diff options
author | asteroide <thomas.duval@orange.com> | 2017-05-15 14:19:43 +0200 |
---|---|---|
committer | asteroide <thomas.duval@orange.com> | 2017-05-15 14:19:43 +0200 |
commit | 019b10d95976bb80bcce60ee93099b0fd57fcab5 (patch) | |
tree | 9e2b5c68dd8dadfc97346b77bf5549edbdf2c57a /moonv4/moon_secrouter | |
parent | 80ca346a4cb183a6a1e684f6d8a9e19e3fc55d0e (diff) |
Update Moon engine to allow a session policy
Change-Id: I63a80597710f08a6641e159cc2306d3cc68b1240
Diffstat (limited to 'moonv4/moon_secrouter')
-rw-r--r-- | moonv4/moon_secrouter/moon_secrouter/api/route.py | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/moonv4/moon_secrouter/moon_secrouter/api/route.py b/moonv4/moon_secrouter/moon_secrouter/api/route.py index ccdff08b..7cce1353 100644 --- a/moonv4/moon_secrouter/moon_secrouter/api/route.py +++ b/moonv4/moon_secrouter/moon_secrouter/api/route.py @@ -200,7 +200,12 @@ class Cache(object): for container_id, container_values, in CACHE.containers.items(): for container_value in container_values: if container_value["meta_rule_id"] == meta_rule_id: - container_ids.append(container_value["container_id"]) + container_ids.append( + { + "container_id": container_value["container_id"], + "genre": container_value["genre"] + } + ) break self.__CONTAINER_CHAINING[keystone_project_id] = container_ids @@ -227,7 +232,7 @@ CACHE = Cache() class AuthzRequest: result = None - req_max_delay = 5 + req_max_delay = 2 def __init__(self, ctx, args): self.ctx = ctx @@ -235,7 +240,7 @@ class AuthzRequest: self.request_id = ctx["request_id"] self.container_chaining = CACHE.container_chaining[self.ctx['id']] ctx["container_chaining"] = copy.deepcopy(self.container_chaining) - self.pdp_container = str(self.container_chaining[0]) + self.pdp_container = self.container_chaining[0]["container_id"] self.run() def run(self): @@ -256,8 +261,16 @@ class AuthzRequest: for key in self.result["pdp_set"]: if "effect" in self.result["pdp_set"][key]: if self.result["pdp_set"][key]["effect"] == "grant": + # the pdp is a authorization PDP and grant the request + authz_results.append(True) + elif self.result["pdp_set"][key]["effect"] == "passed": + # the pdp is not a authorization PDP (session or delegation) and had run normally + authz_results.append(True) + elif self.result["pdp_set"][key]["effect"] == "unset": + # the pdp is not a authorization PDP (session or delegation) and had not yep run authz_results.append(True) else: + # the pdp is (or not) a authorization PDP and had run badly authz_results.append(False) if list(itertools.accumulate(authz_results, lambda x, y: x & y))[-1]: self.result["pdp_set"]["effect"] = "grant" |