diff options
| author |   WuKong <rebirthmonkey@gmail.com> | 2017-12-23 21:49:35 +0100 |
|---|---|---|
| committer | WuKong <rebirthmonkey@gmail.com> | 2017-12-23 21:49:58 +0100 |
| commit | 1100c66ce03a059ebe7ece9734e799b49b3a5a9e (patch) | |
| tree | a057e7e7511f6675a9327b79e6919f07c5f89f07 /moonv4/moon_interface | |
| parent | 7a4dfdde6314476ae2a1a1c881ff1e3c430f790e (diff) | |
moonv4 cleanup
Change-Id: Icef927f3236d985ac13ff7376f6ce6314b2b39b0
Signed-off-by: WuKong <rebirthmonkey@gmail.com>
Diffstat (limited to 'moonv4/moon_interface')
24 files changed, 0 insertions, 1988 deletions
diff --git a/moonv4/moon_interface/.cache/v/cache/lastfailed b/moonv4/moon_interface/.cache/v/cache/lastfailed deleted file mode 100644 index 9e26dfee..00000000 --- a/moonv4/moon_interface/.cache/v/cache/lastfailed +++ /dev/null @@ -1 +0,0 @@ -{}
\ No newline at end of file diff --git a/moonv4/moon_interface/Dockerfile b/moonv4/moon_interface/Dockerfile deleted file mode 100644 index 82160cc9..00000000 --- a/moonv4/moon_interface/Dockerfile +++ /dev/null @@ -1,12 +0,0 @@ -FROM ubuntu:latest - -RUN apt update && apt install python3.5 python3-pip -y -RUN pip3 install python_moonutilities python_moondb pip --upgrade - -ADD . /root -WORKDIR /root/ -RUN pip3 install -r requirements.txt --upgrade -#RUN pip3 install /root/dist/* --upgrade -RUN pip3 install . - -CMD ["python3", "-m", "moon_interface"]
\ No newline at end of file diff --git a/moonv4/moon_interface/LICENSE b/moonv4/moon_interface/LICENSE deleted file mode 100644 index d6456956..00000000 --- a/moonv4/moon_interface/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/moonv4/moon_interface/MANIFEST.in b/moonv4/moon_interface/MANIFEST.in deleted file mode 100644 index 1f674d50..00000000 --- a/moonv4/moon_interface/MANIFEST.in +++ /dev/null @@ -1,9 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -include README.rst -include LICENSE -include setup.py -include requirements.txt diff --git a/moonv4/moon_interface/Makefile b/moonv4/moon_interface/Makefile deleted file mode 100644 index af91b904..00000000 --- a/moonv4/moon_interface/Makefile +++ /dev/null @@ -1,12 +0,0 @@ -all: built run - -built: - docker build -t moon_policy:16.04 . - -run: - docker run -p 8000:8000 moon_policy:16.04 - -.PHONY: clean - -clean: - find . -name "*.py" -exec echo rm {}\; diff --git a/moonv4/moon_interface/README.rst b/moonv4/moon_interface/README.rst deleted file mode 100644 index ded4e99a..00000000 --- a/moonv4/moon_interface/README.rst +++ /dev/null @@ -1,9 +0,0 @@ -Core module for the Moon project -================================ - -This package contains the core module for the Moon project -It is designed to provide authorization features to all OpenStack components. - -For any other information, refer to the parent project: - - https://git.opnfv.org/moon diff --git a/moonv4/moon_interface/moon_interface/__init__.py b/moonv4/moon_interface/moon_interface/__init__.py deleted file mode 100644 index 903c6518..00000000 --- a/moonv4/moon_interface/moon_interface/__init__.py +++ /dev/null @@ -1,6 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -__version__ = "0.1.0" diff --git a/moonv4/moon_interface/moon_interface/__main__.py b/moonv4/moon_interface/moon_interface/__main__.py deleted file mode 100644 index 517fdd60..00000000 --- a/moonv4/moon_interface/moon_interface/__main__.py +++ /dev/null @@ -1,4 +0,0 @@ -from moon_interface.server import main - -server = main() -server.run() diff --git a/moonv4/moon_interface/moon_interface/api/__init__.py b/moonv4/moon_interface/moon_interface/api/__init__.py deleted file mode 100644 index e69de29b..00000000 --- a/moonv4/moon_interface/moon_interface/api/__init__.py +++ /dev/null diff --git a/moonv4/moon_interface/moon_interface/api/authz.py b/moonv4/moon_interface/moon_interface/api/authz.py deleted file mode 100644 index c9f4697f..00000000 --- a/moonv4/moon_interface/moon_interface/api/authz.py +++ /dev/null @@ -1,193 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. -""" -Authz is the endpoint to get authorization response -""" - -from flask import request -from flask_restful import Resource -import logging -import pickle -import requests -import time -from uuid import uuid4 - -from moon_interface.authz_requests import AuthzRequest - -__version__ = "0.1.0" - -LOG = logging.getLogger("moon.interface.api." + __name__) - - -def pdp_in_cache(cache, uuid): - """Check if a PDP exist with this Keystone Project ID in the cache of this component - - :param cache: Cache to use - :param uuid: Keystone Project ID - :return: True or False - """ - for item_uuid, item_value in cache.pdp.items(): - if uuid == item_value['keystone_project_id']: - return item_uuid, item_value - return None, None - - -def pdp_in_manager(cache, uuid): - """Check if a PDP exist with this Keystone Project ID in the Manager component - - :param cache: Cache to use - :param uuid: Keystone Project ID - :return: True or False - """ - cache.update() - return pdp_in_cache(cache, uuid) - - -def container_exist(cache, uuid): - """Check if a PDP exist with this Keystone Project ID in the Manager component - - :param cache: Cache to use - :param uuid: Keystone Project ID - :return: True or False - """ - for key, value in cache.containers.items(): - if "keystone_project_id" not in value: - continue - if value["keystone_project_id"] == uuid: - try: - req = requests.head("http://{}:{}/".format( - value.get("hostname"), - value.get("port")[0].get("PublicPort"))) - LOG.info("container_exist {}".format(req.status_code)) - if req.status_code in (200, 201): - return value - return - except requests.exceptions.ConnectionError: - pass - # maybe hostname is not working so trying with IP address - try: - req = requests.head("http://{}:{}/".format( - value.get("ip"), - value.get("port")[0].get("PublicPort"))) - if req.status_code in (200, 201): - return value - return - except requests.exceptions.ConnectionError: - return - - -def create_authz_request(cache, interface_name, manager_url, uuid, subject_name, object_name, action_name): - """Create the authorization request and make the first call to the Authz function - - :param cache: Cache to use - :param interface_name: hostname of the interface - :param manager_url: URL of the manager - :param uuid: Keystone Project ID - :param subject_name: name of the subject - :param object_name: name of the object - :param action_name: name of the action - :return: Authorisation request - """ - req_id = uuid4().hex - ctx = { - "project_id": uuid, - "subject_name": subject_name, - "object_name": object_name, - "action_name": action_name, - "request_id": req_id, - "interface_name": interface_name, - "manager_url": manager_url, - "cookie": uuid4().hex - } - cache.authz_requests[req_id] = AuthzRequest(ctx) - return cache.authz_requests[req_id] - - -class Authz(Resource): - """ - Endpoint for authz requests - """ - - __urls__ = ( - "/authz/<string:uuid>", - "/authz/<string:uuid>/<string:subject_name>/<string:object_name>/<string:action_name>", - ) - - def __init__(self, **kwargs): - self.CACHE = kwargs.get("cache") - self.INTERFACE_NAME = kwargs.get("interface_name", "interface") - self.MANAGER_URL = kwargs.get("manager_url", "http://manager:8080") - self.TIMEOUT = 5 - - def get(self, uuid=None, subject_name=None, object_name=None, action_name=None): - """Get a response on an authorization request - - :param uuid: uuid of a tenant or an intra_extension - :param subject_name: name of the subject or the request - :param object_name: name of the object - :param action_name: name of the action - :return: { - "args": {}, - "ctx": { - "action_name": "4567", - "id": "123456", - "method": "authz", - "object_name": "234567", - "subject_name": "123456", - "user_id": "admin" - }, - "error": { - "code": 500, - "description": "", - "title": "Moon Error" - }, - "intra_extension_id": "123456", - "result": false - } - :internal_api: authz - """ - pdp_id, pdp_value = pdp_in_cache(self.CACHE, uuid) - if not pdp_id: - pdp_id, pdp_value = pdp_in_manager(self.CACHE, uuid) - if not pdp_id: - return { - "result": False, - "message": "Unknown Project ID or " - "Project ID is not bind to a PDP."}, 403 - authz_request = create_authz_request( - cache=self.CACHE, - uuid=uuid, - interface_name=self.INTERFACE_NAME, - manager_url=self.MANAGER_URL, - subject_name=subject_name, - object_name=object_name, - action_name=action_name) - cpt = 0 - while True: - if cpt > self.TIMEOUT*10: - return {"result": False, - "message": "Authz request had timed out."}, 500 - if authz_request.is_authz(): - if authz_request.final_result == "Grant": - return {"result": True, "message": ""}, 200 - return {"result": False, "message": ""}, 401 - cpt += 1 - time.sleep(0.1) - - def patch(self, uuid=None, subject_name=None, object_name=None, action_name=None): - """Get a response on an authorization request - - :param uuid: uuid of the authorization request - :param subject_name: not used - :param object_name: not used - :param action_name: not used - :request body: a Context object - :return: {} - :internal_api: authz - """ - if uuid in self.CACHE.authz_requests: - self.CACHE.authz_requests[uuid].set_result(pickle.loads(request.data)) - return "", 201 - return {"result": False, "message": "The request ID is unknown"}, 500 diff --git a/moonv4/moon_interface/moon_interface/api/generic.py b/moonv4/moon_interface/moon_interface/api/generic.py deleted file mode 100644 index 51de9214..00000000 --- a/moonv4/moon_interface/moon_interface/api/generic.py +++ /dev/null @@ -1,131 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. -""" -Those API are helping API used to manage the Moon platform. -""" - -from flask_restful import Resource, request -import logging -import moon_interface.api -from python_moonutilities.security_functions import check_auth - -__version__ = "0.1.0" - -LOG = logging.getLogger("moon.interface.api." + __name__) - - -class Status(Resource): - """ - Endpoint for status requests - """ - - __urls__ = ("/status", "/status/", "/status/<string:component_id>") - - def get(self, component_id=None): - """Retrieve status of all components - - :return: { - "orchestrator": { - "status": "Running" - }, - "security_router": { - "status": "Running" - } - } - """ - raise NotImplemented - - -class Logs(Resource): - """ - Endpoint for logs requests - """ - - __urls__ = ("/logs", "/logs/", "/logs/<string:component_id>") - - def get(self, component_id=None): - """Get logs from the Moon platform - - :param component_id: the ID of the component your are looking for (optional) - :return: [ - "2015-04-15-13:45:20 - "2015-04-15-13:45:21 - "2015-04-15-13:45:22 - "2015-04-15-13:45:23 - ] - """ - filter_str = request.args.get('filter', '') - from_str = request.args.get('from', '') - to_str = request.args.get('to', '') - event_number = request.args.get('event_number', '') - try: - event_number = int(event_number) - except ValueError: - event_number = None - args = dict() - args["filter"] = filter_str - args["from"] = from_str - args["to"] = to_str - args["event_number"] = event_number - - raise NotImplemented - - -class API(Resource): - """ - Endpoint for API requests - """ - - __urls__ = ( - "/api", - "/api/", - "/api/<string:group_id>", - "/api/<string:group_id>/", - "/api/<string:group_id>/<string:endpoint_id>") - - @check_auth - def get(self, group_id="", endpoint_id="", user_id=""): - """Retrieve all API endpoints or a specific endpoint if endpoint_id is given - - :param group_id: the name of one existing group (ie generic, ...) - :param endpoint_id: the name of one existing component (ie Logs, Status, ...) - :return: { - "group_name": { - "endpoint_name": { - "description": "a description", - "methods": { - "get": "description of the HTTP method" - }, - "urls": ('/api', '/api/', '/api/<string:endpoint_id>') - } - } - """ - __methods = ("get", "post", "put", "delete", "options", "patch") - api_list = filter(lambda x: "__" not in x, dir(moon_interface.api)) - api_desc = dict() - for api_name in api_list: - api_desc[api_name] = {} - group_api_obj = eval("moon_interface.api.{}".format(api_name)) - api_desc[api_name]["description"] = group_api_obj.__doc__ - if "__version__" in dir(group_api_obj): - api_desc[api_name]["version"] = group_api_obj.__version__ - object_list = list(filter(lambda x: "__" not in x, dir(group_api_obj))) - for obj in map(lambda x: eval("moon_interface.api.{}.{}".format(api_name, x)), object_list): - if "__urls__" in dir(obj): - api_desc[api_name][obj.__name__] = dict() - api_desc[api_name][obj.__name__]["urls"] = obj.__urls__ - api_desc[api_name][obj.__name__]["methods"] = dict() - for _method in filter(lambda x: x in __methods, dir(obj)): - docstring = eval("moon_interface.api.{}.{}.{}.__doc__".format(api_name, obj.__name__, _method)) - api_desc[api_name][obj.__name__]["methods"][_method] = docstring - api_desc[api_name][obj.__name__]["description"] = str(obj.__doc__) - if group_id in api_desc: - if endpoint_id in api_desc[group_id]: - return {group_id: {endpoint_id: api_desc[group_id][endpoint_id]}} - elif len(endpoint_id) > 0: - LOG.error("Unknown endpoint_id {}".format(endpoint_id)) - return {"error": "Unknown endpoint_id {}".format(endpoint_id)} - return {group_id: api_desc[group_id]} - return api_desc diff --git a/moonv4/moon_interface/moon_interface/authz_requests.py b/moonv4/moon_interface/moon_interface/authz_requests.py deleted file mode 100644 index 3f99cb93..00000000 --- a/moonv4/moon_interface/moon_interface/authz_requests.py +++ /dev/null @@ -1,159 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import logging -import itertools -import pickle -import requests -from python_moonutilities import configuration, exceptions -from python_moonutilities.security_functions import Context -from python_moonutilities.cache import Cache - -LOG = logging.getLogger("moon.interface.authz_requests") - - -CACHE = Cache() -CACHE.update() - - -class AuthzRequest: - - result = None - final_result = "Deny" - req_max_delay = 2 - - def __init__(self, ctx, args=None): - self.context = Context(ctx, CACHE) - self.args = args - self.request_id = ctx["request_id"] - if ctx['project_id'] not in CACHE.container_chaining: - raise exceptions.KeystoneProjectError("Unknown Project ID {}".format(ctx['project_id'])) - self.container_chaining = CACHE.container_chaining[ctx['project_id']] - if len(self.container_chaining) == 0: - raise exceptions.MoonError('Void container chaining') - self.pdp_container = self.container_chaining[0]["container_id"] - self.run() - - def run(self): - self.context.delete_cache() - req = None - try: - req = requests.post("http://{}:{}/authz".format( - self.container_chaining[0]["hostip"], - self.container_chaining[0]["port"], - ), data=pickle.dumps(self.context)) - if req.status_code != 200: - raise exceptions.AuthzException( - "Receive bad response from Authz function " - "(with IP address - {})".format( - req.status_code - )) - except requests.exceptions.ConnectionError: - LOG.error("Cannot connect to {}".format( - "http://{}:{}/authz".format( - self.container_chaining[0]["hostip"], - self.container_chaining[0]["port"] - ))) - except ValueError: - try: - req = requests.post("http://{}:{}/authz".format( - self.container_chaining[0]["hostname"], - self.container_chaining[0]["port"], - ), data=pickle.dumps(self.context)) - if req.status_code != 200: - raise exceptions.AuthzException( - "Receive bad response from Authz function " - "(with hostname - {})".format( - req.status_code - )) - except requests.exceptions.ConnectionError: - LOG.error("Cannot connect to {}".format( - "http://{}:{}/authz".format( - self.container_chaining[0]["hostname"], - self.container_chaining[0]["port"] - ))) - raise exceptions.AuthzException( - "Cannot connect to Authz function") - self.context.set_cache(CACHE) - if req and len(self.container_chaining) == 1: - self.result = pickle.loads(req.content) - - # def __exec_next_state(self, rule_found): - # index = self.context.index - # current_meta_rule = self.context.headers[index] - # current_container = self.__get_container_from_meta_rule(current_meta_rule) - # current_container_genre = current_container["genre"] - # try: - # next_meta_rule = self.context.headers[index + 1] - # except IndexError: - # next_meta_rule = None - # if current_container_genre == "authz": - # if rule_found: - # return True - # pass - # if next_meta_rule: - # # next will be session if current is deny and session is unset - # if self.payload["authz_context"]['pdp_set'][next_meta_rule]['effect'] == "unset": - # return notify( - # request_id=self.payload["authz_context"]["request_id"], - # container_id=self.__get_container_from_meta_rule(next_meta_rule)['container_id'], - # payload=self.payload) - # # next will be delegation if current is deny and session is passed or deny and delegation is unset - # else: - # LOG.error("Delegation is not developed!") - # - # else: - # # else next will be None and the request is sent to router - # return self.__return_to_router() - # elif current_container_genre == "session": - # pass - # # next will be next container in headers if current is passed - # if self.payload["authz_context"]['pdp_set'][current_meta_rule]['effect'] == "passed": - # return notify( - # request_id=self.payload["authz_context"]["request_id"], - # container_id=self.__get_container_from_meta_rule(next_meta_rule)['container_id'], - # payload=self.payload) - # # next will be None if current is grant and the request is sent to router - # else: - # return self.__return_to_router() - # elif current_container_genre == "delegation": - # LOG.error("Delegation is not developed!") - # # next will be authz if current is deny - # # next will be None if current is grant and the request is sent to router - - def set_result(self, result): - self.result = result - - def is_authz(self): - if not self.result: - return False - authz_results = [] - for key in self.result.pdp_set: - if "effect" in self.result.pdp_set[key]: - if self.result.pdp_set[key]["effect"] == "grant": - # the pdp is a authorization PDP and grant the request - authz_results.append(True) - elif self.result.pdp_set[key]["effect"] == "passed": - # the pdp is not a authorization PDP (session or delegation) and had run normally - authz_results.append(True) - elif self.result.pdp_set[key]["effect"] == "unset": - # the pdp is not a authorization PDP (session or delegation) and had not yep run - authz_results.append(True) - else: - # the pdp is (or not) a authorization PDP and had run badly - authz_results.append(False) - if list(itertools.accumulate(authz_results, lambda x, y: x & y))[-1]: - self.result.pdp_set["effect"] = "grant" - if self.result: - if self.result.pdp_set["effect"] == "grant": - self.final_result = "Grant" - return True - self.final_result = "Deny" - return True - - # def notify(self, request_id, container_id, payload): - # LOG.info("notify {} {} {}".format(request_id, container_id, payload)) - # # TODO: send the notification and wait for the result - # # req = requests.get() diff --git a/moonv4/moon_interface/moon_interface/containers.py b/moonv4/moon_interface/moon_interface/containers.py deleted file mode 100644 index 4f93d742..00000000 --- a/moonv4/moon_interface/moon_interface/containers.py +++ /dev/null @@ -1,102 +0,0 @@ -# Copyright 2017 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import docker -import logging -import re -import requests -import time -from python_moonutilities import configuration, exceptions - -__version__ = "0.1.0" - -LOG = logging.getLogger("moon.interface.container") - - -class DockerManager: - - def __init__(self): - docker_conf = configuration.get_configuration("docker")['docker'] - self.docker = docker.DockerClient(base_url=docker_conf['url']) - - def create_container(self, data): - """Create the container through the docker client - - :param data: { - "name": "authz", - "hostname": "authz123456789", - "port": { - "PrivatePort": 8090, - "Type": "tcp", - "IP": "0.0.0.0", - "PublicPort": 8090 - }, - "keystone_project_id": "keystone_project_id1", - "pdp_id": "123456789", - "container_name": "wukongsun/moon_authz:v4.1" - } - :return: container output - """ - output = self.docker.containers.run( - image=data.get("container_name"), - hostname=data.get("hostname", data.get("name"))[:63], - name=data.get("name"), - network='moon', - ports={'{}/{}'.format( - data.get("port").get("PrivatePort"), - data.get("port").get("Type") - ): int(data.get("port").get("PrivatePort"))}, - environment={ - "UUID": data.get("hostname"), - "BIND": data.get("port").get("IP"), - "TYPE": data.get("plugin_name"), - "PORT": data.get("port").get("PrivatePort"), - "PDP_ID": data.get("pdp_id"), - "META_RULE_ID": data.get("meta_rule_id"), - "KEYSTONE_PROJECT_ID": data.get("keystone_project_id"), - }, - detach=True - ) - try: - req = requests.head("http://{}:{}/".format(data.get("hostname"), data.get("port").get("PublicPort"))) - except requests.exceptions.ConnectionError: - pass - else: - if req.status_code != 200: - raise exceptions.DockerError("Container {} is not running!".format(data.get("hostname"))) - output.ip = "0.0.0.0" - return output - - # Note: host is not reachable through hostname so trying to find th IP address - res = output.exec_run("ip addr") - find = re.findall("inet (\d+\.\d+\.\d+\.\d+)", res.decode("utf-8")) - ip = "127.0.0.1" - for ip in find: - if ip.startswith("127"): - continue - break - cpt = 0 - while True: - try: - req = requests.head("http://{}:{}/".format(ip, data.get("port").get("PublicPort"))) - except requests.exceptions.ConnectionError: - pass - else: - if req.status_code not in (200, 201): - LOG.error("url={}".format("http://{}:{}/".format(ip, data.get("port").get("PublicPort")))) - LOG.error("req={}".format(req)) - raise exceptions.DockerError("Container {} is not running!".format(data.get("hostname"))) - output.ip = ip - return output - finally: - cpt += 1 - time.sleep(0.1) - if cpt > 20: - break - output.ip = ip - return output - - def delete_container(self, uuid): - raise NotImplementedError diff --git a/moonv4/moon_interface/moon_interface/http_server.py b/moonv4/moon_interface/moon_interface/http_server.py deleted file mode 100644 index 890bb82f..00000000 --- a/moonv4/moon_interface/moon_interface/http_server.py +++ /dev/null @@ -1,136 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -from flask import Flask, jsonify -from flask_cors import CORS, cross_origin -from flask_restful import Resource, Api -import logging -from moon_interface import __version__ -from moon_interface.api.generic import Status, Logs, API -from moon_interface.api.authz import Authz -from moon_interface.authz_requests import CACHE -from python_moonutilities import configuration, exceptions - -logger = logging.getLogger("moon.interface.http") - - -class Server: - """Base class for HTTP server""" - - def __init__(self, host="localhost", port=80, api=None, **kwargs): - """Run a server - - :param host: hostname of the server - :param port: port for the running server - :param kwargs: optional parameters - :return: a running server - """ - self._host = host - self._port = port - self._api = api - self._extra = kwargs - - @property - def host(self): - return self._host - - @host.setter - def host(self, name): - self._host = name - - @host.deleter - def host(self): - self._host = "" - - @property - def port(self): - return self._port - - @port.setter - def port(self, number): - self._port = number - - @port.deleter - def port(self): - self._port = 80 - - def run(self): - raise NotImplementedError() - -__API__ = ( - Status, Logs, API - ) - - -class Root(Resource): - """ - The root of the web service - """ - __urls__ = ("/", ) - __methods = ("get", "post", "put", "delete", "options") - - def get(self): - tree = {"/": {"methods": ("get",), "description": "List all methods for that service."}} - for item in __API__: - tree[item.__name__] = {"urls": item.__urls__} - _methods = [] - for _method in self.__methods: - if _method in dir(item): - _methods.append(_method) - tree[item.__name__]["methods"] = _methods - tree[item.__name__]["description"] = item.__doc__.strip() - return { - "version": __version__, - "tree": tree - } - - -class HTTPServer(Server): - - def __init__(self, host="localhost", port=80, **kwargs): - super(HTTPServer, self).__init__(host=host, port=port, **kwargs) - self.app = Flask(__name__) - self.port = port - conf = configuration.get_configuration("components/manager") - self.manager_hostname = conf["components/manager"].get("hostname", "manager") - self.manager_port = conf["components/manager"].get("port", 80) - #Todo : specify only few urls instead of * - CORS(self.app) - self.api = Api(self.app) - self.__set_route() - self.__hook_errors() - - # @self.app.errorhandler(exceptions.AuthException) - # def _auth_exception(error): - # return {"error": "Unauthorized"}, 401 - - def __hook_errors(self): - - def get_404_json(e): - return jsonify({"result": False, "code": 404, "description": str(e)}), 404 - self.app.register_error_handler(404, get_404_json) - - def get_400_json(e): - return jsonify({"result": False, "code": 400, "description": str(e)}), 400 - self.app.register_error_handler(400, lambda e: get_400_json) - self.app.register_error_handler(403, exceptions.AuthException) - - def __set_route(self): - self.api.add_resource(Root, '/') - - for api in __API__: - self.api.add_resource(api, *api.__urls__) - self.api.add_resource(Authz, *Authz.__urls__, - resource_class_kwargs={ - "cache": CACHE, - "interface_name": self.host, - "manager_url": "http://{}:{}".format(self.manager_hostname, self.manager_port), - } - ) - - def run(self): - self.app.run(host=self._host, port=self._port) # nosec - # self.app.run(debug=True, host=self._host, port=self._port) # nosec - diff --git a/moonv4/moon_interface/moon_interface/server.py b/moonv4/moon_interface/moon_interface/server.py deleted file mode 100644 index e53b4504..00000000 --- a/moonv4/moon_interface/moon_interface/server.py +++ /dev/null @@ -1,34 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import logging -from python_moonutilities import configuration, exceptions -from moon_interface.http_server import HTTPServer - -LOG = logging.getLogger("moon.interface") - - -def main(): - configuration.init_logging() - try: - conf = configuration.get_configuration("components/interface") - hostname = conf["components/interface"].get("hostname", "interface") - port = conf["components/interface"].get("port", 80) - bind = conf["components/interface"].get("bind", "127.0.0.1") - except exceptions.ConsulComponentNotFound: - hostname = "interface" - bind = "127.0.0.1" - port = 80 - configuration.add_component(uuid="interface", name=hostname, port=port, bind=bind) - LOG.info("Starting server with IP {} on port {} bind to {}".format(hostname, port, bind)) - server = HTTPServer(host=bind, port=port) - # LOG.info("Starting server") - # server = HTTPServer(host="0.0.0.0", port=8081) - return server - - -if __name__ == '__main__': - server = main() - server.run() diff --git a/moonv4/moon_interface/requirements.txt b/moonv4/moon_interface/requirements.txt deleted file mode 100644 index 7aa2b6df..00000000 --- a/moonv4/moon_interface/requirements.txt +++ /dev/null @@ -1,4 +0,0 @@ -flask -flask_restful -flask_cors -python_moonutilities
\ No newline at end of file diff --git a/moonv4/moon_interface/setup.py b/moonv4/moon_interface/setup.py deleted file mode 100644 index 3460c991..00000000 --- a/moonv4/moon_interface/setup.py +++ /dev/null @@ -1,47 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -from setuptools import setup, find_packages -import moon_interface - - -setup( - - name='moon_interface', - - version=moon_interface.__version__, - - packages=find_packages(), - - author="Thomas Duval", - - author_email="thomas.duval@orange.com", - - description="", - - long_description=open('README.rst').read(), - - # install_requires= , - - include_package_data=True, - - url='https://git.opnfv.org/cgit/moon', - - classifiers=[ - "Programming Language :: Python", - "Development Status :: 1 - Planning", - "License :: OSI Approved", - "Natural Language :: French", - "Operating System :: OS Independent", - "Programming Language :: Python :: 3", - ], - - entry_points={ - 'console_scripts': [ - 'moon_interface = moon_interface.server:main', - ], - } - -) diff --git a/moonv4/moon_interface/tests/unit_python/api/__init__.py b/moonv4/moon_interface/tests/unit_python/api/__init__.py deleted file mode 100644 index e69de29b..00000000 --- a/moonv4/moon_interface/tests/unit_python/api/__init__.py +++ /dev/null diff --git a/moonv4/moon_interface/tests/unit_python/api/test_authz.py b/moonv4/moon_interface/tests/unit_python/api/test_authz.py deleted file mode 100644 index a63948f8..00000000 --- a/moonv4/moon_interface/tests/unit_python/api/test_authz.py +++ /dev/null @@ -1,23 +0,0 @@ -import json - - -def get_json(data): - return json.loads(data.decode("utf-8")) - - -def test_authz_true(context): - import moon_interface.server - server = moon_interface.server.main() - client = server.app.test_client() - req = client.get("/authz/{p_id}/{s_id}/{o_id}/{a_id}".format( - p_id=context["project_id"], - s_id=context["subject_name"], - o_id=context["object_name"], - a_id=context["action_name"], - )) - assert req.status_code == 200 - data = get_json(req.data) - assert data - assert "result" in data - assert data['result'] == True - diff --git a/moonv4/moon_interface/tests/unit_python/conftest.py b/moonv4/moon_interface/tests/unit_python/conftest.py deleted file mode 100644 index 1f4e8cfa..00000000 --- a/moonv4/moon_interface/tests/unit_python/conftest.py +++ /dev/null @@ -1,678 +0,0 @@ -import base64 -import json -import os -import pickle -import pytest -import requests_mock -from uuid import uuid4 -from requests.packages.urllib3.response import HTTPResponse - -CONF = { - "openstack": { - "keystone": { - "url": "http://keystone:5000/v3", - "user": "admin", - "check_token": False, - "password": "p4ssw0rd", - "domain": "default", - "certificate": False, - "project": "admin" - } - }, - "components": { - "wrapper": { - "bind": "0.0.0.0", - "port": 8080, - "container": "wukongsun/moon_wrapper:v4.3", - "timeout": 5, - "hostname": "wrapper" - }, - "manager": { - "bind": "0.0.0.0", - "port": 8082, - "container": "wukongsun/moon_manager:v4.3", - "hostname": "manager" - }, - "port_start": 31001, - "orchestrator": { - "bind": "0.0.0.0", - "port": 8083, - "container": "wukongsun/moon_orchestrator:v4.3", - "hostname": "orchestrator" - }, - "interface": { - "bind": "0.0.0.0", - "port": 8080, - "container": "wukongsun/moon_interface:v4.3", - "hostname": "interface" - } - }, - "plugins": { - "session": { - "port": 8082, - "container": "asteroide/session:latest" - }, - "authz": { - "port": 8081, - "container": "wukongsun/moon_authz:v4.3" - } - }, - "logging": { - "handlers": { - "file": { - "filename": "/tmp/moon.log", - "class": "logging.handlers.RotatingFileHandler", - "level": "DEBUG", - "formatter": "custom", - "backupCount": 3, - "maxBytes": 1048576 - }, - "console": { - "class": "logging.StreamHandler", - "formatter": "brief", - "level": "INFO", - "stream": "ext://sys.stdout" - } - }, - "formatters": { - "brief": { - "format": "%(levelname)s %(name)s %(message)-30s" - }, - "custom": { - "format": "%(asctime)-15s %(levelname)s %(name)s %(message)s" - } - }, - "root": { - "handlers": [ - "console" - ], - "level": "ERROR" - }, - "version": 1, - "loggers": { - "moon": { - "handlers": [ - "console", - "file" - ], - "propagate": False, - "level": "DEBUG" - } - } - }, - "slave": { - "name": None, - "master": { - "url": None, - "login": None, - "password": None - } - }, - "docker": { - "url": "tcp://172.88.88.1:2376", - "network": "moon" - }, - "database": { - "url": "sqlite:///database.db", - # "url": "mysql+pymysql://moon:p4sswOrd1@db/moon", - "driver": "sql" - }, - "messenger": { - "url": "rabbit://moon:p4sswOrd1@messenger:5672/moon" - } -} - -COMPONENTS = ( - "logging", - "openstack/keystone", - "database", - "slave", - "components/manager", - "components/orchestrator", - "components/interface", -) - -CONTEXT = { - "project_id": "a64beb1cc224474fb4badd43173e7101", - "subject_name": "testuser", - "object_name": "vm1", - "action_name": "boot", - "request_id": uuid4().hex, - "interface_name": "interface", - "manager_url": "http://{}:{}".format( - CONF["components"]["manager"]["hostname"], - CONF["components"]["manager"]["port"] - ), - "cookie": uuid4().hex - } - - -def get_b64_conf(component=None): - if component == "components": - return base64.b64encode( - json.dumps(CONF["components"]).encode('utf-8')+b"\n").decode('utf-8') - elif component in CONF: - return base64.b64encode( - json.dumps( - CONF[component]).encode('utf-8')+b"\n").decode('utf-8') - elif not component: - return base64.b64encode( - json.dumps(CONF).encode('utf-8')+b"\n").decode('utf-8') - elif "/" in component: - key1, _, key2 = component.partition("/") - return base64.b64encode( - json.dumps( - CONF[key1][key2]).encode('utf-8')+b"\n").decode('utf-8') - - -MOCK_URLS = [ - ('GET', 'http://consul:8500/v1/kv/components?recurse=true', - {'json': {"Key": key, "Value": get_b64_conf(key)} - for key in COMPONENTS} - ), - ('POST', 'http://keystone:5000/v3/auth/tokens', - {'headers': {'X-Subject-Token': "111111111"}}), - ('DELETE', 'http://keystone:5000/v3/auth/tokens', - {'headers': {'X-Subject-Token': "111111111"}}), - ('POST', 'http://keystone:5000/v3/users?name=testuser&domain_id=default', - {'json': {"users": {}}}), - ('GET', 'http://keystone:5000/v3/users?name=testuser&domain_id=default', - {'json': {"users": {}}}), - ('POST', 'http://keystone:5000/v3/users/', - {'json': {"users": [{ - "id": "1111111111111" - }]}}), -] - - -@pytest.fixture -def db(): - return CONF['database'] - - -@pytest.fixture -def context(): - return CONTEXT - - -def set_env_variables(): - os.environ['UUID'] = "1111111111" - os.environ['TYPE'] = "authz" - os.environ['PORT'] = "8081" - os.environ['PDP_ID'] = "b3d3e18abf3340e8b635fd49e6634ccd" - os.environ['META_RULE_ID'] = "f8f49a779ceb47b3ac810f01ef71b4e0" - os.environ['KEYSTONE_PROJECT_ID'] = CONTEXT['project_id'] - - -def get_pickled_context(): - from python_moonutilities.security_functions import Context - from python_moonutilities.cache import Cache - CACHE = Cache() - CACHE.update() - _context = Context(context(), CACHE) - _context.increment_index() - _context.pdp_set['effect'] = 'grant' - _context.pdp_set[os.environ['META_RULE_ID']]['effect'] = 'grant' - print(_context.pdp_set) - return pickle.dumps(_context) - - -@pytest.fixture(autouse=True) -def set_consul_and_db(monkeypatch): - """ Modify the response from Requests module - """ - set_env_variables() - with requests_mock.Mocker(real_http=True) as m: - for component in COMPONENTS: - m.register_uri( - 'GET', 'http://consul:8500/v1/kv/{}'.format(component), - json=[{'Key': component, 'Value': get_b64_conf(component)}] - ) - # for _data in MOCK_URLS: - # m.register_uri(_data[0], _data[1], **_data[2]) - m.register_uri( - 'GET', 'http://consul:8500/v1/kv/components?recurse=true', - json=[ - {"Key": key, "Value": get_b64_conf(key)} for key in COMPONENTS - ], - ) - m.register_uri( - 'GET', 'http://consul:8500/v1/kv/plugins/authz', - json=[ - { - "LockIndex": 0, - "Key": "plugins/authz", - "Flags": 0, - "Value": "eyJjb250YWluZXIiOiAid3Vrb25nc3VuL21vb25fYXV0aHo6djQuMyIsICJwb3J0IjogODA4MX0=", - "CreateIndex": 14, - "ModifyIndex": 656 - } - ], - ) - m.register_uri( - 'POST', 'http://keystone:5000/v3/auth/tokens', - headers={'X-Subject-Token': "111111111"} - ) - m.register_uri( - 'DELETE', 'http://keystone:5000/v3/auth/tokens', - headers={'X-Subject-Token': "111111111"} - ) - m.register_uri( - 'POST', 'http://keystone:5000/v3/users?name=testuser&domain_id=default', - json={"users": {}} - ) - m.register_uri( - 'GET', 'http://keystone:5000/v3/users?name=testuser&domain_id=default', - json={"users": {}} - ) - m.register_uri( - 'POST', 'http://keystone:5000/v3/users/', - json={"users": [{ - "id": "1111111111111" - }]} - ) - m.register_uri( - 'GET', 'http://orchestrator:8083/pods', - json={ - "pods": { - "721760dd-de5f-11e7-8001-3863bbb766f3": [ - { - "pdp_id": "b3d3e18abf3340e8b635fd49e6634ccd", - "port": 8080, - "genre": "interface", - "name": "interface-paltry", - "keystone_project_id": "a64beb1cc224474fb4badd43173e7101", - "namespace": "moon", - "container": "wukongsun/moon_interface:v4.3" - }, - { - "pdp_id": "b3d3e18abf3340e8b635fd49e6634ccd", - "meta_rule_id": "f8f49a779ceb47b3ac810f01ef71b4e0", - "port": 8081, - "genre": "authz", - "name": "authz-economic", - "policy_id": "f8f49a779ceb47b3ac810f01ef71b4e0", - "keystone_project_id": "a64beb1cc224474fb4badd43173e7101", - "namespace": "moon", - "container": "wukongsun/moon_authz:v4.3" - } - ], - "232399a4-de5f-11e7-8001-3863bbb766f3": [ - { - "port": 8080, - "namespace": "moon", - "name": "wrapper-paltry", - "container": "wukongsun/moon_wrapper:v4.3.1" - } - ] - } - } - ) - m.register_uri( - 'GET', 'http://orchestrator:8083/pods/authz-economic', - json={ - "pods": None - } - ) - m.register_uri( - 'GET', 'http://manager:8082/pdp', - json={ - "pdps": { - "b3d3e18abf3340e8b635fd49e6634ccd": { - "description": "test", - "security_pipeline": [ - "f8f49a779ceb47b3ac810f01ef71b4e0" - ], - "name": "pdp_rbac", - "keystone_project_id": "a64beb1cc224474fb4badd43173e7101" - } - } - } - ) - m.register_uri( - 'GET', 'http://manager:8082/policies', - json={ - "policies": { - "f8f49a779ceb47b3ac810f01ef71b4e0": { - "name": "RBAC policy example", - "model_id": "cd923d8633ff4978ab0e99938f5153d6", - "description": "test", - "genre": "authz" - } - } - } - ) - m.register_uri( - 'GET', 'http://manager:8082/models', - json={ - "models": { - "cd923d8633ff4978ab0e99938f5153d6": { - "name": "RBAC", - "meta_rules": [ - "f8f49a779ceb47b3ac810f01ef71b4e0" - ], - "description": "test" - } - } - } - ) - m.register_uri( - 'GET', 'http://manager:8082/meta_rules', - json={ - "meta_rules": { - "f8f49a779ceb47b3ac810f01ef71b4e0": { - "subject_categories": [ - "14e6ae0ba34d458b876c791b73aa17bd" - ], - "action_categories": [ - "241a2a791554421a91c9f1bc564aa94d" - ], - "description": "", - "name": "rbac", - "object_categories": [ - "6d48500f639d4c2cab2b1f33ef93a1e8" - ] - } - } - } - ) - m.register_uri( - 'GET', 'http://manager:8082/policies/f8f49a779ceb47b3ac810f01ef71b4e0/subjects', - json={ - "subjects": { - "89ba91c18dd54abfbfde7a66936c51a6": { - "description": "test", - "policy_list": [ - "f8f49a779ceb47b3ac810f01ef71b4e0", - "636cd473324f4c0bbd9102cb5b62a16d" - ], - "name": "testuser", - "email": "mail", - "id": "89ba91c18dd54abfbfde7a66936c51a6", - "partner_id": "" - }, - "31fd15ad14784a9696fcc887dddbfaf9": { - "description": "test", - "policy_list": [ - "f8f49a779ceb47b3ac810f01ef71b4e0", - "636cd473324f4c0bbd9102cb5b62a16d" - ], - "name": "adminuser", - "email": "mail", - "id": "31fd15ad14784a9696fcc887dddbfaf9", - "partner_id": "" - } - } - } - ) - m.register_uri( - 'GET', 'http://manager:8082/policies/f8f49a779ceb47b3ac810f01ef71b4e0/objects', - json={ - "objects": { - "67b8008a3f8d4f8e847eb628f0f7ca0e": { - "name": "vm1", - "description": "test", - "id": "67b8008a3f8d4f8e847eb628f0f7ca0e", - "partner_id": "", - "policy_list": [ - "f8f49a779ceb47b3ac810f01ef71b4e0", - "636cd473324f4c0bbd9102cb5b62a16d" - ] - }, - "9089b3d2ce5b4e929ffc7e35b55eba1a": { - "name": "vm0", - "description": "test", - "id": "9089b3d2ce5b4e929ffc7e35b55eba1a", - "partner_id": "", - "policy_list": [ - "f8f49a779ceb47b3ac810f01ef71b4e0", - "636cd473324f4c0bbd9102cb5b62a16d" - ] - } - } - } - ) - m.register_uri( - 'GET', 'http://manager:8082/policies/f8f49a779ceb47b3ac810f01ef71b4e0/actions', - json={ - "actions": { - "cdb3df220dc05a6ea3334b994827b068": { - "name": "boot", - "description": "test", - "id": "cdb3df220dc04a6ea3334b994827b068", - "partner_id": "", - "policy_list": [ - "f8f49a779ceb47b3ac810f01ef71b4e0", - "636cd473324f4c0bbd9102cb5b62a16d" - ] - }, - "cdb3df220dc04a6ea3334b994827b068": { - "name": "stop", - "description": "test", - "id": "cdb3df220dc04a6ea3334b994827b068", - "partner_id": "", - "policy_list": [ - "f8f49a779ceb47b3ac810f01ef71b4e0", - "636cd473324f4c0bbd9102cb5b62a16d" - ] - }, - "9f5112afe9b34a6c894eb87246ccb7aa": { - "name": "start", - "description": "test", - "id": "9f5112afe9b34a6c894eb87246ccb7aa", - "partner_id": "", - "policy_list": [ - "f8f49a779ceb47b3ac810f01ef71b4e0", - "636cd473324f4c0bbd9102cb5b62a16d" - ] - } - } - } - ) - m.register_uri( - 'GET', 'http://manager:8082/policies/f8f49a779ceb47b3ac810f01ef71b4e0/subject_assignments', - json={ - "subject_assignments": { - "826c1156d0284fc9b4b2ddb279f63c52": { - "category_id": "14e6ae0ba34d458b876c791b73aa17bd", - "assignments": [ - "24ea95256c5f4c888c1bb30a187788df", - "6b227b77184c48b6a5e2f3ed1de0c02a", - "31928b17ec90438ba5a2e50ae7650e63", - "4e60f554dd3147af87595fb6b37dcb13", - "7a5541b63a024fa88170a6b59f99ccd7", - "dd2af27812f742029d289df9687d6126" - ], - "id": "826c1156d0284fc9b4b2ddb279f63c52", - "subject_id": "89ba91c18dd54abfbfde7a66936c51a6", - "policy_id": "f8f49a779ceb47b3ac810f01ef71b4e0" - }, - "7407ffc1232944279b0cbcb0847c86f7": { - "category_id": "315072d40d774c43a89ff33937ed24eb", - "assignments": [ - "6b227b77184c48b6a5e2f3ed1de0c02a", - "31928b17ec90438ba5a2e50ae7650e63", - "7a5541b63a024fa88170a6b59f99ccd7", - "dd2af27812f742029d289df9687d6126" - ], - "id": "7407ffc1232944279b0cbcb0847c86f7", - "subject_id": "89ba91c18dd54abfbfde7a66936c51a6", - "policy_id": "3e65256389b448cb9897917ea235f0bb" - } - } - } - ) - m.register_uri( - 'GET', 'http://manager:8082/policies/f8f49a779ceb47b3ac810f01ef71b4e0/object_assignments', - json={ - "object_assignments": { - "201ad05fd3f940948b769ab9214fe295": { - "object_id": "9089b3d2ce5b4e929ffc7e35b55eba1a", - "assignments": [ - "030fbb34002e4236a7b74eeb5fd71e35", - "06bcb8655b9d46a9b90e67ef7c825b50", - "34eb45d7f46d4fb6bc4965349b8e4b83", - "4b7793dbae434c31a77da9d92de9fa8c" - ], - "id": "201ad05fd3f940948b769ab9214fe295", - "category_id": "6d48500f639d4c2cab2b1f33ef93a1e8", - "policy_id": "f8f49a779ceb47b3ac810f01ef71b4e0" - }, - "90c5e86f8be34c0298fbd1973e4fb043": { - "object_id": "67b8008a3f8d4f8e847eb628f0f7ca0e", - "assignments": [ - "a098918e915b4b12bccb89f9a3f3b4e4", - "06bcb8655b9d46a9b90e67ef7c825b50", - "7dc76c6142af47c88b60cc2b0df650ba", - "4b7793dbae434c31a77da9d92de9fa8c" - ], - "id": "90c5e86f8be34c0298fbd1973e4fb043", - "category_id": "33aece52d45b4474a20dc48a76800daf", - "policy_id": "3e65256389b448cb9897917ea235f0bb" - } - } - } - ) - m.register_uri( - 'GET', 'http://manager:8082/policies/f8f49a779ceb47b3ac810f01ef71b4e0/action_assignments', - json={ - "action_assignments": { - "2128e3ffbd1c4ef5be515d625745c2d4": { - "category_id": "241a2a791554421a91c9f1bc564aa94d", - "action_id": "cdb3df220dc05a6ea3334b994827b068", - "policy_id": "f8f49a779ceb47b3ac810f01ef71b4e0", - "id": "2128e3ffbd1c4ef5be515d625745c2d4", - "assignments": [ - "570c036781e540dc9395b83098c40ba7", - "7fe17d7a2e3542719f8349c3f2273182", - "015ca6f40338422ba3f692260377d638", - "23d44c17bf88480f83e8d57d2aa1ea79" - ] - }, - "cffb98852f3a4110af7a0ddfc4e19201": { - "category_id": "4a2c5abaeaf644fcaf3ca8df64000d53", - "action_id": "cdb3df220dc04a6ea3334b994827b068", - "policy_id": "3e65256389b448cb9897917ea235f0bb", - "id": "cffb98852f3a4110af7a0ddfc4e19201", - "assignments": [ - "570c036781e540dc9395b83098c40ba7", - "7fe17d7a2e3542719f8349c3f2273182", - "015ca6f40338422ba3f692260377d638", - "23d44c17bf88480f83e8d57d2aa1ea79" - ] - } - } - } - ) - m.register_uri( - 'GET', 'http://manager:8082/policies/f8f49a779ceb47b3ac810f01ef71b4e0/subject_assignments/89ba91c18dd54abfbfde7a66936c51a6', - json={ - "subject_assignments": { - "826c1156d0284fc9b4b2ddb279f63c52": { - "category_id": "14e6ae0ba34d458b876c791b73aa17bd", - "assignments": [ - "24ea95256c5f4c888c1bb30a187788df", - "6b227b77184c48b6a5e2f3ed1de0c02a", - "31928b17ec90438ba5a2e50ae7650e63", - "4e60f554dd3147af87595fb6b37dcb13", - "7a5541b63a024fa88170a6b59f99ccd7", - "dd2af27812f742029d289df9687d6126" - ], - "id": "826c1156d0284fc9b4b2ddb279f63c52", - "subject_id": "89ba91c18dd54abfbfde7a66936c51a6", - "policy_id": "f8f49a779ceb47b3ac810f01ef71b4e0" - } - } - } - ) - m.register_uri( - 'GET', 'http://manager:8082/policies/f8f49a779ceb47b3ac810f01ef71b4e0/object_assignments/67b8008a3f8d4f8e847eb628f0f7ca0e', - json={ - "object_assignments": { - "201ad05fd3f940948b769ab9214fe295": { - "object_id": "67b8008a3f8d4f8e847eb628f0f7ca0e", - "assignments": [ - "030fbb34002e4236a7b74eeb5fd71e35", - "06bcb8655b9d46a9b90e67ef7c825b50", - "34eb45d7f46d4fb6bc4965349b8e4b83", - "4b7793dbae434c31a77da9d92de9fa8c" - ], - "id": "201ad05fd3f940948b769ab9214fe295", - "category_id": "6d48500f639d4c2cab2b1f33ef93a1e8", - "policy_id": "f8f49a779ceb47b3ac810f01ef71b4e0" - } - } - } - ) - m.register_uri( - 'GET', 'http://manager:8082/policies/f8f49a779ceb47b3ac810f01ef71b4e0/action_assignments/cdb3df220dc05a6ea3334b994827b068', - json={ - "action_assignments": { - "2128e3ffbd1c4ef5be515d625745c2d4": { - "category_id": "241a2a791554421a91c9f1bc564aa94d", - "action_id": "cdb3df220dc05a6ea3334b994827b068", - "policy_id": "f8f49a779ceb47b3ac810f01ef71b4e0", - "id": "2128e3ffbd1c4ef5be515d625745c2d4", - "assignments": [ - "570c036781e540dc9395b83098c40ba7", - "7fe17d7a2e3542719f8349c3f2273182", - "015ca6f40338422ba3f692260377d638", - "23d44c17bf88480f83e8d57d2aa1ea79" - ] - } - } - } - ) - m.register_uri( - 'GET', 'http://manager:8082/policies/f8f49a779ceb47b3ac810f01ef71b4e0/rules', - json={ - "rules": { - "policy_id": "f8f49a779ceb47b3ac810f01ef71b4e0", - "rules": [ - { - "policy_id": "f8f49a779ceb47b3ac810f01ef71b4e0", - "rule": [ - "24ea95256c5f4c888c1bb30a187788df", - "030fbb34002e4236a7b74eeb5fd71e35", - "570c036781e540dc9395b83098c40ba7" - ], - "enabled": True, - "id": "0201a2bcf56943c1904dbac016289b71", - "instructions": [ - { - "decision": "grant" - } - ], - "meta_rule_id": "f8f49a779ceb47b3ac810f01ef71b4e0" - }, - { - "policy_id": "ecc2451c494e47b5bca7250cd324a360", - "rule": [ - "54f574cd2043468da5d65e4f6ed6e3c9", - "6559686961a3490a978f246ac9f85fbf", - "ac0d1f600bf447e8bd2f37b7cc47f2dc" - ], - "enabled": True, - "id": "a83fed666af8436192dfd8b3c83a6fde", - "instructions": [ - { - "decision": "grant" - } - ], - "meta_rule_id": "f8f49a779ceb47b3ac810f01ef71b4e0" - } - ] - } - } - ) - m.register_uri( - 'POST', 'http://127.0.0.1:8081/authz', - content=get_pickled_context() - ) - # from moon_db.db_manager import init_engine, run - # engine = init_engine() - # run("upgrade", logging.getLogger("db_manager"), engine) - yield m - # os.unlink(CONF['database']['url'].replace("sqlite:///", "")) - - diff --git a/moonv4/moon_interface/tests/unit_python/requirements.txt b/moonv4/moon_interface/tests/unit_python/requirements.txt deleted file mode 100644 index 21975ce3..00000000 --- a/moonv4/moon_interface/tests/unit_python/requirements.txt +++ /dev/null @@ -1,5 +0,0 @@ -flask -flask_cors -flask_restful -python_moondb -python_moonutilities
\ No newline at end of file diff --git a/moonv4/moon_interface/tools/api2rst.py b/moonv4/moon_interface/tools/api2rst.py deleted file mode 100644 index 6d407bdf..00000000 --- a/moonv4/moon_interface/tools/api2rst.py +++ /dev/null @@ -1,145 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import os -import sys -import requests -import logging -import time -import json - -os.unsetenv("http_proxy") -logging.basicConfig(level=logging.INFO) -logger = logging.getLogger(__name__) - -HOST = "172.18.0.11" -PORT = 38001 -COMPONENT = sys.argv[2] if len(sys.argv) > 1 else "Interface" -FILENAME = sys.argv[2] if len(sys.argv) > 2 else "api.rst" -CURRENT_TIME = time.strftime("%Y/%m/%d %H:%M:%S %Z") -REVISION = time.strftime("%Y%m%d_%H%M%S_%Z") -AUTHOR = "Thomas Duval <thomas.duval@orange.com>" - -logger.info("Writing to {}".format(FILENAME)) - -toc = ( - "generic", - "models", - "policies", - "pdp", - "meta_rules", - "meta_data", - "perimeter", - "data", - "assignments", - "rules", - "authz", -) - - -def get_api_list(): - url = "http://{}:{}/api".format(HOST, PORT) - cnx = requests.get(url) - try: - return cnx.json() - except json.decoder.JSONDecodeError: - logger.error("Error decoding JSON on {}\n{}".format(url, cnx.content)) - sys.exit(1) - - -def analyse_description(desc): - result = "" - if not desc: - return "No description" - for line in desc.splitlines(): - if line.strip().startswith(":"): - if ":request body:" in line: - result += ":request body:\n\n.. code-block:: json\n\n" - result += line.replace(":request body: ", "") + "\n\n" - elif ":return:" in line: - result += ":return:\n\n.. code-block:: json\n\n" - result += line.replace(":return: ", "") + "\n" - else: - result += line.strip() + "\n\n" - else: - result += line + "\n" - return result - - -def filter_and_sort(list_group_api): - results = list() - keys = list_group_api.keys() - for element in toc: - if element in keys: - results.append(element) - for element in keys: - if element not in results: - results.append(element) - return results - - -def main(): - list_group_api = get_api_list() - - _toc = filter_and_sort(list_group_api) - - file_desc = open(FILENAME, "w") - length_of_title = len("Moon {component} API".format(component=COMPONENT)) - file_desc.write(HEADERS.format( - component=COMPONENT, - date=CURRENT_TIME, - revision=REVISION, - title_headers="="*length_of_title, - author=AUTHOR - )) - - for key in _toc: - logger.info(key) - file_desc.write("{}\n".format(key)) - file_desc.write("{}\n\n".format("="*len(key))) - if "description" in list_group_api[key]: - file_desc.write("{}\n\n".format(list_group_api[key]["description"])) - version = "unknown" - logger.debug(list_group_api.keys()) - if "version" in list_group_api[key]: - version = list_group_api[key]["version"] - file_desc.write("Version: {}\n\n".format(version)) - for api in list_group_api[key]: - logger.info("\t{}".format(api)) - if api in ("description", "version"): - continue - file_desc.write("{}\n".format(api)) - file_desc.write("{}\n\n".format("-" * len(api))) - - file_desc.write("{}\n\n".format(list_group_api[key][api]["description"])) - - file_desc.write("URLs are:\n\n") - for _url in list_group_api[key][api]["urls"]: - file_desc.write("* {}\n".format(_url)) - - file_desc.write("\nMethods are:\n\n") - for _method in list_group_api[key][api]["methods"]: - file_desc.write("→ {}\n".format(_method)) - file_desc.write("{}\n\n".format("~"*(len(_method) + 2))) - file_desc.write("{}\n\n".format(analyse_description(list_group_api[key][api]["methods"][_method]))) - -HEADERS = """{title_headers} -Moon {component} API -{title_headers} - -:Info: See <https://git.opnfv.org/cgit/moon/> for code. -:Author: {author} -:Date: {date} -:Revision: $Revision: {revision} $ -:Description: List of the API served by the Moon {component} component - -This document list all of the API connectors served by the Moon {component} component -Here are Moon API with some examples of posted data and returned data. -All requests must be prefixed with the host and port, for example: http://localhost:38001/authz/123456789/123456789/servers/list - -""" - -if __name__ == "__main__": - main() diff --git a/moonv4/moon_interface/tools/get_keystone_token.py b/moonv4/moon_interface/tools/get_keystone_token.py deleted file mode 100644 index 1856aab8..00000000 --- a/moonv4/moon_interface/tools/get_keystone_token.py +++ /dev/null @@ -1,71 +0,0 @@ -import requests -from oslo_config import cfg -from oslo_log import log as logging -from python_moonutilities import exceptions - -CONF = cfg.CONF -LOG = logging.getLogger(__name__) - - -def login(user=None, password=None, domain=None, project=None, url=None): - print("""Configuration: - user: {user} - domain: {domain} - project: {project} - url: {url}""".format( - user=CONF.keystone.user, - domain=CONF.keystone.domain, - project=CONF.keystone.project, - url=CONF.keystone.url, - )) - if not user: - user = CONF.keystone.user - if not password: - password = CONF.keystone.password - if not domain: - domain = CONF.keystone.domain - if not project: - project = CONF.keystone.project - if not url: - url = CONF.keystone.url - headers = { - "Content-Type": "application/json" - } - data_auth = { - "auth": { - "identity": { - "methods": [ - "password" - ], - "password": { - "user": { - "domain": { - "id": domain - }, - "name": user, - "password": password - } - } - }, - "scope": { - "project": { - "domain": { - "id": domain - }, - "name": project - } - } - } - } - - req = requests.post("{}/auth/tokens".format(url), - json=data_auth, headers=headers, - verify=False) - - if req.status_code not in (200, 201): - LOG.error(req.text) - raise exceptions.KeystoneError - headers['X-Auth-Token'] = req.headers['X-Subject-Token'] - return headers - -print(login()['X-Auth-Token']) diff --git a/moonv4/moon_interface/tools/run.sh b/moonv4/moon_interface/tools/run.sh deleted file mode 100644 index d1db1f00..00000000 --- a/moonv4/moon_interface/tools/run.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/bin/env bash - -http_proxy= /usr/bin/python3 /home/vdsq3226/projets/opnfv/opnfv-moon/moon_interface/tools/api2rst.py -pandoc api.rst --toc -o api.pdf -evince api.pdf |