id.setter
+ def current_policy_id(self, value):
+ pass
+
+ @current_policy_id.deleter
+ def current_policy_id(self):
+ pass
+
+ def __init_current_request(self):
+ self.__subject = self.cache.get_subject(
+ self.__pdp_value["security_pipeline"][self.__index],
+ self.__subject)
+ self.__object = self.cache.get_object(
+ self.__pdp_value["security_pipeline"][self.__index],
+ self.__object)
+ self.__action = self.cache.get_action(
+ self.__pdp_value["security_pipeline"][self.__index],
+ self.__action)
+ self.__current_request = dict(self.initial_request)
+
+ def __init_pdp_set(self):
+ for header in self.__headers:
+ self.__pdp_set[header] = dict()
+ self.__pdp_set[header]["meta_rules"] = self.__meta_rules[header]
+ self.__pdp_set[header]["target"] = self.__add_target(header)
+ self.__pdp_set[header]["effect"] = "unset"
+ self.__pdp_set["effect"] = "deny"
+
+ # def update_target(self, context):
+ # # result = dict()
+ # current_request = context['current_request']
+ # _subject = current_request.get("subject")
+ # _object = current_request.get("object")
+ # _action = current_request.get("action")
+ # meta_rule_id = context['headers'][context['index']]
+ # policy_id = self.cache.get_policy_from_meta_rules(meta_rule_id)
+ # meta_rules = self.cache.meta_rules()
+ # # for meta_rule_id in meta_rules:
+ # for sub_cat in meta_rules[meta_rule_id]['subject_categories']:
+ # if sub_cat not in context["pdp_set"][meta_rule_id]["target"]:
+ # context["pdp_set"][meta_rule_id]["target"][sub_cat] = []
+ # for assign in self.cache.get_subject_assignments(policy_id, _subject, sub_cat).values():
+ # for assign in assign["assignments"]:
+ # if assign not in context["pdp_set"][meta_rule_id]["target"][sub_cat]:
+ # context["pdp_set"][meta_rule_id]["target"][sub_cat].append(assign)
+ # for obj_cat in meta_rules[meta_rule_id]['object_categories']:
+ # if obj_cat not in context["pdp_set"][meta_rule_id]["target"]:
+ # context["pdp_set"][meta_rule_id]["target"][obj_cat] = []
+ # for assign in self.cache.get_object_assignments(policy_id, _object, obj_cat).values():
+ # for assign in assign["assignments"]:
+ # if assign not in context["pdp_set"][meta_rule_id]["target"][obj_cat]:
+ # context["pdp_set"][meta_rule_id]["target"][obj_cat].append(assign)
+ # for act_cat in meta_rules[meta_rule_id]['action_categories']:
+ # if act_cat not in context["pdp_set"][meta_rule_id]["target"]:
+ # context["pdp_set"][meta_rule_id]["target"][act_cat] = []
+ # for assign in self.cache.get_action_assignments(policy_id, _action, act_cat).values():
+ # for assign in assign["assignments"]:
+ # if assign not in context["pdp_set"][meta_rule_id]["target"][act_cat]:
+ # context["pdp_set"][meta_rule_id]["target"][act_cat].append(assign)
+ # # context["pdp_set"][meta_rule_id]["target"].update(result)
+
+ def __add_target(self, meta_rule_id):
+ """build target from meta_rule
+
+ Target is dict of categories as keys ; and the value of each category
+ will be a list of assignments
+
+ """
+ result = dict()
+ _subject = self.__current_request["subject"]
+ _object = self.__current_request["object"]
+ _action = self.__current_request["action"]
+ meta_rules = self.cache.meta_rules
+ policy_id = self.cache.get_policy_from_meta_rules(meta_rule_id)
+ for sub_cat in meta_rules[meta_rule_id]['subject_categories']:
+ if sub_cat not in result:
+ result[sub_cat] = []
+ result[sub_cat].extend(
+ self.cache.get_subject_assignments(policy_id, _subject, sub_cat))
+ for obj_cat in meta_rules[meta_rule_id]['object_categories']:
+ if obj_cat not in result:
+ result[obj_cat] = []
+ result[obj_cat].extend(
+ self.cache.get_object_assignments(policy_id, _object, obj_cat))
+ for act_cat in meta_rules[meta_rule_id]['action_categories']:
+ if act_cat not in result:
+ result[act_cat] = []
+ result[act_cat].extend(
+ self.cache.get_action_assignments(policy_id, _action, act_cat))
+ return result
+
+ def __repr__(self):
+ return """PDP ID: {id}
+current_request: {current_request}
+request_id: {request_id}
+index: {index}
+headers: {headers}
+pdp_set: {pdp_set}
+ """.format(
+ id=self.__pdp_id,
+ current_request=self.__current_request,
+ request_id=self.__request_id,
+ headers=self.__headers,
+ pdp_set=self.__pdp_set,
+ index=self.__index
+ )
+
+ def to_dict(self):
+ return {
+ "initial_request": copy.deepcopy(self.initial_request),
+ "current_request": copy.deepcopy(self.__current_request),
+ "headers": copy.deepcopy(self.__headers),
+ "index": copy.deepcopy(self.__index),
+ "pdp_set": copy.deepcopy(self.__pdp_set),
+ "request_id": copy.deepcopy(self.__request_id),
+ "manager_url": copy.deepcopy(self.__manager_url),
+ "interface_name": copy.deepcopy(self.__interface_name),
+ }
+
+ @property
+ def request_id(self):
+ return self.__request_id
+
+ @request_id.setter
+ def request_id(self, value):
+ raise Exception("You cannot update the request_id")
+
+ @request_id.deleter
+ def request_id(self):
+ raise Exception("You cannot update the request_id")
+
+ @property
+ def manager_url(self):
+ return self.__manager_url
+
+ @manager_url.setter
+ def manager_url(self, value):
+ raise Exception("You cannot update the manager_url")
+
+ @manager_url.deleter
+ def manager_url(self):
+ raise Exception("You cannot update the manager_url")
+
+ @property
+ def interface_name(self):
+ return self.__interface_name
+
+ @interface_name.setter
+ def interface_name(self, value):
+ raise Exception("You cannot update the interface_name")
+
+ @interface_name.deleter
+ def interface_name(self):
+ raise Exception("You cannot update the interface_name")
+
+ @property
+ def cookie(self):
+ return self.__cookie
+
+ @cookie.setter
+ def cookie(self, value):
+ raise Exception("You cannot update the cookie")
+
+ @cookie.deleter
+ def cookie(self):
+ raise Exception("You cannot delete the cookie")
+
+ @property
+ def initial_request(self):
+ return {
+ "subject": self.__subject,
+ "object": self.__object,
+ "action": self.__action,
+ }
+
+ @initial_request.setter
+ def initial_request(self, value):
+ raise Exception("You are not allowed to update the initial_request")
+
+ @initial_request.deleter
+ def initial_request(self):
+ raise Exception("You are not allowed to delete the initial_request")
+
+ @property
+ def current_request(self):
+ if not self.__current_request:
+ self.__current_request = copy.deepcopy(self.initial_request)
+ return self.__current_request
+
+ @current_request.setter
+ def current_request(self, value):
+ self.__current_request = copy.deepcopy(value)
+ # Note (asteroide): if the current request is modified,
+ # we must update the PDP Set.
+ self.__init_pdp_set()
+
+ @current_request.deleter
+ def current_request(self):
+ self.__current_request = {}
+ self.__pdp_set = {}
+
+ @property
+ def headers(self):
+ return self.__headers
+
+ @headers.setter
+ def headers(self, headers):
+ self.__headers = headers
+
+ @headers.deleter
+ def headers(self):
+ self.__headers = list()
+
+ @property
+ def index(self):
+ return self.__index
+
+ @index.setter
+ def index(self, index):
+ self.__index += 1
+
+ @index.deleter
+ def index(self):
+ self.__index = -1
+
+ @property
+ def pdp_set(self):
+ return self.__pdp_set
+
+ @pdp_set.setter
+ def pdp_set(self, value):
+ raise Exception("You are not allowed to modify the pdp_set")
+
+ @pdp_set.deleter
+ def pdp_set(self):
+ self.__pdp_set = {}
+
+
diff --git a/python_moonutilities/python_moonutilities/exceptions.py b/python_moonutilities/python_moonutilities/exceptions.py
index dab398cf..f14d6abf 100644
--- a/python_moonutilities/python_moonutilities/exceptions.py
+++ b/python_moonutilities/python_moonutilities/exceptions.py
@@ -6,7 +6,7 @@
from oslo_log import log as logging
from werkzeug.exceptions import HTTPException
-LOG = logging.getLogger("moon.utilities.exceptions")
+logger = logging.getLogger("moon.utilities.exceptions")
_ = str
@@ -40,30 +40,30 @@ class MoonError(HTTPException):
message = "{} ({}) {}".format(self.hierarchy, self.description, self.payload)
if self.logger == "ERROR":
try:
- LOG.error(message)
+ logger.error(message)
except AttributeError:
- LOG.error(message)
+ logger.error(message)
elif self.logger == "WARNING":
try:
- LOG.warning(message)
+ logger.warning(message)
except AttributeError:
- LOG.warning(message)
+ logger.warning(message)
elif self.logger == "CRITICAL":
try:
- LOG.critical(message)
+ logger.critical(message)
except AttributeError:
- LOG.critical(message)
+ logger.critical(message)
elif self.logger == "AUTHZ":
try:
- LOG.authz(self.hierarchy)
- LOG.error(message)
+ logger.authz(self.hierarchy)
+ logger.error(message)
except AttributeError:
- LOG.error(message)
+ logger.error(message)
else:
try:
- LOG.info(message)
+ logger.info(message)
except AttributeError:
- LOG.info(message)
+ logger.info(message)
# def to_dict(self):
# rv = dict(self.payload or ())
diff --git a/python_moonutilities/python_moonutilities/misc.py b/python_moonutilities/python_moonutilities/misc.py
index b83523c3..1db4d7cd 100644
--- a/python_moonutilities/python_moonutilities/misc.py
+++ b/python_moonutilities/python_moonutilities/misc.py
@@ -7,33 +7,7 @@
import logging
import random
-LOG = logging.getLogger(__name__)
-
-
-def get_uuid_from_name(name, elements, **kwargs):
- for element in elements:
- if type(elements[element]) is dict and elements[element].get('name') == name:
- if kwargs:
- for args in kwargs:
- if elements[element].get(args) != kwargs[args]:
- return
- else:
- return element
- else:
- return element
-
-
-def get_name_from_uuid(uuid, elements, **kwargs):
- for element in elements:
- if element == uuid:
- if kwargs:
- for args in kwargs:
- if elements[element].get(args) != kwargs[args]:
- return
- else:
- return elements[element].get('name')
- else:
- return elements[element].get('name')
+logger = logging.getLogger("moon.utilities.misc")
def get_random_name():
diff --git a/python_moonutilities/python_moonutilities/security_functions.py b/python_moonutilities/python_moonutilities/security_functions.py
index 6d9307fe..15cbc8be 100644
--- a/python_moonutilities/python_moonutilities/security_functions.py
+++ b/python_moonutilities/python_moonutilities/security_functions.py
@@ -4,7 +4,6 @@
# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-import copy
import re
import os
import types
@@ -15,7 +14,7 @@ from flask import request
import logging
from python_moonutilities import exceptions, configuration
-LOG = logging.getLogger("moon.utilities." + __name__)
+logger = logging.getLogger("moon.utilities." + __name__)
keystone_config = configuration.get_configuration("openstack/keystone")["openstack/keystone"]
TOKENS = {}
@@ -145,9 +144,9 @@ def login(user=None, password=None, domain=None, project=None, url=None):
if req.status_code in (200, 201, 204):
headers['X-Auth-Token'] = req.headers['X-Subject-Token']
return headers
- LOG.warning("Waiting for Keystone...")
+ logger.warning("Waiting for Keystone...")
if time.time() - start_time == 100:
- LOG.error(req.text)
+ logger.error(req.text)
raise exceptions.KeystoneError
time.sleep(5)
@@ -159,316 +158,10 @@ def logout(headers, url=None):
req = requests.delete("{}/auth/tokens".format(url), headers=headers, verify=keystone_config['certificate'])
if req.status_code in (200, 201, 204):
return
- LOG.error(req.text)
+ logger.error(req.text)
raise exceptions.KeystoneError
-class Context:
-
- def __init__(self, init_context, cache):
- self.cache = cache
- self.__keystone_project_id = init_context.get("project_id")
- self.__pdp_id = None
- self.__pdp_value = None
- for _pdp_key, _pdp_value in self.cache.pdp.items():
- if _pdp_value["keystone_project_id"] == self.__keystone_project_id:
- self.__pdp_id = _pdp_key
- self.__pdp_value = copy.deepcopy(_pdp_value)
- break
- if not self.__pdp_value:
- raise exceptions.AuthzException(
- "Cannot create context for authz "
- "with Keystone project ID {}".format(
- self.__keystone_project_id
- ))
- self.__subject = init_context.get("subject_name")
- self.__object = init_context.get("object_name")
- self.__action = init_context.get("action_name")
- self.__current_request = None
- self.__request_id = init_context.get("req_id")
- self.__cookie = init_context.get("cookie")
- self.__manager_url = init_context.get("manager_url")
- self.__interface_name = init_context.get("interface_name")
- self.__index = -1
- # self.__init_initial_request()
- self.__headers = []
- policies = self.cache.policies
- models = self.cache.models
- for policy_id in self.__pdp_value["security_pipeline"]:
- model_id = policies[policy_id]["model_id"]
- for meta_rule in models[model_id]["meta_rules"]:
- self.__headers.append(meta_rule)
- self.__meta_rules = self.cache.meta_rules
- self.__pdp_set = {}
- # self.__init_pdp_set()
-
- def delete_cache(self):
- self.cache = {}
-
- def set_cache(self, cache):
- self.cache = cache
-
- def increment_index(self):
- self.__index += 1
- self.__init_current_request()
- self.__init_pdp_set()
-
- @property
- def current_state(self):
- return self.__pdp_set[self.__headers[self.__index]]['effect']
-
- @current_state.setter
- def current_state(self, state):
- if state not in ("grant", "deny", "passed"):
- state = "passed"
- self.__pdp_set[self.__headers[self.__index]]['effect'] = state
-
- @current_state.deleter
- def current_state(self):
- self.__pdp_set[self.__headers[self.__index]]['effect'] = "unset"
-
- @property
- def current_policy_id(self):
- return self.__pdp_value["security_pipeline"][self.__index]
-
- @current_policy_id.setter
- def current_policy_id(self, value):
- pass
-
- @current_policy_id.deleter
- def current_policy_id(self):
- pass
-
- def __init_current_request(self):
- self.__subject = self.cache.get_subject(
- self.__pdp_value["security_pipeline"][self.__index],
- self.__subject)
- self.__object = self.cache.get_object(
- self.__pdp_value["security_pipeline"][self.__index],
- self.__object)
- self.__action = self.cache.get_action(
- self.__pdp_value["security_pipeline"][self.__index],
- self.__action)
- self.__current_request = dict(self.initial_request)
-
- def __init_pdp_set(self):
- for header in self.__headers:
- self.__pdp_set[header] = dict()
- self.__pdp_set[header]["meta_rules"] = self.__meta_rules[header]
- self.__pdp_set[header]["target"] = self.__add_target(header)
- self.__pdp_set[header]["effect"] = "unset"
- self.__pdp_set["effect"] = "deny"
-
- # def update_target(self, context):
- # # result = dict()
- # current_request = context['current_request']
- # _subject = current_request.get("subject")
- # _object = current_request.get("object")
- # _action = current_request.get("action")
- # meta_rule_id = context['headers'][context['index']]
- # policy_id = self.cache.get_policy_from_meta_rules(meta_rule_id)
- # meta_rules = self.cache.meta_rules()
- # # for meta_rule_id in meta_rules:
- # for sub_cat in meta_rules[meta_rule_id]['subject_categories']:
- # if sub_cat not in context["pdp_set"][meta_rule_id]["target"]:
- # context["pdp_set"][meta_rule_id]["target"][sub_cat] = []
- # for assign in self.cache.get_subject_assignments(policy_id, _subject, sub_cat).values():
- # for assign in assign["assignments"]:
- # if assign not in context["pdp_set"][meta_rule_id]["target"][sub_cat]:
- # context["pdp_set"][meta_rule_id]["target"][sub_cat].append(assign)
- # for obj_cat in meta_rules[meta_rule_id]['object_categories']:
- # if obj_cat not in context["pdp_set"][meta_rule_id]["target"]:
- # context["pdp_set"][meta_rule_id]["target"][obj_cat] = []
- # for assign in self.cache.get_object_assignments(policy_id, _object, obj_cat).values():
- # for assign in assign["assignments"]:
- # if assign not in context["pdp_set"][meta_rule_id]["target"][obj_cat]:
- # context["pdp_set"][meta_rule_id]["target"][obj_cat].append(assign)
- # for act_cat in meta_rules[meta_rule_id]['action_categories']:
- # if act_cat not in context["pdp_set"][meta_rule_id]["target"]:
- # context["pdp_set"][meta_rule_id]["target"][act_cat] = []
- # for assign in self.cache.get_action_assignments(policy_id, _action, act_cat).values():
- # for assign in assign["assignments"]:
- # if assign not in context["pdp_set"][meta_rule_id]["target"][act_cat]:
- # context["pdp_set"][meta_rule_id]["target"][act_cat].append(assign)
- # # context["pdp_set"][meta_rule_id]["target"].update(result)
-
- def __add_target(self, meta_rule_id):
- """build target from meta_rule
-
- Target is dict of categories as keys ; and the value of each category
- will be a list of assignments
-
- """
- result = dict()
- _subject = self.__current_request["subject"]
- _object = self.__current_request["object"]
- _action = self.__current_request["action"]
- meta_rules = self.cache.meta_rules
- policy_id = self.cache.get_policy_from_meta_rules(meta_rule_id)
- for sub_cat in meta_rules[meta_rule_id]['subject_categories']:
- if sub_cat not in result:
- result[sub_cat] = []
- result[sub_cat].extend(
- self.cache.get_subject_assignments(policy_id, _subject, sub_cat))
- for obj_cat in meta_rules[meta_rule_id]['object_categories']:
- if obj_cat not in result:
- result[obj_cat] = []
- result[obj_cat].extend(
- self.cache.get_object_assignments(policy_id, _object, obj_cat))
- for act_cat in meta_rules[meta_rule_id]['action_categories']:
- if act_cat not in result:
- result[act_cat] = []
- result[act_cat].extend(
- self.cache.get_action_assignments(policy_id, _action, act_cat))
- return result
-
- def __repr__(self):
- return """PDP ID: {id}
-current_request: {current_request}
-request_id: {request_id}
-index: {index}
-headers: {headers}
-pdp_set: {pdp_set}
- """.format(
- id=self.__pdp_id,
- current_request=self.__current_request,
- request_id=self.__request_id,
- headers=self.__headers,
- pdp_set=self.__pdp_set,
- index=self.__index
- )
-
- def to_dict(self):
- return {
- "initial_request": copy.deepcopy(self.initial_request),
- "current_request": copy.deepcopy(self.__current_request),
- "headers": copy.deepcopy(self.__headers),
- "index": copy.deepcopy(self.__index),
- "pdp_set": copy.deepcopy(self.__pdp_set),
- "request_id": copy.deepcopy(self.__request_id),
- "manager_url": copy.deepcopy(self.__manager_url),
- "interface_name": copy.deepcopy(self.__interface_name),
- }
-
- @property
- def request_id(self):
- return self.__request_id
-
- @request_id.setter
- def request_id(self, value):
- raise Exception("You cannot update the request_id")
-
- @request_id.deleter
- def request_id(self):
- raise Exception("You cannot update the request_id")
-
- @property
- def manager_url(self):
- return self.__manager_url
-
- @manager_url.setter
- def manager_url(self, value):
- raise Exception("You cannot update the manager_url")
-
- @manager_url.deleter
- def manager_url(self):
- raise Exception("You cannot update the manager_url")
-
- @property
- def interface_name(self):
- return self.__interface_name
-
- @interface_name.setter
- def interface_name(self, value):
- raise Exception("You cannot update the interface_name")
-
- @interface_name.deleter
- def interface_name(self):
- raise Exception("You cannot update the interface_name")
-
- @property
- def cookie(self):
- return self.__cookie
-
- @cookie.setter
- def cookie(self, value):
- raise Exception("You cannot update the cookie")
-
- @cookie.deleter
- def cookie(self):
- raise Exception("You cannot delete the cookie")
-
- @property
- def initial_request(self):
- return {
- "subject": self.__subject,
- "object": self.__object,
- "action": self.__action,
- }
-
- @initial_request.setter
- def initial_request(self, value):
- raise Exception("You are not allowed to update the initial_request")
-
- @initial_request.deleter
- def initial_request(self):
- raise Exception("You are not allowed to delete the initial_request")
-
- @property
- def current_request(self):
- if not self.__current_request:
- self.__current_request = copy.deepcopy(self.initial_request)
- return self.__current_request
-
- @current_request.setter
- def current_request(self, value):
- self.__current_request = copy.deepcopy(value)
- # Note (asteroide): if the current request is modified,
- # we must update the PDP Set.
- self.__init_pdp_set()
-
- @current_request.deleter
- def current_request(self):
- self.__current_request = {}
- self.__pdp_set = {}
-
- @property
- def headers(self):
- return self.__headers
-
- @headers.setter
- def headers(self, headers):
- self.__headers = headers
-
- @headers.deleter
- def headers(self):
- self.__headers = list()
-
- @property
- def index(self):
- return self.__index
-
- @index.setter
- def index(self, index):
- self.__index += 1
-
- @index.deleter
- def index(self):
- self.__index = -1
-
- @property
- def pdp_set(self):
- return self.__pdp_set
-
- @pdp_set.setter
- def pdp_set(self, value):
- raise Exception("You are not allowed to modify the pdp_set")
-
- @pdp_set.deleter
- def pdp_set(self):
- self.__pdp_set = {}
-
-
def check_token(token, url=None):
_verify = False
if keystone_config['certificate']:
@@ -507,13 +200,13 @@ def check_token(token, url=None):
TOKENS[token]["expires_at"] = time.strptime(token_time[0], "%Y-%m-%dT%H:%M:%S")
TOKENS[token]["user"] = req.json().get("token").get("user").get("id")
return TOKENS[token]["user"]
- LOG.error("{} - {}".format(req.status_code, req.text))
+ logger.error("{} - {}".format(req.status_code, req.text))
raise exceptions.KeystoneError
elif keystone_config['check_token'].lower() == "strict":
req = requests.head("{}/auth/tokens".format(url), headers=headers, verify=_verify)
if req.status_code in (200, 201):
return token
- LOG.error("{} - {}".format(req.status_code, req.text))
+ logger.error("{} - {}".format(req.status_code, req.text))
raise exceptions.KeystoneError
raise exceptions.KeystoneError
diff --git a/python_moonutilities/tests/unit_python/mock_repo/components_utilities.py b/python_moonutilities/tests/unit_python/mock_repo/components_utilities.py
index 72956f3a..1d79d890 100644
--- a/python_moonutilities/tests/unit_python/mock_repo/components_utilities.py
+++ b/python_moonutilities/tests/unit_python/mock_repo/components_utilities.py
@@ -55,7 +55,7 @@ CONF = {
"logging": {
"handlers": {
"file": {
- "filename": "C:/moon.log",
+ "filename": "/tmp/moon.log",
"class": "logging.handlers.RotatingFileHandler",
"level": "DEBUG",
"formatter": "custom",
diff --git a/python_moonutilities/tests/unit_python/test_configuration.py b/python_moonutilities/tests/unit_python/test_configuration.py
index fe01c7e2..10618f1c 100644
--- a/python_moonutilities/tests/unit_python/test_configuration.py
+++ b/python_moonutilities/tests/unit_python/test_configuration.py
@@ -3,11 +3,11 @@ import pytest
import requests_mock
-
def test_get_configuration_success():
from python_moonutilities import configuration
assert configuration.get_configuration("components/port_start")["components/port_start"] == comp_util.CONF["components"]["port_start"]
+
@requests_mock.Mocker(kw='mock')
def test_get_configuration_not_found(**kwargs):
from python_moonutilities import configuration
@@ -18,6 +18,7 @@ def test_get_configuration_not_found(**kwargs):
configuration.get_configuration("components/port_start_wrong")
assert str(exception_info.value) == '500: Consul error'
+
# [TODO] this test used to test the invalid response
# it should be un commented and run after refactoring the related part
@requests_mock.Mocker(kw='mock')
@@ -31,6 +32,7 @@ def test_get_configuration_invalid_response(**kwargs):
# configuration.get_configuration("components_port_start")
# assert str(exception_info.value) == '500: Consul error'
+
@requests_mock.Mocker(kw='mock')
def test_put_increment_port_failure(**kwargs):
from python_moonutilities import configuration
@@ -42,6 +44,7 @@ def test_put_increment_port_failure(**kwargs):
configuration.increment_port()
assert str(exception_info.value) == '400: Consul error'
+
def test_increment_port_success():
from python_moonutilities import configuration
cur_port = comp_util.CONF["components"]["port_start"]