aboutsummaryrefslogtreecommitdiffstats
path: root/moonv4/moon_manager/moon_manager
diff options
context:
space:
mode:
authorWuKong <rebirthmonkey@gmail.com>2017-12-23 21:49:35 +0100
committerWuKong <rebirthmonkey@gmail.com>2017-12-23 21:49:58 +0100
commit1100c66ce03a059ebe7ece9734e799b49b3a5a9e (patch)
treea057e7e7511f6675a9327b79e6919f07c5f89f07 /moonv4/moon_manager/moon_manager
parent7a4dfdde6314476ae2a1a1c881ff1e3c430f790e (diff)
moonv4 cleanup
Change-Id: Icef927f3236d985ac13ff7376f6ce6314b2b39b0 Signed-off-by: WuKong <rebirthmonkey@gmail.com>
Diffstat (limited to 'moonv4/moon_manager/moon_manager')
-rw-r--r--moonv4/moon_manager/moon_manager/__init__.py6
-rw-r--r--moonv4/moon_manager/moon_manager/__main__.py4
-rw-r--r--moonv4/moon_manager/moon_manager/api/__init__.py0
-rw-r--r--moonv4/moon_manager/moon_manager/api/assignments.py334
-rw-r--r--moonv4/moon_manager/moon_manager/api/containers.py178
-rw-r--r--moonv4/moon_manager/moon_manager/api/data.py335
-rw-r--r--moonv4/moon_manager/moon_manager/api/generic.py131
-rw-r--r--moonv4/moon_manager/moon_manager/api/meta_data.py267
-rw-r--r--moonv4/moon_manager/moon_manager/api/meta_rules.py164
-rw-r--r--moonv4/moon_manager/moon_manager/api/models.py127
-rw-r--r--moonv4/moon_manager/moon_manager/api/pdp.py181
-rw-r--r--moonv4/moon_manager/moon_manager/api/perimeter.py447
-rw-r--r--moonv4/moon_manager/moon_manager/api/policies.py132
-rw-r--r--moonv4/moon_manager/moon_manager/api/rules.py140
-rw-r--r--moonv4/moon_manager/moon_manager/http_server.py157
-rw-r--r--moonv4/moon_manager/moon_manager/server.py38
16 files changed, 0 insertions, 2641 deletions
diff --git a/moonv4/moon_manager/moon_manager/__init__.py b/moonv4/moon_manager/moon_manager/__init__.py
deleted file mode 100644
index 903c6518..00000000
--- a/moonv4/moon_manager/moon_manager/__init__.py
+++ /dev/null
@@ -1,6 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-
-__version__ = "0.1.0"
diff --git a/moonv4/moon_manager/moon_manager/__main__.py b/moonv4/moon_manager/moon_manager/__main__.py
deleted file mode 100644
index 7d97f003..00000000
--- a/moonv4/moon_manager/moon_manager/__main__.py
+++ /dev/null
@@ -1,4 +0,0 @@
-from moon_manager.server import main
-
-server = main()
-server.run()
diff --git a/moonv4/moon_manager/moon_manager/api/__init__.py b/moonv4/moon_manager/moon_manager/api/__init__.py
deleted file mode 100644
index e69de29b..00000000
--- a/moonv4/moon_manager/moon_manager/api/__init__.py
+++ /dev/null
diff --git a/moonv4/moon_manager/moon_manager/api/assignments.py b/moonv4/moon_manager/moon_manager/api/assignments.py
deleted file mode 100644
index c3ac45c8..00000000
--- a/moonv4/moon_manager/moon_manager/api/assignments.py
+++ /dev/null
@@ -1,334 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-"""
-Assignments allow to connect data with elements of perimeter
-
-"""
-
-from flask import request
-from flask_restful import Resource
-from oslo_log import log as logging
-from python_moonutilities.security_functions import check_auth
-from python_moondb.core import PolicyManager
-
-__version__ = "0.2.0"
-
-LOG = logging.getLogger("moon.manager.api." + __name__)
-
-
-class SubjectAssignments(Resource):
- """
- Endpoint for subject assignment requests
- """
-
- __urls__ = (
- "/policies/<string:uuid>/subject_assignments",
- "/policies/<string:uuid>/subject_assignments/",
- "/policies/<string:uuid>/subject_assignments/<string:perimeter_id>",
- "/policies/<string:uuid>/subject_assignments/<string:perimeter_id>/<string:category_id>",
- "/policies/<string:uuid>/subject_assignments/<string:perimeter_id>/<string:category_id>/<string:data_id>",
- )
-
- @check_auth
- def get(self, uuid=None, perimeter_id=None, category_id=None, data_id=None, user_id=None):
- """Retrieve all subject assignments or a specific one for a given policy
-
- :param uuid: uuid of the policy
- :param perimeter_id: uuid of the subject
- :param category_id: uuid of the subject category
- :param data_id: uuid of the subject scope
- :param user_id: user ID who do the request
- :return: {
- "subject_data_id": {
- "policy_id": "ID of the policy",
- "subject_id": "ID of the subject",
- "category_id": "ID of the category",
- "assignments": "Assignments list (list of data_id)",
- }
- }
- :internal_api: get_subject_assignments
- """
- # return call(ctx={"id": uuid, "method": "get_subject_assignments", "perimeter_id": perimeter_id, "category_id": category_id, "user_id": user_id},
- # args={"data_id": data_id})
- try:
- # if "perimeter_name" in ctx:
- # ctx["perimeter_id"] = self.__get_subject_id(ctx, ctx['perimeter_name'])
- data = PolicyManager.get_subject_assignments(user_id=user_id, policy_id=uuid,
- subject_id=perimeter_id, category_id=category_id)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"subject_assignments": data}
-
- @check_auth
- def post(self, uuid=None, perimeter_id=None, category_id=None, data_id=None, user_id=None):
- """Create a subject assignment.
-
- :param uuid: uuid of the policy
- :param perimeter_id: uuid of the subject (not used here)
- :param category_id: uuid of the subject category (not used here)
- :param data_id: uuid of the subject scope (not used here)
- :param user_id: user ID who do the request
- :request body: {
- "id": "UUID of the subject",
- "category_id": "UUID of the category"
- "data_id": "UUID of the scope"
- }
- :return: {
- "subject_data_id": {
- "policy_id": "ID of the policy",
- "subject_id": "ID of the subject",
- "category_id": "ID of the category",
- "assignments": "Assignments list (list of data_id)",
- }
- }
- :internal_api: update_subject_assignment
- """
- try:
- data_id = request.json.get("data_id")
- category_id = request.json.get("category_id")
- perimeter_id = request.json.get("id")
- data = PolicyManager.add_subject_assignment(user_id=user_id, policy_id=uuid,
- subject_id=perimeter_id, category_id=category_id,
- data_id=data_id)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"subject_assignments": data}
-
- @check_auth
- def delete(self, uuid=None, perimeter_id=None, category_id=None, data_id=None, user_id=None):
- """Delete a subject assignment for a given policy
-
- :param uuid: uuid of the policy
- :param perimeter_id: uuid of the subject
- :param category_id: uuid of the subject category
- :param data_id: uuid of the subject scope
- :param user_id: user ID who do the request
- :return: {
- "result": "True or False",
- "message": "optional message"
- }
- :internal_api: delete_subject_assignment
- """
- try:
- data = PolicyManager.delete_subject_assignment(user_id=user_id, policy_id=uuid,
- subject_id=perimeter_id, category_id=category_id,
- data_id=data_id)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"result": True}
-
-
-class ObjectAssignments(Resource):
- """
- Endpoint for object assignment requests
- """
-
- __urls__ = (
- "/policies/<string:uuid>/object_assignments",
- "/policies/<string:uuid>/object_assignments/",
- "/policies/<string:uuid>/object_assignments/<string:perimeter_id>",
- "/policies/<string:uuid>/object_assignments/<string:perimeter_id>/<string:category_id>",
- "/policies/<string:uuid>/object_assignments/<string:perimeter_id>/<string:category_id>/<string:data_id>",
- )
-
- @check_auth
- def get(self, uuid=None, perimeter_id=None, category_id=None, data_id=None, user_id=None):
- """Retrieve all object assignment or a specific one for a given policy
-
- :param uuid: uuid of the policy
- :param perimeter_id: uuid of the object
- :param category_id: uuid of the object category
- :param data_id: uuid of the object scope
- :param user_id: user ID who do the request
- :return: {
- "object_data_id": {
- "policy_id": "ID of the policy",
- "object_id": "ID of the object",
- "category_id": "ID of the category",
- "assignments": "Assignments list (list of data_id)",
- }
- }
- :internal_api: get_object_assignments
- """
- try:
- data = PolicyManager.get_object_assignments(user_id=user_id, policy_id=uuid,
- object_id=perimeter_id, category_id=category_id)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"object_assignments": data}
-
- @check_auth
- def post(self, uuid=None, perimeter_id=None, category_id=None, data_id=None, user_id=None):
- """Create an object assignment.
-
- :param uuid: uuid of the policy
- :param perimeter_id: uuid of the object (not used here)
- :param category_id: uuid of the object category (not used here)
- :param data_id: uuid of the object scope (not used here)
- :param user_id: user ID who do the request
- :request body: {
- "id": "UUID of the action",
- "category_id": "UUID of the category"
- "data_id": "UUID of the scope"
- }
- :return: {
- "object_data_id": {
- "policy_id": "ID of the policy",
- "object_id": "ID of the object",
- "category_id": "ID of the category",
- "assignments": "Assignments list (list of data_id)",
- }
- }
- :internal_api: update_object_assignment
- """
- try:
- data_id = request.json.get("data_id")
- category_id = request.json.get("category_id")
- perimeter_id = request.json.get("id")
- data = PolicyManager.add_object_assignment(user_id=user_id, policy_id=uuid,
- object_id=perimeter_id, category_id=category_id,
- data_id=data_id)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"object_assignments": data}
-
- @check_auth
- def delete(self, uuid=None, perimeter_id=None, category_id=None, data_id=None, user_id=None):
- """Delete a object assignment for a given policy
-
- :param uuid: uuid of the policy
- :param perimeter_id: uuid of the object
- :param category_id: uuid of the object category
- :param data_id: uuid of the object scope
- :param user_id: user ID who do the request
- :return: {
- "result": "True or False",
- "message": "optional message"
- }
- :internal_api: delete_object_assignment
- """
- try:
- data = PolicyManager.delete_object_assignment(user_id=user_id, policy_id=uuid,
- object_id=perimeter_id, category_id=category_id,
- data_id=data_id)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"result": True}
-
-
-class ActionAssignments(Resource):
- """
- Endpoint for action assignment requests
- """
-
- __urls__ = (
- "/policies/<string:uuid>/action_assignments",
- "/policies/<string:uuid>/action_assignments/",
- "/policies/<string:uuid>/action_assignments/<string:perimeter_id>",
- "/policies/<string:uuid>/action_assignments/<string:perimeter_id>/<string:category_id>",
- "/policies/<string:uuid>/action_assignments/<string:perimeter_id>/<string:category_id>/<string:data_id>",
- )
-
- @check_auth
- def get(self, uuid=None, perimeter_id=None, category_id=None, data_id=None, user_id=None):
- """Retrieve all action assignment or a specific one for a given policy
-
- :param uuid: uuid of the policy
- :param perimeter_id: uuid of the action
- :param category_id: uuid of the action category
- :param data_id: uuid of the action scope
- :param user_id: user ID who do the request
- :return: {
- "action_data_id": {
- "policy_id": "ID of the policy",
- "object_id": "ID of the action",
- "category_id": "ID of the category",
- "assignments": "Assignments list (list of data_id)",
- }
- }
- :internal_api: get_action_assignments
- """
- try:
- data = PolicyManager.get_action_assignments(user_id=user_id, policy_id=uuid,
- action_id=perimeter_id, category_id=category_id)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"action_assignments": data}
-
- @check_auth
- def post(self, uuid=None, perimeter_id=None, category_id=None, data_id=None, user_id=None):
- """Create an action assignment.
-
- :param uuid: uuid of the policy
- :param perimeter_id: uuid of the action (not used here)
- :param category_id: uuid of the action category (not used here)
- :param data_id: uuid of the action scope (not used here)
- :param user_id: user ID who do the request
- :request body: {
- "id": "UUID of the action",
- "category_id": "UUID of the category",
- "data_id": "UUID of the scope"
- }
- :return: {
- "action_data_id": {
- "policy_id": "ID of the policy",
- "object_id": "ID of the action",
- "category_id": "ID of the category",
- "assignments": "Assignments list (list of data_id)",
- }
- }
- :internal_api: update_action_assignment
- """
- try:
- data_id = request.json.get("data_id")
- category_id = request.json.get("category_id")
- perimeter_id = request.json.get("id")
- data = PolicyManager.add_action_assignment(user_id=user_id, policy_id=uuid,
- action_id=perimeter_id, category_id=category_id,
- data_id=data_id)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"action_assignments": data}
-
- @check_auth
- def delete(self, uuid=None, perimeter_id=None, category_id=None, data_id=None, user_id=None):
- """Delete a action assignment for a given policy
-
- :param uuid: uuid of the policy
- :param perimeter_id: uuid of the action
- :param category_id: uuid of the action category
- :param data_id: uuid of the action scope
- :param user_id: user ID who do the request
- :return: {
- "result": "True or False",
- "message": "optional message"
- }
- :internal_api: delete_action_assignment
- """
- try:
- data = PolicyManager.delete_action_assignment(user_id=user_id, policy_id=uuid,
- action_id=perimeter_id, category_id=category_id,
- data_id=data_id)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"result": True}
diff --git a/moonv4/moon_manager/moon_manager/api/containers.py b/moonv4/moon_manager/moon_manager/api/containers.py
deleted file mode 100644
index 6dc50ea5..00000000
--- a/moonv4/moon_manager/moon_manager/api/containers.py
+++ /dev/null
@@ -1,178 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-"""
-PDP are Policy Decision Point.
-
-"""
-
-import copy
-from docker import Client
-from flask import request
-from flask_restful import Resource
-from oslo_log import log as logging
-from python_moonutilities.security_functions import check_auth
-from python_moonutilities import configuration
-
-docker_conf = configuration.get_configuration("docker")['docker']
-docker = Client(base_url=docker_conf['url'])
-
-__version__ = "0.1.0"
-
-LOG = logging.getLogger("moon.manager.api." + __name__)
-
-
-class Container(Resource):
- """
- Endpoint for container requests
- """
-
- __urls__ = (
- "/containers",
- "/containers/",
- "/containers/<string:uuid>",
- "/containers/<string:uuid>/",
- )
-
- def __init__(self):
- self.containers = {}
- self.update()
-
- def update(self):
- for _container in docker.containers():
- if _container['Id'] not in self.containers:
- self.containers[_container['Id']] = {
- "name": _container["Names"],
- "port": _container["Ports"],
- }
-
- @check_auth
- def get(self, uuid=None, user_id=None):
- """Retrieve all containers
-
- :param uuid: uuid of the container
- :param user_id: user ID who do the request
- :return: {
- "containers": {
- "da0fd80fc1dc146e1b...a2e07d240cde09f0a": {
- "name": [
- "/wrapper"
- ],
- "port": [
- {
- "PrivatePort": 8080,
- "Type": "tcp",
- "IP": "0.0.0.0",
- "PublicPort": 8080
- }
- ]
- },
- }
- }
- :internal_api: get_containers
- """
- # try:
- # data = [{"name": item["Names"], "port": item["Ports"], } for item in docker.containers()]
- # except Exception as e:
- # LOG.error(e, exc_info=True)
- # return {"result": False,
- # "error": str(e)}
- return {"containers": self.containers}
-
- @check_auth
- def post(self, uuid=None, user_id=None):
- """Add a new container.
-
- :param uuid: uuid of the pdp (not used here)
- :param user_id: user ID who do the request
- :request body: {
- "id": "id of the new container",
- "name": "name of the new container",
- "hostname": "hostname of the new container",
- "port": {
- "PrivatePort": 8080,
- "Type": "tcp",
- "IP": "0.0.0.0",
- "PublicPort": 8080
- },
- "keystone_project_id": "keystone_project_id1",
- "pdp_id": "PDP UUID",
- "container_name": "wukongsun/moon_authz:v4.1"
- }
- :return: {
- "containers": {
- "da0fd80fc1dc146e1b...a2e07d240cde09f0a": {
- "name": [
- "/wrapper"
- ],
- "port": [
- {
- "PrivatePort": 8080,
- "Type": "tcp",
- "IP": "0.0.0.0",
- "PublicPort": 8080
- }
- ]
- },
- }
- }
- :internal_api: add_container
- """
- try:
- self.update()
- self.containers[request.json.get('id')] = copy.deepcopy(request.json)
- LOG.info("Added a new container {}".format(request.json.get('name')))
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"containers": self.containers}
-
- @check_auth
- def delete(self, uuid=None, user_id=None):
- """Delete a pdp
-
- :param uuid: uuid of the pdp to delete
- :param user_id: user ID who do the request
- :return: {
- "result": "True or False",
- "message": "optional message"
- }
- :internal_api: delete_pdp
- """
- # try:
- # data = PDPManager.delete_pdp(user_id=user_id, pdp_id=uuid)
- # except Exception as e:
- # LOG.error(e, exc_info=True)
- # return {"result": False,
- # "error": str(e)}
- # return {"result": True}
- raise NotImplementedError
-
- @check_auth
- def patch(self, uuid=None, user_id=None):
- """Update a pdp
-
- :param uuid: uuid of the pdp to update
- :param user_id: user ID who do the request
- :return: {
- "pdp_id1": {
- "name": "...",
- "security_pipeline": [...],
- "keystone_project_id": "keystone_project_id1",
- "description": "...",
- }
- }
- :internal_api: update_pdp
- """
- # try:
- # data = PDPManager.update_pdp(user_id=user_id, pdp_id=uuid, value=request.json)
- # add_container(uuid=uuid, pipeline=data[uuid]['security_pipeline'])
- # except Exception as e:
- # LOG.error(e, exc_info=True)
- # return {"result": False,
- # "error": str(e)}
- # return {"pdps": data}
- raise NotImplementedError
-
diff --git a/moonv4/moon_manager/moon_manager/api/data.py b/moonv4/moon_manager/moon_manager/api/data.py
deleted file mode 100644
index 61fe92bf..00000000
--- a/moonv4/moon_manager/moon_manager/api/data.py
+++ /dev/null
@@ -1,335 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-"""
-Data are elements used to create rules
-
-"""
-
-from flask import request
-from flask_restful import Resource
-from oslo_log import log as logging
-from python_moonutilities.security_functions import check_auth
-from python_moondb.core import PolicyManager
-
-__version__ = "0.2.0"
-
-LOG = logging.getLogger("moon.manager.api." + __name__)
-
-
-class SubjectData(Resource):
- """
- Endpoint for subject data requests
- """
-
- __urls__ = (
- "/policies/<string:uuid>/subject_data",
- "/policies/<string:uuid>/subject_data/",
- "/policies/<string:uuid>/subject_data/<string:category_id>",
- "/policies/<string:uuid>/subject_data/<string:category_id>/"
- "<string:data_id>",
- )
-
- @check_auth
- def get(self, uuid=None, category_id=None, data_id=None, user_id=None):
- """Retrieve all subject categories or a specific one if sid is given
- for a given policy
-
- :param uuid: uuid of the policy
- :param category_id: uuid of the subject category
- :param data_id: uuid of the subject data
- :param user_id: user ID who do the request
- :return: [{
- "policy_id": "policy_id1",
- "category_id": "category_id1",
- "data": {
- "subject_data_id": {
- "name": "name of the data",
- "description": "description of the data"
- }
- }
- }]
- :internal_api: get_subject_data
- """
- try:
- data = PolicyManager.get_subject_data(user_id=user_id,
- policy_id=uuid,
- category_id=category_id,
- data_id=data_id)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"subject_data": data}
-
- @check_auth
- def post(self, uuid=None, category_id=None, data_id=None, user_id=None):
- """Create or update a subject.
-
- :param uuid: uuid of the policy
- :param category_id: uuid of the subject category
- :param data_id: uuid of the subject data
- :param user_id: user ID who do the request
- :request body: {
- "name": "name of the data",
- "description": "description of the data"
- }
- :return: {
- "policy_id": "policy_id1",
- "category_id": "category_id1",
- "data": {
- "subject_data_id": {
- "name": "name of the data",
- "description": "description of the data"
- }
- }
- }
- :internal_api: add_subject_data
- """
- try:
- data = PolicyManager.set_subject_data(user_id=user_id,
- policy_id=uuid,
- category_id=category_id,
- value=request.json)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"subject_data": data}
-
- @check_auth
- def delete(self, uuid=None, category_id=None, data_id=None, user_id=None):
- """Delete a subject for a given policy
-
- :param uuid: uuid of the policy
- :param category_id: uuid of the subject category
- :param data_id: uuid of the subject data
- :param user_id: user ID who do the request
- :return: [{
- "result": "True or False",
- "message": "optional message"
- }]
- :internal_api: delete_subject_data
- """
- try:
- data = PolicyManager.delete_subject_data(user_id=user_id,
- policy_id=uuid,
- data_id=data_id)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"result": True}
-
-
-class ObjectData(Resource):
- """
- Endpoint for object data requests
- """
-
- __urls__ = (
- "/policies/<string:uuid>/object_data",
- "/policies/<string:uuid>/object_data/",
- "/policies/<string:uuid>/object_data/<string:category_id>",
- "/policies/<string:uuid>/object_data/<string:category_id>/"
- "<string:data_id>",
- )
-
- @check_auth
- def get(self, uuid=None, category_id=None, data_id=None, user_id=None):
- """Retrieve all object categories or a specific one if sid is given
- for a given policy
-
- :param uuid: uuid of the policy
- :param category_id: uuid of the object category
- :param data_id: uuid of the object data
- :param user_id: user ID who do the request
- :return: [{
- "policy_id": "policy_id1",
- "category_id": "category_id1",
- "data": {
- "object_data_id": {
- "name": "name of the data",
- "description": "description of the data"
- }
- }
- }]
- :internal_api: get_object_data
- """
- try:
- data = PolicyManager.get_object_data(user_id=user_id,
- policy_id=uuid,
- category_id=category_id,
- data_id=data_id)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"object_data": data}
-
- @check_auth
- def post(self, uuid=None, category_id=None, data_id=None, user_id=None):
- """Create or update a object.
-
- :param uuid: uuid of the policy
- :param category_id: uuid of the object category
- :param data_id: uuid of the object data
- :param user_id: user ID who do the request
- :request body: {
- "name": "name of the data",
- "description": "description of the data"
- }
- :return: {
- "policy_id": "policy_id1",
- "category_id": "category_id1",
- "data": {
- "object_data_id": {
- "name": "name of the data",
- "description": "description of the data"
- }
- }
- }
- :internal_api: add_object_data
- """
- try:
- data = PolicyManager.add_object_data(user_id=user_id,
- policy_id=uuid,
- category_id=category_id,
- value=request.json)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"object_data": data}
-
- @check_auth
- def delete(self, uuid=None, category_id=None, data_id=None, user_id=None):
- """Delete a object for a given policy
-
- :param uuid: uuid of the policy
- :param category_id: uuid of the object category
- :param data_id: uuid of the object data
- :param user_id: user ID who do the request
- :return: {
- "result": "True or False",
- "message": "optional message"
- }
- :internal_api: delete_object_data
- """
- try:
- data = PolicyManager.delete_object_data(user_id=user_id,
- policy_id=uuid,
- data_id=data_id)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"result": True}
-
-
-class ActionData(Resource):
- """
- Endpoint for action data requests
- """
-
- __urls__ = (
- "/policies/<string:uuid>/action_data",
- "/policies/<string:uuid>/action_data/",
- "/policies/<string:uuid>/action_data/<string:category_id>",
- "/policies/<string:uuid>/action_data/<string:category_id>/"
- "<string:data_id>",
- )
-
- @check_auth
- def get(self, uuid=None, category_id=None, data_id=None, user_id=None):
- """Retrieve all action categories or a specific one if sid is given
- for a given policy
-
- :param uuid: uuid of the policy
- :param category_id: uuid of the action category
- :param data_id: uuid of the action data
- :param user_id: user ID who do the request
- :return: [{
- "policy_id": "policy_id1",
- "category_id": "category_id1",
- "data": {
- "action_data_id": {
- "name": "name of the data",
- "description": "description of the data"
- }
- }
- }]
- :internal_api: get_action_data
- """
- try:
- data = PolicyManager.get_action_data(user_id=user_id,
- policy_id=uuid,
- category_id=category_id,
- data_id=data_id)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"action_data": data}
-
- @check_auth
- def post(self, uuid=None, category_id=None, data_id=None, user_id=None):
- """Create or update a action.
-
- :param uuid: uuid of the policy
- :param category_id: uuid of the action category
- :param data_id: uuid of the action data
- :param user_id: user ID who do the request
- :request body: {
- "name": "name of the data",
- "description": "description of the data"
- }
- :return: {
- "policy_id": "policy_id1",
- "category_id": "category_id1",
- "data": {
- "action_data_id": {
- "name": "name of the data",
- "description": "description of the data"
- }
- }
- }
- :internal_api: add_action_data
- """
- try:
- data = PolicyManager.add_action_data(user_id=user_id,
- policy_id=uuid,
- category_id=category_id,
- value=request.json)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"action_data": data}
-
- @check_auth
- def delete(self, uuid=None, category_id=None, data_id=None, user_id=None):
- """Delete a action for a given policy
-
- :param uuid: uuid of the policy
- :param category_id: uuid of the action category
- :param data_id: uuid of the action data
- :param user_id: user ID who do the request
- :return: {
- "result": "True or False",
- "message": "optional message"
- }
- :internal_api: delete_action_data
- """
- try:
- data = PolicyManager.delete_action_data(user_id=user_id,
- policy_id=uuid,
- data_id=data_id)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"result": True}
-
-
diff --git a/moonv4/moon_manager/moon_manager/api/generic.py b/moonv4/moon_manager/moon_manager/api/generic.py
deleted file mode 100644
index bd7dcdac..00000000
--- a/moonv4/moon_manager/moon_manager/api/generic.py
+++ /dev/null
@@ -1,131 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-"""
-Those API are helping API used to manage the Moon platform.
-"""
-
-from flask_restful import Resource, request
-from oslo_log import log as logging
-import moon_manager.api
-from python_moonutilities.security_functions import check_auth
-
-__version__ = "0.1.0"
-
-LOG = logging.getLogger("moon.manager.api." + __name__)
-
-
-class Status(Resource):
- """
- Endpoint for status requests
- """
-
- __urls__ = ("/status", "/status/", "/status/<string:component_id>")
-
- def get(self, component_id=None):
- """Retrieve status of all components
-
- :return: {
- "orchestrator": {
- "status": "Running"
- },
- "security_router": {
- "status": "Running"
- }
- }
- """
- raise NotImplemented
-
-
-class Logs(Resource):
- """
- Endpoint for logs requests
- """
-
- __urls__ = ("/logs", "/logs/", "/logs/<string:component_id>")
-
- def get(self, component_id=None):
- """Get logs from the Moon platform
-
- :param component_id: the ID of the component your are looking for (optional)
- :return: [
- "2015-04-15-13:45:20
- "2015-04-15-13:45:21
- "2015-04-15-13:45:22
- "2015-04-15-13:45:23
- ]
- """
- filter_str = request.args.get('filter', '')
- from_str = request.args.get('from', '')
- to_str = request.args.get('to', '')
- event_number = request.args.get('event_number', '')
- try:
- event_number = int(event_number)
- except ValueError:
- event_number = None
- args = dict()
- args["filter"] = filter_str
- args["from"] = from_str
- args["to"] = to_str
- args["event_number"] = event_number
-
- raise NotImplemented
-
-
-class API(Resource):
- """
- Endpoint for API requests
- """
-
- __urls__ = (
- "/api",
- "/api/",
- "/api/<string:group_id>",
- "/api/<string:group_id>/",
- "/api/<string:group_id>/<string:endpoint_id>")
-
- @check_auth
- def get(self, group_id="", endpoint_id="", user_id=""):
- """Retrieve all API endpoints or a specific endpoint if endpoint_id is given
-
- :param group_id: the name of one existing group (ie generic, ...)
- :param endpoint_id: the name of one existing component (ie Logs, Status, ...)
- :return: {
- "group_name": {
- "endpoint_name": {
- "description": "a description",
- "methods": {
- "get": "description of the HTTP method"
- },
- "urls": ('/api', '/api/', '/api/<string:endpoint_id>')
- }
- }
- """
- __methods = ("get", "post", "put", "delete", "options", "patch")
- api_list = filter(lambda x: "__" not in x, dir(moon_manager.api))
- api_desc = dict()
- for api_name in api_list:
- api_desc[api_name] = {}
- group_api_obj = eval("moon_manager.api.{}".format(api_name))
- api_desc[api_name]["description"] = group_api_obj.__doc__
- if "__version__" in dir(group_api_obj):
- api_desc[api_name]["version"] = group_api_obj.__version__
- object_list = list(filter(lambda x: "__" not in x, dir(group_api_obj)))
- for obj in map(lambda x: eval("moon_manager.api.{}.{}".format(api_name, x)), object_list):
- if "__urls__" in dir(obj):
- api_desc[api_name][obj.__name__] = dict()
- api_desc[api_name][obj.__name__]["urls"] = obj.__urls__
- api_desc[api_name][obj.__name__]["methods"] = dict()
- for _method in filter(lambda x: x in __methods, dir(obj)):
- docstring = eval("moon_manager.api.{}.{}.{}.__doc__".format(api_name, obj.__name__, _method))
- api_desc[api_name][obj.__name__]["methods"][_method] = docstring
- api_desc[api_name][obj.__name__]["description"] = str(obj.__doc__)
- if group_id in api_desc:
- if endpoint_id in api_desc[group_id]:
- return {group_id: {endpoint_id: api_desc[group_id][endpoint_id]}}
- elif len(endpoint_id) > 0:
- LOG.error("Unknown endpoint_id {}".format(endpoint_id))
- return {"error": "Unknown endpoint_id {}".format(endpoint_id)}
- return {group_id: api_desc[group_id]}
- return api_desc
diff --git a/moonv4/moon_manager/moon_manager/api/meta_data.py b/moonv4/moon_manager/moon_manager/api/meta_data.py
deleted file mode 100644
index 9dc04cc7..00000000
--- a/moonv4/moon_manager/moon_manager/api/meta_data.py
+++ /dev/null
@@ -1,267 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-"""
-Meta Data are elements used to create Meta data (skeleton of security policies)
-
-"""
-
-from flask import request
-from flask_restful import Resource
-from oslo_log import log as logging
-from python_moonutilities.security_functions import check_auth
-from python_moondb.core import ModelManager
-
-__version__ = "0.2.0"
-
-LOG = logging.getLogger("moon.manager.api." + __name__)
-
-
-class SubjectCategories(Resource):
- """
- Endpoint for subject categories requests
- """
-
- __urls__ = (
- "/subject_categories",
- "/subject_categories/",
- "/subject_categories/<string:category_id>",
- )
-
- @check_auth
- def get(self, category_id=None, user_id=None):
- """Retrieve all subject categories or a specific one
-
- :param category_id: uuid of the subject category
- :param user_id: user ID who do the request
- :return: {
- "subject_category_id": {
- "name": "name of the category",
- "description": "description of the category"
- }
- }
- :internal_api: get_subject_categories
- """
- try:
- data = ModelManager.get_subject_categories(
- user_id=user_id, category_id=category_id)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"subject_categories": data}
-
- @check_auth
- def post(self, category_id=None, user_id=None):
- """Create or update a subject category.
-
- :param category_id: must not be used here
- :param user_id: user ID who do the request
- :request body: {
- "name": "name of the category",
- "description": "description of the category"
- }
- :return: {
- "subject_category_id": {
- "name": "name of the category",
- "description": "description of the category"
- }
- }
- :internal_api: add_subject_category
- """
- try:
- data = ModelManager.add_subject_category(
- user_id=user_id, value=request.json)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"subject_categories": data}
-
- @check_auth
- def delete(self, category_id=None, user_id=None):
- """Delete a subject category
-
- :param category_id: uuid of the subject category to delete
- :param user_id: user ID who do the request
- :return: {
- "result": "True or False",
- "message": "optional message"
- }
- :internal_api: delete_subject_category
- """
- try:
- data = ModelManager.delete_subject_category(
- user_id=user_id, category_id=category_id)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"result": True}
-
-
-class ObjectCategories(Resource):
- """
- Endpoint for object categories requests
- """
-
- __urls__ = (
- "/object_categories",
- "/object_categories/",
- "/object_categories/<string:category_id>",
- )
-
- @check_auth
- def get(self, category_id=None, user_id=None):
- """Retrieve all object categories or a specific one
-
- :param category_id: uuid of the object category
- :param user_id: user ID who do the request
- :return: {
- "object_category_id": {
- "name": "name of the category",
- "description": "description of the category"
- }
- }
- :internal_api: get_object_categories
- """
- try:
- data = ModelManager.get_object_categories(
- user_id=user_id, category_id=category_id)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"object_categories": data}
-
- @check_auth
- def post(self, category_id=None, user_id=None):
- """Create or update a object category.
-
- :param category_id: must not be used here
- :param user_id: user ID who do the request
- :request body: {
- "name": "name of the category",
- "description": "description of the category"
- }
- :return: {
- "object_category_id": {
- "name": "name of the category",
- "description": "description of the category"
- }
- }
- :internal_api: add_object_category
- """
- try:
- data = ModelManager.add_object_category(
- user_id=user_id, value=request.json)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"object_categories": data}
-
- @check_auth
- def delete(self, category_id=None, user_id=None):
- """Delete an object category
-
- :param category_id: uuid of the object category to delete
- :param user_id: user ID who do the request
- :return: {
- "result": "True or False",
- "message": "optional message"
- }
- :internal_api: delete_object_category
- """
- try:
- data = ModelManager.delete_object_category(
- user_id=user_id, category_id=category_id)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"result": True}
-
-
-class ActionCategories(Resource):
- """
- Endpoint for action categories requests
- """
-
- __urls__ = (
- "/action_categories",
- "/action_categories/",
- "/action_categories/<string:category_id>",
- )
-
- @check_auth
- def get(self, category_id=None, user_id=None):
- """Retrieve all action categories or a specific one
-
- :param category_id: uuid of the action category
- :param user_id: user ID who do the request
- :return: {
- "action_category_id": {
- "name": "name of the category",
- "description": "description of the category"
- }
- }
- :internal_api: get_action_categories
- """
- try:
- data = ModelManager.get_action_categories(
- user_id=user_id, category_id=category_id)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"action_categories": data}
-
- @check_auth
- def post(self, category_id=None, user_id=None):
- """Create or update an action category.
-
- :param category_id: must not be used here
- :param user_id: user ID who do the request
- :request body: {
- "name": "name of the category",
- "description": "description of the category"
- }
- :return: {
- "action_category_id": {
- "name": "name of the category",
- "description": "description of the category"
- }
- }
- :internal_api: add_action_category
- """
- try:
- data = ModelManager.add_action_category(
- user_id=user_id, value=request.json)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"action_categories": data}
-
- @check_auth
- def delete(self, category_id=None, user_id=None):
- """Delete an action
-
- :param category_id: uuid of the action category to delete
- :param user_id: user ID who do the request
- :return: {
- "result": "True or False",
- "message": "optional message"
- }
- :internal_api: delete_action_category
- """
- try:
- data = ModelManager.delete_action_category(
- user_id=user_id, category_id=category_id)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"result": True}
diff --git a/moonv4/moon_manager/moon_manager/api/meta_rules.py b/moonv4/moon_manager/moon_manager/api/meta_rules.py
deleted file mode 100644
index ceba0ffb..00000000
--- a/moonv4/moon_manager/moon_manager/api/meta_rules.py
+++ /dev/null
@@ -1,164 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-"""
-Meta rules are skeleton for security policies
-
-"""
-
-from flask import request
-from flask_restful import Resource
-from oslo_log import log as logging
-from python_moonutilities.security_functions import check_auth
-from python_moondb.core import ModelManager
-
-__version__ = "0.1.0"
-
-LOG = logging.getLogger("moon.manager.api." + __name__)
-
-
-class MetaRules(Resource):
- """
- Endpoint for meta rules requests
- """
-
- __urls__ = ("/meta_rules",
- "/meta_rules/",
- "/meta_rules/<string:meta_rule_id>",
- "/meta_rules/<string:meta_rule_id>/")
-
- @check_auth
- def get(self, meta_rule_id=None, user_id=None):
- """Retrieve all sub meta rules
-
- :param meta_rule_id: Meta rule algorithm ID
- :param user_id: user ID who do the request
- :return: {
- "meta_rules": {
- "meta_rule_id1": {
- "name": "name of the meta rule",
- "algorithm": "name of the meta rule algorithm",
- "subject_categories": ["subject_category_id1",
- "subject_category_id2"],
- "object_categories": ["object_category_id1"],
- "action_categories": ["action_category_id1"]
- },
- }
- }
- :internal_api: get_meta_rules
- """
- try:
- data = ModelManager.get_meta_rules(
- user_id=user_id, meta_rule_id=meta_rule_id)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"meta_rules": data}
-
- @check_auth
- def post(self, meta_rule_id=None, user_id=None):
- """Add a meta rule
-
- :param meta_rule_id: Meta rule ID
- :param user_id: user ID who do the request
- :request body: post = {
- "name": "name of the meta rule",
- "subject_categories": ["subject_category_id1",
- "subject_category_id2"],
- "object_categories": ["object_category_id1"],
- "action_categories": ["action_category_id1"]
- }
- :return: {
- "meta_rules": {
- "meta_rule_id1": {
- "name": "name of the meta rule",
- "subject_categories": ["subject_category_id1",
- "subject_category_id2"],
- "object_categories": ["object_category_id1"],
- "action_categories": ["action_category_id1"]
- },
- }
- }
- :internal_api: add_meta_rules
- """
- try:
- data = ModelManager.add_meta_rule(
- user_id=user_id, meta_rule_id=None, value=request.json)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"meta_rules": data}
-
- @check_auth
- def patch(self, meta_rule_id=None, user_id=None):
- """Update a meta rule
-
- :param meta_rule_id: Meta rule ID
- :param user_id: user ID who do the request
- :request body: patch = {
- "name": "name of the meta rule",
- "subject_categories": ["subject_category_id1",
- "subject_category_id2"],
- "object_categories": ["object_category_id1"],
- "action_categories": ["action_category_id1"]
- }
- :return: {
- "meta_rules": {
- "meta_rule_id1": {
- "name": "name of the meta rule",
- "subject_categories": ["subject_category_id1",
- "subject_category_id2"],
- "object_categories": ["object_category_id1"],
- "action_categories": ["action_category_id1"]
- },
- }
- }
- :internal_api: set_meta_rules
- """
- try:
- data = ModelManager.set_meta_rule(
- user_id=user_id, meta_rule_id=meta_rule_id, value=request.json)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"meta_rules": data}
-
- @check_auth
- def delete(self, meta_rule_id=None, user_id=None):
- """Delete a meta rule
-
- :param meta_rule_id: Meta rule ID
- :param user_id: user ID who do the request
- :request body: delete = {
- "name": "name of the meta rule",
- "subject_categories": ["subject_category_id1",
- "subject_category_id2"],
- "object_categories": ["object_category_id1"],
- "action_categories": ["action_category_id1"]
- }
- :return: {
- "meta_rules": {
- "meta_rule_id1": {
- "name": "name of the meta rule",
- "subject_categories": ["subject_category_id1",
- "subject_category_id2"],
- "object_categories": ["object_category_id1"],
- "action_categories": ["action_category_id1"]
- },
- }
- }
- :internal_api: delete_meta_rules
- """
- try:
- data = ModelManager.delete_meta_rule(
- user_id=user_id, meta_rule_id=meta_rule_id)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"result": True}
-
diff --git a/moonv4/moon_manager/moon_manager/api/models.py b/moonv4/moon_manager/moon_manager/api/models.py
deleted file mode 100644
index 62866191..00000000
--- a/moonv4/moon_manager/moon_manager/api/models.py
+++ /dev/null
@@ -1,127 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-"""
-Models aggregate multiple meta rules
-"""
-
-from flask import request
-from flask_restful import Resource
-from oslo_log import log as logging
-from python_moonutilities.security_functions import check_auth
-from python_moondb.core import ModelManager
-
-__version__ = "0.1.0"
-
-LOG = logging.getLogger("moon.manager.api." + __name__)
-
-
-class Models(Resource):
- """
- Endpoint for model requests
- """
-
- __urls__ = (
- "/models",
- "/models/",
- "/models/<string:uuid>",
- "/models/<string:uuid>/",
- )
-
- @check_auth
- def get(self, uuid=None, user_id=None):
- """Retrieve all models
-
- :param uuid: uuid of the model
- :param user_id: user ID who do the request
- :return: {
- "model_id1": {
- "name": "...",
- "description": "...",
- "meta_rules": ["meta_rule_id1", ]
- }
- }
- :internal_api: get_models
- """
- try:
- data = ModelManager.get_models(user_id=user_id, model_id=uuid)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"models": data}
-
- @check_auth
- def post(self, uuid=None, user_id=None):
- """Create model.
-
- :param uuid: uuid of the model (not used here)
- :param user_id: user ID who do the request
- :request body: {
- "name": "...",
- "description": "...",
- "meta_rules": ["meta_rule_id1", ]
- }
- :return: {
- "model_id1": {
- "name": "...",
- "description": "...",
- "meta_rules": ["meta_rule_id1", ]
- }
- }
- :internal_api: add_model
- """
- try:
- data = ModelManager.add_model(
- user_id=user_id, model_id=uuid, value=request.json)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"models": data}
-
- @check_auth
- def delete(self, uuid=None, user_id=None):
- """Delete a model
-
- :param uuid: uuid of the model to delete
- :param user_id: user ID who do the request
- :return: {
- "result": "True or False",
- "message": "optional message"
- }
- :internal_api: delete_model
- """
- try:
- data = ModelManager.delete_model(user_id=user_id, model_id=uuid)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"result": True}
-
- @check_auth
- def patch(self, uuid=None, user_id=None):
- """Update a model
-
- :param uuid: uuid of the model to update
- :param user_id: user ID who do the request
- :return: {
- "model_id1": {
- "name": "...",
- "description": "...",
- "meta_rules": ["meta_rule_id1", ]
- }
- }
- :internal_api: update_model
- """
- try:
- data = ModelManager.update_model(
- user_id=user_id, model_id=uuid, value=request.json)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"models": data}
-
diff --git a/moonv4/moon_manager/moon_manager/api/pdp.py b/moonv4/moon_manager/moon_manager/api/pdp.py
deleted file mode 100644
index 9183c25d..00000000
--- a/moonv4/moon_manager/moon_manager/api/pdp.py
+++ /dev/null
@@ -1,181 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-"""
-PDP are Policy Decision Point.
-
-"""
-
-from flask import request
-from flask_restful import Resource
-import logging
-import requests
-import time
-from python_moonutilities.security_functions import check_auth
-from python_moondb.core import PDPManager
-from python_moondb.core import PolicyManager
-from python_moondb.core import ModelManager
-from python_moonutilities import configuration
-
-__version__ = "0.1.0"
-
-LOG = logging.getLogger("moon.manager.api." + __name__)
-
-
-def delete_pod(uuid):
- raise NotImplementedError
-
-
-def add_pod(uuid, data):
- if not data.get("keystone_project_id"):
- return
- LOG.info("Add a new pod {}".format(data))
- if "pdp_id" not in data:
- data["pdp_id"] = uuid
- data['policies'] = PolicyManager.get_policies(user_id="admin")
- data['models'] = ModelManager.get_models(user_id="admin")
- conf = configuration.get_configuration("components/orchestrator")
- hostname = conf["components/orchestrator"].get("hostname", "orchestrator")
- port = conf["components/orchestrator"].get("port", 80)
- proto = conf["components/orchestrator"].get("protocol", "http")
- while True:
- try:
- req = requests.post(
- "{}://{}:{}/pods".format(proto, hostname, port),
- json=data,
- headers={"content-type": "application/json"})
- except requests.exceptions.ConnectionError:
- LOG.warning("Orchestrator is not ready, standby...")
- time.sleep(1)
- else:
- break
- LOG.info(req.text)
-
-
-class PDP(Resource):
- """
- Endpoint for pdp requests
- """
-
- __urls__ = (
- "/pdp",
- "/pdp/",
- "/pdp/<string:uuid>",
- "/pdp/<string:uuid>/",
- )
-
- @check_auth
- def get(self, uuid=None, user_id=None):
- """Retrieve all pdp
-
- :param uuid: uuid of the pdp
- :param user_id: user ID who do the request
- :return: {
- "pdp_id1": {
- "name": "...",
- "security_pipeline": [...],
- "keystone_project_id": "keystone_project_id1",
- "description": "...",
- }
- }
- :internal_api: get_pdp
- """
- try:
- data = PDPManager.get_pdp(user_id=user_id, pdp_id=uuid)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"pdps": data}
-
- @check_auth
- def post(self, uuid=None, user_id=None):
- """Create pdp.
-
- :param uuid: uuid of the pdp (not used here)
- :param user_id: user ID who do the request
- :request body: {
- "name": "...",
- "security_pipeline": [...],
- "keystone_project_id": "keystone_project_id1",
- "description": "...",
- }
- :return: {
- "pdp_id1": {
- "name": "...",
- "security_pipeline": [...],
- "keystone_project_id": "keystone_project_id1",
- "description": "...",
- }
- }
- :internal_api: add_pdp
- """
- try:
- data = dict(request.json)
- if not data.get("keystone_project_id"):
- data["keystone_project_id"] = None
- data = PDPManager.add_pdp(
- user_id=user_id, pdp_id=None, value=request.json)
- uuid = list(data.keys())[0]
- LOG.info("data={}".format(data))
- LOG.info("uuid={}".format(uuid))
- add_pod(uuid=uuid, data=data[uuid])
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"pdps": data}
-
- @check_auth
- def delete(self, uuid=None, user_id=None):
- """Delete a pdp
-
- :param uuid: uuid of the pdp to delete
- :param user_id: user ID who do the request
- :return: {
- "result": "True or False",
- "message": "optional message"
- }
- :internal_api: delete_pdp
- """
- try:
- data = PDPManager.delete_pdp(user_id=user_id, pdp_id=uuid)
- delete_pod(uuid)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"result": True}
-
- @check_auth
- def patch(self, uuid=None, user_id=None):
- """Update a pdp
-
- :param uuid: uuid of the pdp to update
- :param user_id: user ID who do the request
- :return: {
- "pdp_id1": {
- "name": "...",
- "security_pipeline": [...],
- "keystone_project_id": "keystone_project_id1",
- "description": "...",
- }
- }
- :internal_api: update_pdp
- """
- try:
- _data = dict(request.json)
- if not _data.get("keystone_project_id"):
- _data["keystone_project_id"] = None
- data = PDPManager.update_pdp(
- user_id=user_id, pdp_id=uuid, value=_data)
- LOG.info("data={}".format(data))
- LOG.info("uuid={}".format(uuid))
- add_pod(uuid=uuid, data=data[uuid])
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"pdps": data}
-
diff --git a/moonv4/moon_manager/moon_manager/api/perimeter.py b/moonv4/moon_manager/moon_manager/api/perimeter.py
deleted file mode 100644
index 8196e627..00000000
--- a/moonv4/moon_manager/moon_manager/api/perimeter.py
+++ /dev/null
@@ -1,447 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-"""
-* Subjects are the source of an action on an object
- (examples : users, virtual machines)
-* Objects are the destination of an action
- (examples virtual machines, virtual Routers)
-* Actions are what subject wants to do on an object
-"""
-
-from flask import request
-from flask_restful import Resource
-from oslo_log import log as logging
-from python_moonutilities.security_functions import check_auth
-from python_moondb.core import PolicyManager
-
-__version__ = "0.2.0"
-
-LOG = logging.getLogger("moon.manager.api." + __name__)
-
-
-class Subjects(Resource):
- """
- Endpoint for subjects requests
- """
-
- __urls__ = (
- "/subjects",
- "/subjects/",
- "/subjects/<string:perimeter_id>",
- "/policies/<string:uuid>/subjects",
- "/policies/<string:uuid>/subjects/",
- "/policies/<string:uuid>/subjects/<string:perimeter_id>",
- )
-
- @check_auth
- def get(self, uuid=None, perimeter_id=None, user_id=None):
- """Retrieve all subjects or a specific one if perimeter_id is
- given for a given policy
-
- :param uuid: uuid of the policy
- :param perimeter_id: uuid of the subject
- :param user_id: user ID who do the request
- :return: {
- "subject_id": {
- "name": "name of the subject",
- "keystone_id": "keystone id of the subject",
- "description": "a description"
- }
- }
- :internal_api: get_subjects
- """
- try:
- data = PolicyManager.get_subjects(
- user_id=user_id,
- policy_id=uuid,
- perimeter_id=perimeter_id
- )
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"subjects": data}
-
- @check_auth
- def post(self, uuid=None, perimeter_id=None, user_id=None):
- """Create or update a subject.
-
- :param uuid: uuid of the policy
- :param perimeter_id: must not be used here
- :param user_id: user ID who do the request
- :request body: {
- "name": "name of the subject",
- "description": "description of the subject",
- "password": "password for the subject",
- "email": "email address of the subject"
- }
- :return: {
- "subject_id": {
- "name": "name of the subject",
- "keystone_id": "keystone id of the subject",
- "description": "description of the subject",
- "password": "password for the subject",
- "email": "email address of the subject"
- }
- }
- :internal_api: set_subject
- """
- try:
- if not perimeter_id:
- data = PolicyManager.get_subjects(user_id=user_id,
- policy_id=None)
- if 'name' in request.json:
- for data_id, data_value in data.items():
- if data_value['name'] == request.json['name']:
- perimeter_id = data_id
- break
- data = PolicyManager.add_subject(
- user_id=user_id, policy_id=uuid,
- perimeter_id=perimeter_id, value=request.json)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"subjects": data}
-
- @check_auth
- def patch(self, uuid=None, perimeter_id=None, user_id=None):
- """Create or update a subject.
-
- :param uuid: uuid of the policy
- :param perimeter_id: must not be used here
- :param user_id: user ID who do the request
- :request body: {
- "name": "name of the subject",
- "description": "description of the subject",
- "password": "password for the subject",
- "email": "email address of the subject"
- }
- :return: {
- "subject_id": {
- "name": "name of the subject",
- "keystone_id": "keystone id of the subject",
- "description": "description of the subject",
- "password": "password for the subject",
- "email": "email address of the subject"
- }
- }
- :internal_api: set_subject
- """
- try:
- if not perimeter_id:
- data = PolicyManager.get_subjects(user_id=user_id,
- policy_id=None)
- if 'name' in request.json:
- for data_id, data_value in data.items():
- if data_value['name'] == request.json['name']:
- perimeter_id = data_id
- break
- data = PolicyManager.add_subject(
- user_id=user_id, policy_id=uuid,
- perimeter_id=perimeter_id, value=request.json)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"subjects": data}
-
- @check_auth
- def delete(self, uuid=None, perimeter_id=None, user_id=None):
- """Delete a subject for a given policy
-
- :param uuid: uuid of the policy
- :param perimeter_id: uuid of the subject
- :param user_id: user ID who do the request
- :return: {
- "subject_id": {
- "name": "name of the subject",
- "keystone_id": "keystone id of the subject",
- "description": "description of the subject",
- "password": "password for the subject",
- "email": "email address of the subject"
- }
- }
- :internal_api: delete_subject
- """
- try:
- data = PolicyManager.delete_subject(
- user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"result": True}
-
-
-class Objects(Resource):
- """
- Endpoint for objects requests
- """
-
- __urls__ = (
- "/objects",
- "/objects/",
- "/objects/<string:perimeter_id>",
- "/policies/<string:uuid>/objects",
- "/policies/<string:uuid>/objects/",
- "/policies/<string:uuid>/objects/<string:perimeter_id>",
- )
-
- @check_auth
- def get(self, uuid=None, perimeter_id=None, user_id=None):
- """Retrieve all objects or a specific one if perimeter_id is
- given for a given policy
-
- :param uuid: uuid of the policy
- :param perimeter_id: uuid of the object
- :param user_id: user ID who do the request
- :return: {
- "object_id": {
- "name": "name of the object",
- "description": "description of the object"
- }
- }
- :internal_api: get_objects
- """
- try:
- data = PolicyManager.get_objects(
- user_id=user_id,
- policy_id=uuid,
- perimeter_id=perimeter_id
- )
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"objects": data}
-
- @check_auth
- def post(self, uuid=None, perimeter_id=None, user_id=None):
- """Create or update a object.
-
- :param uuid: uuid of the policy
- :param perimeter_id: must not be used here
- :param user_id: user ID who do the request
- :request body: {
- "object_name": "name of the object",
- "object_description": "description of the object"
- }
- :return: {
- "object_id": {
- "name": "name of the object",
- "description": "description of the object"
- }
- }
- :internal_api: set_object
- """
- try:
- data = PolicyManager.get_objects(user_id=user_id, policy_id=None)
- if 'name' in request.json:
- for data_id, data_value in data.items():
- if data_value['name'] == request.json['name']:
- perimeter_id = data_id
- break
- data = PolicyManager.add_object(
- user_id=user_id, policy_id=uuid,
- perimeter_id=perimeter_id, value=request.json)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"objects": data}
-
- @check_auth
- def patch(self, uuid=None, perimeter_id=None, user_id=None):
- """Create or update a object.
-
- :param uuid: uuid of the policy
- :param perimeter_id: must not be used here
- :param user_id: user ID who do the request
- :request body: {
- "object_name": "name of the object",
- "object_description": "description of the object"
- }
- :return: {
- "object_id": {
- "name": "name of the object",
- "description": "description of the object"
- }
- }
- :internal_api: set_object
- """
- try:
- data = PolicyManager.get_objects(user_id=user_id, policy_id=None)
- if 'name' in request.json:
- for data_id, data_value in data.items():
- if data_value['name'] == request.json['name']:
- perimeter_id = data_id
- break
- data = PolicyManager.add_object(
- user_id=user_id, policy_id=uuid,
- perimeter_id=perimeter_id, value=request.json)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"objects": data}
-
- @check_auth
- def delete(self, uuid=None, perimeter_id=None, user_id=None):
- """Delete a object for a given policy
-
- :param uuid: uuid of the policy
- :param perimeter_id: uuid of the object
- :param user_id: user ID who do the request
- :return: {
- "object_id": {
- "name": "name of the object",
- "description": "description of the object"
- }
- }
- :internal_api: delete_object
- """
- try:
- data = PolicyManager.delete_object(
- user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"result": True}
-
-
-class Actions(Resource):
- """
- Endpoint for actions requests
- """
-
- __urls__ = (
- "/actions",
- "/actions/",
- "/actions/<string:perimeter_id>",
- "/policies/<string:uuid>/actions",
- "/policies/<string:uuid>/actions/",
- "/policies/<string:uuid>/actions/<string:perimeter_id>",
- )
-
- @check_auth
- def get(self, uuid=None, perimeter_id=None, user_id=None):
- """Retrieve all actions or a specific one if perimeter_id
- is given for a given policy
-
- :param uuid: uuid of the policy
- :param perimeter_id: uuid of the action
- :param user_id: user ID who do the request
- :return: {
- "action_id": {
- "name": "name of the action",
- "description": "description of the action"
- }
- }
- :internal_api: get_actions
- """
- try:
- data = PolicyManager.get_actions(
- user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"actions": data}
-
- @check_auth
- def post(self, uuid=None, perimeter_id=None, user_id=None):
- """Create or update a action.
-
- :param uuid: uuid of the policy
- :param perimeter_id: must not be used here
- :param user_id: user ID who do the request
- :request body: {
- "name": "name of the action",
- "description": "description of the action"
- }
- :return: {
- "action_id": {
- "name": "name of the action",
- "description": "description of the action"
- }
- }
- :internal_api: set_action
- """
- try:
- data = PolicyManager.get_actions(user_id=user_id, policy_id=None)
- if 'name' in request.json:
- for data_id, data_value in data.items():
- if data_value['name'] == request.json['name']:
- perimeter_id = data_id
- break
- data = PolicyManager.add_action(
- user_id=user_id, policy_id=uuid,
- perimeter_id=perimeter_id, value=request.json)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"actions": data}
-
- @check_auth
- def patch(self, uuid=None, perimeter_id=None, user_id=None):
- """Create or update a action.
-
- :param uuid: uuid of the policy
- :param perimeter_id: must not be used here
- :param user_id: user ID who do the request
- :request body: {
- "name": "name of the action",
- "description": "description of the action"
- }
- :return: {
- "action_id": {
- "name": "name of the action",
- "description": "description of the action"
- }
- }
- :internal_api: set_action
- """
- try:
- data = PolicyManager.get_actions(user_id=user_id, policy_id=None)
- if 'name' in request.json:
- for data_id, data_value in data.items():
- if data_value['name'] == request.json['name']:
- perimeter_id = data_id
- break
- data = PolicyManager.add_action(
- user_id=user_id, policy_id=uuid,
- perimeter_id=perimeter_id, value=request.json)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"actions": data}
-
- @check_auth
- def delete(self, uuid=None, perimeter_id=None, user_id=None):
- """Delete a action for a given policy
-
- :param uuid: uuid of the policy
- :param perimeter_id: uuid of the action
- :param user_id: user ID who do the request
- :return: {
- "action_id": {
- "name": "name of the action",
- "description": "description of the action"
- }
- }
- :internal_api: delete_action
- """
- try:
- data = PolicyManager.delete_action(
- user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"result": True}
diff --git a/moonv4/moon_manager/moon_manager/api/policies.py b/moonv4/moon_manager/moon_manager/api/policies.py
deleted file mode 100644
index f34276bb..00000000
--- a/moonv4/moon_manager/moon_manager/api/policies.py
+++ /dev/null
@@ -1,132 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-"""
-Policies are instances of security models and implement security policies
-
-"""
-
-from flask import request
-from flask_restful import Resource
-from oslo_log import log as logging
-from python_moonutilities.security_functions import check_auth
-from python_moondb.core import PolicyManager
-
-__version__ = "0.1.0"
-
-LOG = logging.getLogger("moon.manager.api." + __name__)
-
-
-class Policies(Resource):
- """
- Endpoint for policy requests
- """
-
- __urls__ = (
- "/policies",
- "/policies/",
- "/policies/<string:uuid>",
- "/policies/<string:uuid>/",
- )
-
- @check_auth
- def get(self, uuid=None, user_id=None):
- """Retrieve all policies
-
- :param uuid: uuid of the policy
- :param user_id: user ID who do the request
- :return: {
- "policy_id1": {
- "name": "...",
- "model_id": "...",
- "genre": "...",
- "description": "...",
- }
- }
- :internal_api: get_policies
- """
- try:
- data = PolicyManager.get_policies(user_id=user_id, policy_id=uuid)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"policies": data}
-
- @check_auth
- def post(self, uuid=None, user_id=None):
- """Create policy.
-
- :param uuid: uuid of the policy (not used here)
- :param user_id: user ID who do the request
- :request body: {
- "name": "...",
- "model_id": "...",
- "genre": "...",
- "description": "...",
- }
- :return: {
- "policy_id1": {
- "name": "...",
- "model_id": "...",
- "genre": "...",
- "description": "...",
- }
- }
- :internal_api: add_policy
- """
- try:
- data = PolicyManager.add_policy(
- user_id=user_id, policy_id=uuid, value=request.json)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"policies": data}
-
- @check_auth
- def delete(self, uuid=None, user_id=None):
- """Delete a policy
-
- :param uuid: uuid of the policy to delete
- :param user_id: user ID who do the request
- :return: {
- "result": "True or False",
- "message": "optional message"
- }
- :internal_api: delete_policy
- """
- try:
- data = PolicyManager.delete_policy(user_id=user_id, policy_id=uuid)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"result": True}
-
- @check_auth
- def patch(self, uuid=None, user_id=None):
- """Update a policy
-
- :param uuid: uuid of the policy to update
- :param user_id: user ID who do the request
- :return: {
- "policy_id1": {
- "name": "...",
- "model_id": "...",
- "genre": "...",
- "description": "...",
- }
- }
- :internal_api: update_policy
- """
- try:
- data = PolicyManager.update_policy(
- user_id=user_id, policy_id=uuid, value=request.json)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"policies": data}
-
diff --git a/moonv4/moon_manager/moon_manager/api/rules.py b/moonv4/moon_manager/moon_manager/api/rules.py
deleted file mode 100644
index b25365df..00000000
--- a/moonv4/moon_manager/moon_manager/api/rules.py
+++ /dev/null
@@ -1,140 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-"""
-Rules (TODO)
-"""
-
-from flask import request
-from flask_restful import Resource
-from oslo_log import log as logging
-from python_moonutilities.security_functions import check_auth
-from python_moondb.core import PolicyManager
-
-__version__ = "0.1.0"
-
-LOG = logging.getLogger("moon.manager.api." + __name__)
-
-
-class Rules(Resource):
- """
- Endpoint for rules requests
- """
-
- __urls__ = ("/policies/<string:uuid>/rules",
- "/policies/<string:uuid>/rules/",
- "/policies/<string:uuid>/rules/<string:rule_id>",
- "/policies/<string:uuid>/rules/<string:rule_id>/",
- )
-
- @check_auth
- def get(self, uuid=None, rule_id=None, user_id=None):
- """Retrieve all rules or a specific one
-
- :param uuid: policy ID
- :param rule_id: rule ID
- :param user_id: user ID who do the request
- :return: {
- "rules": [
- "policy_id": "policy_id1",
- "meta_rule_id": "meta_rule_id1",
- "rule_id1":
- ["subject_data_id1", "object_data_id1", "action_data_id1"],
- "rule_id2":
- ["subject_data_id2", "object_data_id2", "action_data_id2"],
- ]
- }
- :internal_api: get_rules
- """
- try:
- data = PolicyManager.get_rules(user_id=user_id,
- policy_id=uuid,
- rule_id=rule_id)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"rules": data}
-
- @check_auth
- def post(self, uuid=None, rule_id=None, user_id=None):
- """Add a rule to a meta rule
-
- :param uuid: policy ID
- :param rule_id: rule ID
- :param user_id: user ID who do the request
- :request body: post = {
- "meta_rule_id": "meta_rule_id1",
- "rule": ["subject_data_id2", "object_data_id2", "action_data_id2"],
- "instructions": (
- {"decision": "grant"},
- )
- "enabled": True
- }
- :return: {
- "rules": [
- "meta_rule_id": "meta_rule_id1",
- "rule_id1": {
- "rule": ["subject_data_id1",
- "object_data_id1",
- "action_data_id1"],
- "instructions": (
- {"decision": "grant"},
- # "grant" to immediately exit,
- # "continue" to wait for the result of next policy
- # "deny" to deny the request
- )
- }
- "rule_id2": {
- "rule": ["subject_data_id2",
- "object_data_id2",
- "action_data_id2"],
- "instructions": (
- {
- "update": {
- "operation": "add",
- # operations may be "add" or "delete"
- "target": "rbac:role:admin"
- # add the role admin to the current user
- }
- },
- {"chain": {"name": "rbac"}}
- # chain with the policy named rbac
- )
- }
- ]
- }
- :internal_api: add_rule
- """
- args = request.json
- try:
- data = PolicyManager.add_rule(user_id=user_id,
- policy_id=uuid,
- meta_rule_id=args['meta_rule_id'],
- value=args)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"rules": data}
-
- @check_auth
- def delete(self, uuid=None, rule_id=None, user_id=None):
- """Delete one rule linked to a specific sub meta rule
-
- :param uuid: policy ID
- :param rule_id: rule ID
- :param user_id: user ID who do the request
- :return: { "result": true }
- :internal_api: delete_rule
- """
- try:
- data = PolicyManager.delete_rule(
- user_id=user_id, policy_id=uuid, rule_id=rule_id)
- except Exception as e:
- LOG.error(e, exc_info=True)
- return {"result": False,
- "error": str(e)}, 500
- return {"result": True}
-
diff --git a/moonv4/moon_manager/moon_manager/http_server.py b/moonv4/moon_manager/moon_manager/http_server.py
deleted file mode 100644
index 584e71a2..00000000
--- a/moonv4/moon_manager/moon_manager/http_server.py
+++ /dev/null
@@ -1,157 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-
-from flask import Flask, jsonify
-from flask_cors import CORS, cross_origin
-from flask_restful import Resource, Api
-import logging
-import sqlalchemy.exc
-import time
-from moon_manager import __version__
-from moon_manager.api.generic import Status, Logs, API
-from moon_manager.api.models import Models
-from moon_manager.api.policies import Policies
-from moon_manager.api.pdp import PDP
-from moon_manager.api.meta_rules import MetaRules
-from moon_manager.api.meta_data import SubjectCategories, ObjectCategories, ActionCategories
-from moon_manager.api.perimeter import Subjects, Objects, Actions
-from moon_manager.api.data import SubjectData, ObjectData, ActionData
-from moon_manager.api.assignments import SubjectAssignments, ObjectAssignments, ActionAssignments
-from moon_manager.api.rules import Rules
-# from moon_manager.api.containers import Container
-from python_moonutilities import configuration, exceptions
-from python_moondb.core import PDPManager
-
-
-LOG = logging.getLogger("moon.manager.http")
-
-
-class Server:
- """Base class for HTTP server"""
-
- def __init__(self, host="localhost", port=80, api=None, **kwargs):
- """Run a server
-
- :param host: hostname of the server
- :param port: port for the running server
- :param kwargs: optional parameters
- :return: a running server
- """
- self._host = host
- self._port = port
- self._api = api
- self._extra = kwargs
-
- @property
- def host(self):
- return self._host
-
- @host.setter
- def host(self, name):
- self._host = name
-
- @host.deleter
- def host(self):
- self._host = ""
-
- @property
- def port(self):
- return self._port
-
- @port.setter
- def port(self, number):
- self._port = number
-
- @port.deleter
- def port(self):
- self._port = 80
-
- def run(self):
- raise NotImplementedError()
-
-__API__ = (
- Status, Logs, API,
- MetaRules, SubjectCategories, ObjectCategories, ActionCategories,
- Subjects, Objects, Actions,
- SubjectAssignments, ObjectAssignments, ActionAssignments,
- SubjectData, ObjectData, ActionData,
- Rules, #Container,
- Models, Policies, PDP
- )
-
-
-class Root(Resource):
- """
- The root of the web service
- """
- __urls__ = ("/", )
- __methods = ("get", "post", "put", "delete", "options")
-
- def get(self):
- tree = {"/": {"methods": ("get",), "description": "List all methods for that service."}}
- for item in __API__:
- tree[item.__name__] = {"urls": item.__urls__}
- _methods = []
- for _method in self.__methods:
- if _method in dir(item):
- _methods.append(_method)
- tree[item.__name__]["methods"] = _methods
- tree[item.__name__]["description"] = item.__doc__.strip()
- return {
- "version": __version__,
- "tree": tree
- }
-
-
-class HTTPServer(Server):
-
- def __init__(self, host="localhost", port=80, **kwargs):
- super(HTTPServer, self).__init__(host=host, port=port, **kwargs)
- self.app = Flask(__name__)
- conf = configuration.get_configuration("components/manager")
- self.manager_hostname = conf["components/manager"].get("hostname", "manager")
- self.manager_port = conf["components/manager"].get("port", 80)
- #Todo : specify only few urls instead of *
- CORS(self.app)
- self.api = Api(self.app)
- self.__set_route()
- self.__hook_errors()
-
- def __hook_errors(self):
-
- def get_404_json(e):
- return jsonify({"result": False, "code": 404, "description": str(e)}), 404
- self.app.register_error_handler(404, get_404_json)
-
- def get_400_json(e):
- return jsonify({"result": False, "code": 400, "description": str(e)}), 400
- self.app.register_error_handler(400, lambda e: get_400_json)
- self.app.register_error_handler(403, exceptions.AuthException)
-
- def __set_route(self):
- self.api.add_resource(Root, '/')
-
- for api in __API__:
- self.api.add_resource(api, *api.__urls__)
-
- @staticmethod
- def __check_if_db_is_up():
- first = True
- while True:
- try:
- PDPManager.get_pdp(user_id="admin", pdp_id=None)
- except sqlalchemy.exc.ProgrammingError:
- time.sleep(1)
- if first:
- LOG.warning("Waiting for the database...")
- first = False
- else:
- LOG.warning("Database is up, resuming operations...")
- break
-
- def run(self):
- self.__check_if_db_is_up()
- self.app.run(debug=True, host=self._host, port=self._port) # nosec
-
diff --git a/moonv4/moon_manager/moon_manager/server.py b/moonv4/moon_manager/moon_manager/server.py
deleted file mode 100644
index bcc52cb3..00000000
--- a/moonv4/moon_manager/moon_manager/server.py
+++ /dev/null
@@ -1,38 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-
-import os
-from oslo_config import cfg
-from oslo_log import log as logging
-from python_moonutilities import configuration, exceptions
-from moon_manager.http_server import HTTPServer
-
-LOG = logging.getLogger("moon.manager")
-CONF = cfg.CONF
-DOMAIN = "moon_manager"
-
-__CWD__ = os.path.dirname(os.path.abspath(__file__))
-
-
-def main():
- configuration.init_logging()
- try:
- conf = configuration.get_configuration("components/manager")
- hostname = conf["components/manager"].get("hostname", "manager")
- port = conf["components/manager"].get("port", 80)
- bind = conf["components/manager"].get("bind", "127.0.0.1")
- except exceptions.ConsulComponentNotFound:
- hostname = "manager"
- bind = "127.0.0.1"
- port = 80
- configuration.add_component(uuid="manager", name=hostname, port=port, bind=bind)
- LOG.info("Starting server with IP {} on port {} bind to {}".format(hostname, port, bind))
- server = HTTPServer(host=bind, port=port)
- return server
-
-
-if __name__ == '__main__':
- server = main()
- server.run()