Delete wrapper API and use Kubernetes instead of Docker

Change-Id: I803b8ad92ac7261d0fb41f43337221d41c8261e9
author: Thomas Duval <thomas.duval@orange.com> 2017-10-29 21:09:22 +0100
committer: Thomas Duval <thomas.duval@orange.com> 2017-10-29 21:09:22 +0100
commit: daa1d92e31d2f683ebb52486810676fdc60e1912 (patch)
tree: 7704cd289db09d7973e774bda348bec430103864 /moonv4/moon_interface
parent: 71eec0f65e954775498f3fd7c0069540a5638a95 (diff)
6 files changed, 4 insertions, 237 deletions
diff --git a/moonv4/moon_interface/Dockerfile b/moonv4/moon_interface/Dockerfile
index de5447b6..1bc7e87c 100644
--- a/moonv4/moon_interface/Dockerfile
+++ b/moonv4/moon_interface/Dockerfile
@@ -6,6 +6,7 @@ RUN pip3 install moon_utilities moon_db pip --upgrade
 ADD . /root
 WORKDIR /root/
 RUN pip3 install -r requirements.txt --upgrade
+RUN pip3 install /root/dist/* --upgrade
 RUN pip3 install .
 
 CMD ["python3", "-m", "moon_interface"]
 \ No newline at end of file
diff --git a/moonv4/moon_interface/moon_interface/api/authz.py b/moonv4/moon_interface/moon_interface/api/authz.py
index 3847cc73..c9f4697f 100644
--- a/moonv4/moon_interface/moon_interface/api/authz.py
+++ b/moonv4/moon_interface/moon_interface/api/authz.py
@@ -14,9 +14,7 @@ import requests
 import time
 from uuid import uuid4
 
-from moon_interface.containers import DockerManager
 from moon_interface.authz_requests import AuthzRequest
-from moon_utilities import configuration
 
 __version__ = "0.1.0"
 
@@ -80,78 +78,6 @@ def container_exist(cache, uuid):
                 return
 
 
-def build_container(cache, manager_url, uuid, meta_rule_id, plugin_name="authz"):
-    """Create the container and update the cache with the given perimeter elements
-
-    :param cache: Cache to use
-    :param manager_url: URL of the manager
-    :param uuid: Keystone Project ID
-    :param meta_rule_id: UUID of the meta_rule
-    :param plugin_name: name of the plugin to use
-    :return: True or False
-    """
-    LOG.info("Building a new container for {}".format(plugin_name))
-    manager = DockerManager()
-    tcp_port = configuration.increment_port()
-    container_name = configuration.get_plugins()[plugin_name]['container']
-    name = "{}_{}".format(plugin_name, uuid4().hex)
-    policy_id = cache.get_policy_from_meta_rules(meta_rule_id)
-    container_data = {
-        "name": name,
-        "hostname": name,
-        "port": {
-            "PrivatePort": tcp_port,
-            "Type": "tcp",
-            "IP": "0.0.0.0",
-            "PublicPort": tcp_port
-        },
-        "keystone_project_id": uuid,
-        "pdp_id": cache.get_pdp_from_keystone_project(uuid),
-        "meta_rule_id": meta_rule_id,
-        "policy_id": policy_id,
-        "container_name": container_name,
-        "plugin_name": plugin_name
-    }
-    container = manager.create_container(container_data)
-    container_data['container_id'] = container.id
-    container_data['port']["IP"] = container.ip
-    container_data['start_time'] = time.time()
-    req = requests.post("{}/containers".format(manager_url),
-                        json=container_data)
-    if req.status_code == 200:
-        cache.add_container(container_data)
-        return True
-
-
-def create_containers(cache, manager_url, uuid, plugin_name="authz"):
-    """Create the container and update the cache with the given perimeter elements
-
-    :param cache: Cache to use
-    :param manager_url: URL of the manager
-    :param uuid: Keystone Project ID
-    :param plugin_name: name of the plugin to use
-    :return: True or False
-    """
-    LOG.info("Need to create some containers for {}".format(uuid))
-    for pdp_id, pdp_value in cache.pdp.items():
-        LOG.info("pdp {}".format(pdp_value))
-        if uuid == pdp_value.get("keystone_project_id", ""):
-            LOG.info("uuid {}".format(uuid))
-            for policy_id in pdp_value.get("security_pipeline", []):
-                LOG.info("policy {}".format(policy_id))
-                model_id = cache.policies[policy_id]["model_id"]
-                model_value = cache.models[model_id]
-                for meta_rule_id in model_value["meta_rules"]:
-                    LOG.info("meta_rule {}".format(meta_rule_id))
-                    build_container(
-                        cache=cache,
-                        uuid=uuid,
-                        manager_url=manager_url,
-                        meta_rule_id=meta_rule_id,
-                        plugin_name=plugin_name)
-            return
-
-
 def create_authz_request(cache, interface_name, manager_url, uuid, subject_name, object_name, action_name):
     """Create the authorization request and make the first call to the Authz function
 
@@ -230,12 +156,6 @@ class Authz(Resource):
                            "result": False,
                            "message": "Unknown Project ID or "
                                       "Project ID is not bind to a PDP."}, 403
-        if not container_exist(self.CACHE, uuid):
-            create_containers(
-                cache=self.CACHE,
-                uuid=uuid,
-                manager_url=self.MANAGER_URL,
-                plugin_name="authz")
         authz_request = create_authz_request(
             cache=self.CACHE,
             uuid=uuid,
diff --git a/moonv4/moon_interface/moon_interface/api/generic.py b/moonv4/moon_interface/moon_interface/api/generic.py
index 80e8abff..702f33cf 100644
--- a/moonv4/moon_interface/moon_interface/api/generic.py
+++ b/moonv4/moon_interface/moon_interface/api/generic.py
@@ -7,8 +7,7 @@ Those API are helping API used to manage the Moon platform.
 """
 
 from flask_restful import Resource, request
-from oslo_log import log as logging
-from moon_utilities.security_functions import call
+import logging
 import moon_interface.api
 from moon_utilities.security_functions import check_auth
 
@@ -36,7 +35,7 @@ class Status(Resource):
           }
         }
         """
-        return call("security_router", method="get_status", ctx={"component_id": component_id})
+        raise NotImplemented
 
 
 class Logs(Resource):
@@ -71,7 +70,7 @@ class Logs(Resource):
         args["to"] = to_str
         args["event_number"] = event_number
 
-        return call("security_router", method="get_logs", ctx={"component_id": component_id}, args=args)
+        raise NotImplemented
 
 
 class API(Resource):
@@ -130,22 +129,3 @@ class API(Resource):
                 return {"error": "Unknown endpoint_id {}".format(endpoint_id)}
             return {group_id: api_desc[group_id]}
         return api_desc
-
-
-class InternalAPI(Resource):
-    """
-    Endpoint for status requests
-    """
-
-    __urls__ = ("/internal_api", "/internal_api/", "/internal_api/<string:component_id>")
-
-    def get(self, component_id=None, user_id=""):
-        api_list = ("orchestrator", "security_router")
-        if not component_id:
-            return {"api": api_list}
-        if component_id in api_list:
-            api_desc = dict()
-            api_desc["name"] = component_id
-            api_desc["endpoints"] = call("security_router", component_id, {}, "list_api")
-            return api_desc
-
diff --git a/moonv4/moon_interface/moon_interface/api/wrapper.py b/moonv4/moon_interface/moon_interface/api/wrapper.py
deleted file mode 100644
index 5ba5779f..00000000
--- a/moonv4/moon_interface/moon_interface/api/wrapper.py
+++ /dev/null
@@ -1,120 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-"""
-Authz is the endpoint to get authorization response
-"""
-
-import flask
-from flask import request
-from flask_restful import Resource
-import logging
-import json
-import requests
-import time
-from uuid import uuid4
-
-from moon_interface.api.authz import pdp_in_cache, pdp_in_manager, container_exist, \
-    create_containers, create_authz_request
-from moon_interface.authz_requests import AuthzRequest
-from moon_utilities import configuration
-
-__version__ = "0.1.0"
-
-LOG = logging.getLogger("moon.interface.api." + __name__)
-
-
-class Wrapper(Resource):
-    """
-    Endpoint for authz requests
-    """
-
-    __urls__ = (
-        "/authz/wrapper",
-        "/authz/wrapper/",
-    )
-
-    def __init__(self, **kwargs):
-        self.port = kwargs.get("port")
-        self.CACHE = kwargs.get("cache", {})
-        self.INTERFACE_NAME = kwargs.get("interface_name", "interface")
-        self.MANAGER_URL = kwargs.get("manager_url", "http://manager:8080")
-        self.TIMEOUT = 5
-
-    def get(self):
-        LOG.info("GET")
-        return self.manage_data()
-
-    def post(self):
-        LOG.info("POST {}".format(request.form))
-        response = flask.make_response("False")
-        if self.manage_data():
-            response = flask.make_response("True")
-        response.headers['content-type'] = 'application/octet-stream'
-        return response
-
-    @staticmethod
-    def __get_subject(target, credentials):
-        _subject = target.get("user_id", "")
-        if not _subject:
-            _subject = credentials.get("user_id", "none")
-        return _subject
-
-    @staticmethod
-    def __get_object(target, credentials):
-        try:
-            # note: case of Glance
-            return target['target']['name']
-        except KeyError:
-            pass
-
-        # note: default case
-        return target.get("project_id", "none")
-
-    @staticmethod
-    def __get_project_id(target, credentials):
-        return target.get("project_id", "none")
-
-    def manage_data(self):
-        target = json.loads(request.form.get('target', {}))
-        credentials = json.loads(request.form.get('credentials', {}))
-        rule = request.form.get('rule', "")
-        _subject = self.__get_subject(target, credentials)
-        _object = self.__get_object(target, credentials)
-        _project_id = self.__get_project_id(target, credentials)
-        LOG.info("GET with args project={} / "
-                 "subject={} - object={} - action={}".format(
-                 _project_id, _subject, _object, rule))
-        pdp_id, pdp_value = pdp_in_cache(self.CACHE, _project_id)
-        if not pdp_id:
-            pdp_id, pdp_value = pdp_in_manager(self.CACHE, _project_id)
-            if not pdp_id:
-                LOG.error("Unknown Project ID or "
-                          "Project ID is not bind to a PDP.")
-                return False
-        if not container_exist(self.CACHE, _project_id):
-            create_containers(self.CACHE, _project_id, self.MANAGER_URL,
-                              plugin_name="authz")
-        authz_request = create_authz_request(
-            cache=self.CACHE,
-            uuid=_project_id,
-            interface_name=self.INTERFACE_NAME,
-            manager_url=self.MANAGER_URL,
-            subject_name=_subject,
-            object_name=_object,
-            action_name=rule)
-        cpt = 0
-        while True:
-            LOG.info("Wait")
-            if cpt > self.TIMEOUT*10:
-                LOG.error("Authz request had timed out.")
-                return False
-            if authz_request.is_authz():
-                if authz_request.final_result == "Grant":
-                    LOG.info("Grant")
-                    return True
-                LOG.info("Deny")
-                return False
-            cpt += 1
-            time.sleep(0.1)
diff --git a/moonv4/moon_interface/moon_interface/http_server.py b/moonv4/moon_interface/moon_interface/http_server.py
index d7f8469c..387699f8 100644
--- a/moonv4/moon_interface/moon_interface/http_server.py
+++ b/moonv4/moon_interface/moon_interface/http_server.py
@@ -10,7 +10,6 @@ import logging
 from moon_interface import __version__
 from moon_interface.api.generic import Status, Logs, API
 from moon_interface.api.authz import Authz
-from moon_interface.api.wrapper import Wrapper
 from moon_interface.authz_requests import CACHE
 from moon_utilities import configuration, exceptions
 
@@ -123,14 +122,6 @@ class HTTPServer(Server):
 
         for api in __API__:
             self.api.add_resource(api, *api.__urls__)
-        self.api.add_resource(Wrapper, *Wrapper.__urls__,
-                              resource_class_kwargs={
-                                  "port": self.port,
-                                  "cache": CACHE,
-                                  "interface_name": self.host,
-                                  "manager_url": "http://{}:{}".format(self.manager_hostname, self.manager_port),
-                              }
-                              )
         self.api.add_resource(Authz, *Authz.__urls__,
                               resource_class_kwargs={
                                   "cache": CACHE,
diff --git a/moonv4/moon_interface/requirements.txt b/moonv4/moon_interface/requirements.txt
index ee4b455e..36332aa4 100644
--- a/moonv4/moon_interface/requirements.txt
+++ b/moonv4/moon_interface/requirements.txt
@@ -1,9 +1,4 @@
-kombu !=4.0.1,!=4.0.0
-oslo.messaging
-oslo.config
-vine
 flask
 flask_restful
 flask_cors
-babel
 moon_utilities
 \ No newline at end of file
author	Thomas Duval <thomas.duval@orange.com>	2017-10-29 21:09:22 +0100
committer	Thomas Duval <thomas.duval@orange.com>	2017-10-29 21:09:22 +0100
commit	daa1d92e31d2f683ebb52486810676fdc60e1912 (patch)
tree	7704cd289db09d7973e774bda348bec430103864 /moonv4/moon_interface
parent	71eec0f65e954775498f3fd7c0069540a5638a95 (diff)