diff options
author | Thomas Duval <thomas.duval@orange.com> | 2018-01-03 14:13:11 +0100 |
---|---|---|
committer | Thomas Duval <thomas.duval@orange.com> | 2018-01-03 14:13:11 +0100 |
commit | d023803536f069b4a69cfeeb744e56dfcd54103b (patch) | |
tree | 73747e82b064bfa49bbfa10d8db28264c15a8217 /moon_authz | |
parent | 52d037e757ac2189978e1129f469929fe73a9b7f (diff) |
Clean the code and fix some bugs
Change-Id: I3516d001cb0792ca6b01a40b9d9d13efc3ba30f9
Diffstat (limited to 'moon_authz')
-rw-r--r-- | moon_authz/moon_authz/__init__.py | 2 | ||||
-rw-r--r-- | moon_authz/moon_authz/__main__.py | 4 | ||||
-rw-r--r-- | moon_authz/moon_authz/api/authorization.py | 39 | ||||
-rw-r--r-- | moon_authz/moon_authz/http_server.py | 11 | ||||
-rw-r--r-- | moon_authz/moon_authz/server.py | 22 | ||||
-rw-r--r-- | moon_authz/setup.py | 2 | ||||
-rw-r--r-- | moon_authz/tests/unit_python/mock_pods.py | 8 | ||||
-rw-r--r-- | moon_authz/tests/unit_python/test_authz.py | 8 |
8 files changed, 46 insertions, 50 deletions
diff --git a/moon_authz/moon_authz/__init__.py b/moon_authz/moon_authz/__init__.py index 903c6518..6f964a63 100644 --- a/moon_authz/moon_authz/__init__.py +++ b/moon_authz/moon_authz/__init__.py @@ -3,4 +3,4 @@ # license which can be found in the file 'LICENSE' in this package distribution # or at 'http://www.apache.org/licenses/LICENSE-2.0'. -__version__ = "0.1.0" +__version__ = "4.3.2" diff --git a/moon_authz/moon_authz/__main__.py b/moon_authz/moon_authz/__main__.py index 699c008c..2693f687 100644 --- a/moon_authz/moon_authz/__main__.py +++ b/moon_authz/moon_authz/__main__.py @@ -1,4 +1,4 @@ -from moon_authz.server import main +from moon_authz.server import create_server -server = main() +server = create_server() server.run() diff --git a/moon_authz/moon_authz/api/authorization.py b/moon_authz/moon_authz/api/authorization.py index d7832ef0..c83dd72c 100644 --- a/moon_authz/moon_authz/api/authorization.py +++ b/moon_authz/moon_authz/api/authorization.py @@ -3,30 +3,21 @@ # license which can be found in the file 'LICENSE' in this package distribution # or at 'http://www.apache.org/licenses/LICENSE-2.0'. -import binascii import itertools import pickle -from uuid import uuid4 import logging -from python_moonutilities import exceptions import flask from flask import request from flask_restful import Resource -# TODO (asteroide): -# - end the dev of the context -# - rebuild the authorization function according to the context -# - call the next security function -# - call the master if an element is absent - -LOG = logging.getLogger("moon.authz.api." + __name__) +logger = logging.getLogger("moon.authz.api." + __name__) class Authz(Resource): """ Endpoint for authz requests """ - __version__ = "0.1.0" + __version__ = "4.3.1" __urls__ = ( "/authz", @@ -82,7 +73,7 @@ class Authz(Resource): return response def run(self): - LOG.info("self.context.pdp_set={}".format(self.context.pdp_set)) + logger.info("self.context.pdp_set={}".format(self.context.pdp_set)) result, message = self.__check_rules() if result: return self.__exec_instructions(result) @@ -108,10 +99,10 @@ class Authz(Resource): for item in itertools.product(*scopes_list): req = list(item) for rule in self.cache.rules[self.context.current_policy_id]["rules"]: - LOG.info("rule={}".format(rule)) + logger.info("rule={}".format(rule)) if req == rule['rule']: return rule['instructions'], "" - LOG.warning("No rule match the request...") + logger.warning("No rule match the request...") return False, "No rule match the request..." def __update_subject_category_in_policy(self, operation, target): @@ -119,7 +110,7 @@ class Authz(Resource): try: policy_name, category_name, data_name = target.split(":") except ValueError: - LOG.error("Cannot understand value in instruction ({})".format(target)) + logger.error("Cannot understand value in instruction ({})".format(target)) return False # pdp_set = self.payload["authz_context"]['pdp_set'] for meta_rule_id in self.context.pdp_set: @@ -131,7 +122,7 @@ class Authz(Resource): subject_category_id = category_id break else: - LOG.error("Cannot understand category in instruction ({})".format(target)) + logger.error("Cannot understand category in instruction ({})".format(target)) return False subject_data_id = None for data in PolicyManager.get_subject_data("admin", policy_id, category_id=subject_category_id): @@ -142,7 +133,7 @@ class Authz(Resource): if subject_data_id: break else: - LOG.error("Cannot understand data in instruction ({})".format(target)) + logger.error("Cannot understand data in instruction ({})".format(target)) return False if operation == "add": self.payload["authz_context"]['pdp_set'][meta_rule_id]['target'][subject_category_id].append( @@ -152,7 +143,7 @@ class Authz(Resource): self.payload["authz_context"]['pdp_set'][meta_rule_id]['target'][subject_category_id].remove( subject_data_id) except ValueError: - LOG.warning("Cannot remove role {} from target".format(data_name)) + logger.warning("Cannot remove role {} from target".format(data_name)) result = True break return result @@ -234,7 +225,7 @@ class Authz(Resource): if key == "decision": if instruction["decision"] == "grant": self.context.current_state = "grant" - LOG.info("__exec_instructions True {}".format( + logger.info("__exec_instructions True {}".format( self.context.current_state)) return True else: @@ -251,7 +242,7 @@ class Authz(Resource): self.context.current_state = "deny" else: self.context.current_state = "passed" - LOG.info("__exec_instructions False {}".format(self.context.current_state)) + logger.info("__exec_instructions False {}".format(self.context.current_state)) # def __update_current_request(self): # index = self.payload["authz_context"]["index"] @@ -360,15 +351,15 @@ class Authz(Resource): "args": self.payload} except Exception as e: try: - LOG.error(self.payload["authz_context"]) + logger.error(self.payload["authz_context"]) except KeyError: - LOG.error("Cannot find \"authz_context\" in context") - LOG.error(e, exc_info=True) + logger.error("Cannot find \"authz_context\" in context") + logger.error(e, exc_info=True) return {"authz": False, "error": str(e), "pdp_id": self.pdp_id, "args": self.payload} def head(self, uuid=None, subject_name=None, object_name=None, action_name=None): - LOG.info("HEAD request") + logger.info("HEAD request") return "", 200
\ No newline at end of file diff --git a/moon_authz/moon_authz/http_server.py b/moon_authz/moon_authz/http_server.py index d24a02ca..836efbc8 100644 --- a/moon_authz/moon_authz/http_server.py +++ b/moon_authz/moon_authz/http_server.py @@ -3,9 +3,8 @@ # license which can be found in the file 'LICENSE' in this package distribution # or at 'http://www.apache.org/licenses/LICENSE-2.0'. -from flask import Flask, request -# from flask_cors import CORS, cross_origin -from flask_restful import Resource, Api, reqparse +from flask import Flask +from flask_restful import Resource, Api import logging from moon_authz import __version__ from moon_authz.api.authorization import Authz @@ -61,6 +60,7 @@ class Server: def run(self): raise NotImplementedError() + __API__ = ( Authz, ) @@ -74,7 +74,8 @@ class Root(Resource): __methods = ("get", "post", "put", "delete", "options") def get(self): - tree = {"/": {"methods": ("get",), "description": "List all methods for that service."}} + tree = {"/": {"methods": ("get",), + "description": "List all methods for that service."}} for item in __API__: tree[item.__name__] = {"urls": item.__urls__} _methods = [] @@ -101,8 +102,6 @@ class HTTPServer(Server): self.app = Flask(__name__) self._port = port self._host = host - # Todo : specify only few urls instead of * - # CORS(self.app) self.component_id = kwargs.get("component_id") self.keystone_project_id = kwargs.get("keystone_project_id") self.container_chaining = kwargs.get("container_chaining") diff --git a/moon_authz/moon_authz/server.py b/moon_authz/moon_authz/server.py index 1919ebe5..8715bd87 100644 --- a/moon_authz/moon_authz/server.py +++ b/moon_authz/moon_authz/server.py @@ -4,15 +4,14 @@ # or at 'http://www.apache.org/licenses/LICENSE-2.0'. import os -from oslo_log import log as logging +import logging from moon_authz.http_server import HTTPServer as Server from python_moonutilities import configuration -LOG = logging.getLogger("moon.authz.server") -DOMAIN = "moon_authz" +logger = logging.getLogger("moon.authz.server") -def main(): +def create_server(): configuration.init_logging() component_id = os.getenv("UUID") @@ -21,14 +20,16 @@ def main(): pdp_id = os.getenv("PDP_ID") meta_rule_id = os.getenv("META_RULE_ID") keystone_project_id = os.getenv("KEYSTONE_PROJECT_ID") - LOG.info("component_type={}".format(component_type)) + logger.info("component_type={}".format(component_type)) conf = configuration.get_configuration("plugins/{}".format(component_type)) conf["plugins/{}".format(component_type)]['id'] = component_id - hostname = conf["plugins/{}".format(component_type)].get('hostname', component_id) + hostname = conf["plugins/{}".format(component_type)].get('hostname', + component_id) port = conf["plugins/{}".format(component_type)].get('port', tcp_port) bind = conf["plugins/{}".format(component_type)].get('bind', "0.0.0.0") - LOG.info("Starting server with IP {} on port {} bind to {}".format(hostname, port, bind)) + logger.info("Starting server with IP {} on port {} bind to {}".format( + hostname, port, bind)) server = Server( host=bind, port=int(port), @@ -43,5 +44,10 @@ def main(): return server +def run(): + server = create_server() + server.run() + + if __name__ == '__main__': - main() + run() diff --git a/moon_authz/setup.py b/moon_authz/setup.py index c3ac33c7..ad99b9f8 100644 --- a/moon_authz/setup.py +++ b/moon_authz/setup.py @@ -40,7 +40,7 @@ setup( entry_points={ 'console_scripts': [ - 'moon_authz = moon_authz.server:main', + 'moon_authz = moon_authz.server:run', ], } diff --git a/moon_authz/tests/unit_python/mock_pods.py b/moon_authz/tests/unit_python/mock_pods.py index 7488f4f3..74801cd1 100644 --- a/moon_authz/tests/unit_python/mock_pods.py +++ b/moon_authz/tests/unit_python/mock_pods.py @@ -10,15 +10,15 @@ pdp_mock = { "keystone_project_id": "a64beb1cc224474fb4badd43173e7101" }, "pdp_id1": { - "name": "...", + "name": "pdp_id1", "security_pipeline": ["policy_id_1", "policy_id_2"], "keystone_project_id": "keystone_project_id1", "description": "...", }, "pdp_id12": { - "name": "...", + "name": "pdp_id2", "security_pipeline": ["policy_id_1", "policy_id_2"], - "keystone_project_id": "keystone_project_id1", + "keystone_project_id": "keystone_project_id2", "description": "...", } } @@ -100,7 +100,7 @@ subject_mock = { "policy_id_2": { "subject_id": { "name": "subject_name", - "keystone_id": "keystone_project_id1", + "keystone_id": "keystone_project_id2", "description": "a description" } } diff --git a/moon_authz/tests/unit_python/test_authz.py b/moon_authz/tests/unit_python/test_authz.py index f98abebc..50493c9f 100644 --- a/moon_authz/tests/unit_python/test_authz.py +++ b/moon_authz/tests/unit_python/test_authz.py @@ -12,9 +12,9 @@ def get_json(data): def test_authz_true(context): import moon_authz.server - from python_moonutilities.security_functions import Context + from python_moonutilities.context import Context from python_moonutilities.cache import Cache - server = moon_authz.server.main() + server = moon_authz.server.create_server() client = server.app.test_client() CACHE = Cache() CACHE.update() @@ -33,9 +33,9 @@ def test_authz_true(context): def test_user_not_allowed(context): import moon_authz.server - from python_moonutilities.security_functions import Context + from python_moonutilities.context import Context from python_moonutilities.cache import Cache - server = moon_authz.server.main() + server = moon_authz.server.create_server() client = server.app.test_client() CACHE = Cache() CACHE.update() |