aboutsummaryrefslogtreecommitdiffstats
path: root/moonv4
diff options
context:
space:
mode:
authorasteroide <thomas.duval@orange.com>2017-07-25 17:45:50 +0200
committerasteroide <thomas.duval@orange.com>2017-07-25 17:45:50 +0200
commit8cbf11c78259540f9a2b0661842bb82558ea2648 (patch)
tree6f3a30a9f88f641857ee540d4a5ec8b0a1bed8b5 /moonv4
parentc4b2b207d99b1e85cc7e7b08b8bb6bcfdf839aaa (diff)
Update to get configuration from the consul and clean the code
Change-Id: I52d554132b6751cf21c7ece21233291f5de37c6c
Diffstat (limited to 'moonv4')
-rw-r--r--moonv4/moon_interface/moon_interface/api/assignments.py6
-rw-r--r--moonv4/moon_interface/moon_interface/api/authz.py5
-rw-r--r--moonv4/moon_interface/moon_interface/api/data.py6
-rw-r--r--moonv4/moon_interface/moon_interface/api/generic.py6
-rw-r--r--moonv4/moon_interface/moon_interface/api/meta_data.py6
-rw-r--r--moonv4/moon_interface/moon_interface/api/meta_rules.py6
-rw-r--r--moonv4/moon_interface/moon_interface/api/models.py6
-rw-r--r--moonv4/moon_interface/moon_interface/api/pdp.py6
-rw-r--r--moonv4/moon_interface/moon_interface/api/perimeter.py6
-rw-r--r--moonv4/moon_interface/moon_interface/api/policies.py6
-rw-r--r--moonv4/moon_interface/moon_interface/api/rules.py6
-rw-r--r--moonv4/moon_interface/moon_interface/http_server.py43
-rw-r--r--moonv4/moon_interface/moon_interface/server.py28
-rw-r--r--moonv4/moon_interface/moon_interface/tools.py79
-rw-r--r--moonv4/moon_interface/requirements.txt3
15 files changed, 44 insertions, 174 deletions
diff --git a/moonv4/moon_interface/moon_interface/api/assignments.py b/moonv4/moon_interface/moon_interface/api/assignments.py
index 34a0ea3f..855a9049 100644
--- a/moonv4/moon_interface/moon_interface/api/assignments.py
+++ b/moonv4/moon_interface/moon_interface/api/assignments.py
@@ -9,15 +9,13 @@ Assignments allow to connect data with elements of perimeter
from flask import request
from flask_restful import Resource
-from oslo_config import cfg
from oslo_log import log as logging
from moon_utilities.security_functions import call
-from moon_interface.tools import check_auth
+from moon_utilities.security_functions import check_auth
__version__ = "0.2.0"
-LOG = logging.getLogger(__name__)
-CONF = cfg.CONF
+LOG = logging.getLogger("moon.interface.api." + __name__)
class SubjectAssignments(Resource):
diff --git a/moonv4/moon_interface/moon_interface/api/authz.py b/moonv4/moon_interface/moon_interface/api/authz.py
index d5242869..69de0f80 100644
--- a/moonv4/moon_interface/moon_interface/api/authz.py
+++ b/moonv4/moon_interface/moon_interface/api/authz.py
@@ -9,15 +9,12 @@ Authz is the endpoint to get authorization response
from uuid import uuid4
import time
from flask_restful import Resource
-from oslo_config import cfg
from oslo_log import log as logging
from moon_utilities.security_functions import call
-from moon_interface.tools import check_auth
__version__ = "0.1.0"
-LOG = logging.getLogger(__name__)
-CONF = cfg.CONF
+LOG = logging.getLogger("moon.interface.api." + __name__)
class Authz(Resource):
diff --git a/moonv4/moon_interface/moon_interface/api/data.py b/moonv4/moon_interface/moon_interface/api/data.py
index e378b3d3..6d959095 100644
--- a/moonv4/moon_interface/moon_interface/api/data.py
+++ b/moonv4/moon_interface/moon_interface/api/data.py
@@ -9,15 +9,13 @@ Data are elements used to create rules
from flask import request
from flask_restful import Resource
-from oslo_config import cfg
from oslo_log import log as logging
from moon_utilities.security_functions import call
-from moon_interface.tools import check_auth
+from moon_utilities.security_functions import check_auth
__version__ = "0.2.0"
-LOG = logging.getLogger(__name__)
-CONF = cfg.CONF
+LOG = logging.getLogger("moon.interface.api." + __name__)
class SubjectData(Resource):
diff --git a/moonv4/moon_interface/moon_interface/api/generic.py b/moonv4/moon_interface/moon_interface/api/generic.py
index d7afd6fb..80e8abff 100644
--- a/moonv4/moon_interface/moon_interface/api/generic.py
+++ b/moonv4/moon_interface/moon_interface/api/generic.py
@@ -7,16 +7,14 @@ Those API are helping API used to manage the Moon platform.
"""
from flask_restful import Resource, request
-from oslo_config import cfg
from oslo_log import log as logging
from moon_utilities.security_functions import call
import moon_interface.api
-from moon_interface.tools import check_auth
+from moon_utilities.security_functions import check_auth
__version__ = "0.1.0"
-LOG = logging.getLogger(__name__)
-CONF = cfg.CONF
+LOG = logging.getLogger("moon.interface.api." + __name__)
class Status(Resource):
diff --git a/moonv4/moon_interface/moon_interface/api/meta_data.py b/moonv4/moon_interface/moon_interface/api/meta_data.py
index 2f115e94..3c933759 100644
--- a/moonv4/moon_interface/moon_interface/api/meta_data.py
+++ b/moonv4/moon_interface/moon_interface/api/meta_data.py
@@ -9,15 +9,13 @@ Meta Data are elements used to create Meta data (skeleton of security policies)
from flask import request
from flask_restful import Resource
-from oslo_config import cfg
from oslo_log import log as logging
from moon_utilities.security_functions import call
-from moon_interface.tools import check_auth
+from moon_utilities.security_functions import check_auth
__version__ = "0.2.0"
-LOG = logging.getLogger(__name__)
-CONF = cfg.CONF
+LOG = logging.getLogger("moon.interface.api." + __name__)
class SubjectCategories(Resource):
diff --git a/moonv4/moon_interface/moon_interface/api/meta_rules.py b/moonv4/moon_interface/moon_interface/api/meta_rules.py
index a3648fbf..85072243 100644
--- a/moonv4/moon_interface/moon_interface/api/meta_rules.py
+++ b/moonv4/moon_interface/moon_interface/api/meta_rules.py
@@ -9,15 +9,13 @@ Meta rules are skeleton for security policies
from flask import request
from flask_restful import Resource
-from oslo_config import cfg
from oslo_log import log as logging
from moon_utilities.security_functions import call
-from moon_interface.tools import check_auth
+from moon_utilities.security_functions import check_auth
__version__ = "0.1.0"
-LOG = logging.getLogger(__name__)
-CONF = cfg.CONF
+LOG = logging.getLogger("moon.interface.api." + __name__)
class MetaRules(Resource):
diff --git a/moonv4/moon_interface/moon_interface/api/models.py b/moonv4/moon_interface/moon_interface/api/models.py
index 66e2e1d8..f905db63 100644
--- a/moonv4/moon_interface/moon_interface/api/models.py
+++ b/moonv4/moon_interface/moon_interface/api/models.py
@@ -8,15 +8,13 @@ Models aggregate multiple meta rules
from flask import request
from flask_restful import Resource
-from oslo_config import cfg
from oslo_log import log as logging
from moon_utilities.security_functions import call
-from moon_interface.tools import check_auth
+from moon_utilities.security_functions import check_auth
__version__ = "0.1.0"
-LOG = logging.getLogger(__name__)
-CONF = cfg.CONF
+LOG = logging.getLogger("moon.interface.api." + __name__)
class Models(Resource):
diff --git a/moonv4/moon_interface/moon_interface/api/pdp.py b/moonv4/moon_interface/moon_interface/api/pdp.py
index 13a76bfa..5316227b 100644
--- a/moonv4/moon_interface/moon_interface/api/pdp.py
+++ b/moonv4/moon_interface/moon_interface/api/pdp.py
@@ -9,15 +9,13 @@ PDP are Policy Decision Point.
from flask import request
from flask_restful import Resource
-from oslo_config import cfg
from oslo_log import log as logging
from moon_utilities.security_functions import call
-from moon_interface.tools import check_auth
+from moon_utilities.security_functions import check_auth
__version__ = "0.1.0"
-LOG = logging.getLogger(__name__)
-CONF = cfg.CONF
+LOG = logging.getLogger("moon.interface.api." + __name__)
class PDP(Resource):
diff --git a/moonv4/moon_interface/moon_interface/api/perimeter.py b/moonv4/moon_interface/moon_interface/api/perimeter.py
index df7b6dd1..177161f6 100644
--- a/moonv4/moon_interface/moon_interface/api/perimeter.py
+++ b/moonv4/moon_interface/moon_interface/api/perimeter.py
@@ -10,15 +10,13 @@
from flask import request
from flask_restful import Resource
-from oslo_config import cfg
from oslo_log import log as logging
from moon_utilities.security_functions import call
-from moon_interface.tools import check_auth
+from moon_utilities.security_functions import check_auth
__version__ = "0.2.0"
-LOG = logging.getLogger(__name__)
-CONF = cfg.CONF
+LOG = logging.getLogger("moon.interface.api." + __name__)
class Subjects(Resource):
diff --git a/moonv4/moon_interface/moon_interface/api/policies.py b/moonv4/moon_interface/moon_interface/api/policies.py
index b9ccb4be..5a84b612 100644
--- a/moonv4/moon_interface/moon_interface/api/policies.py
+++ b/moonv4/moon_interface/moon_interface/api/policies.py
@@ -9,15 +9,13 @@ Policies are instances of security models and implement security policies
from flask import request
from flask_restful import Resource
-from oslo_config import cfg
from oslo_log import log as logging
from moon_utilities.security_functions import call
-from moon_interface.tools import check_auth
+from moon_utilities.security_functions import check_auth
__version__ = "0.1.0"
-LOG = logging.getLogger(__name__)
-CONF = cfg.CONF
+LOG = logging.getLogger("moon.interface.api." + __name__)
class Policies(Resource):
diff --git a/moonv4/moon_interface/moon_interface/api/rules.py b/moonv4/moon_interface/moon_interface/api/rules.py
index 882a7d9f..1111729c 100644
--- a/moonv4/moon_interface/moon_interface/api/rules.py
+++ b/moonv4/moon_interface/moon_interface/api/rules.py
@@ -8,15 +8,13 @@ Rules (TODO)
from flask import request
from flask_restful import Resource
-from oslo_config import cfg
from oslo_log import log as logging
from moon_utilities.security_functions import call
-from moon_interface.tools import check_auth
+from moon_utilities.security_functions import check_auth
__version__ = "0.1.0"
-LOG = logging.getLogger(__name__)
-CONF = cfg.CONF
+LOG = logging.getLogger("moon.interface.api." + __name__)
class Rules(Resource):
diff --git a/moonv4/moon_interface/moon_interface/http_server.py b/moonv4/moon_interface/moon_interface/http_server.py
index b475e141..046337a2 100644
--- a/moonv4/moon_interface/moon_interface/http_server.py
+++ b/moonv4/moon_interface/moon_interface/http_server.py
@@ -3,12 +3,12 @@
# license which can be found in the file 'LICENSE' in this package distribution
# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-from flask import Flask, request
+from flask import Flask
from flask_cors import CORS, cross_origin
-from flask_restful import Resource, Api, reqparse
+from flask_restful import Resource, Api
import logging
from moon_interface import __version__
-from moon_interface.api.generic import Status, Logs, API, InternalAPI
+from moon_interface.api.generic import Status, Logs, API
from moon_interface.api.models import Models
from moon_interface.api.policies import Policies
from moon_interface.api.pdp import PDP
@@ -21,7 +21,7 @@ from moon_interface.api.rules import Rules
from moon_interface.api.authz import Authz
from moon_utilities import exceptions
-logger = logging.getLogger(__name__)
+logger = logging.getLogger("moon.interface.http")
class Server:
@@ -133,41 +133,6 @@ class HTTPServer(Server):
for api in __API__:
self.api.add_resource(api, *api.__urls__)
- # self.api.add_resource(Status, *Status.__urls__)
- # self.api.add_resource(Logs, *Logs.__urls__)
- # self.api.add_resource(API, *API.__urls__)
- # self.api.add_resource(InternalAPI, *InternalAPI.__urls__)
- #
- # self.api.add_resource(InternalAPI, *InternalAPI.__urls__)
- #
- # self.api.add_resource(IntraExtensions, *IntraExtensions.__urls__)
- # self.api.add_resource(SubMetaRuleAlgorithm, *SubMetaRuleAlgorithm.__urls__)
- # self.api.add_resource(AggregationAlgorithm, *AggregationAlgorithm.__urls__)
- #
- # self.api.add_resource(Templates, *Templates.__urls__)
- # self.api.add_resource(SubMetaRuleAlgorithms, *SubMetaRuleAlgorithms.__urls__)
- # self.api.add_resource(AggregationAlgorithms, *AggregationAlgorithms.__urls__)
- #
- # self.api.add_resource(Subjects, *Subjects.__urls__)
- # self.api.add_resource(SubjectCategories, *SubjectCategories.__urls__)
- # self.api.add_resource(SubjectScopes, *SubjectScopes.__urls__)
- # self.api.add_resource(SubjectAssignments, *SubjectAssignments.__urls__)
- #
- # self.api.add_resource(Objects, *Objects.__urls__)
- # self.api.add_resource(ObjectCategories, *ObjectCategories.__urls__)
- # self.api.add_resource(ObjectScopes, *ObjectScopes.__urls__)
- # self.api.add_resource(ObjectAssignments, *ObjectAssignments.__urls__)
- #
- # self.api.add_resource(Actions, *Actions.__urls__)
- # self.api.add_resource(ActionCategories, *ActionCategories.__urls__)
- # self.api.add_resource(ActionScopes, *ActionScopes.__urls__)
- # self.api.add_resource(ActionAssignments, *ActionAssignments.__urls__)
- #
- # self.api.add_resource(Rules, *Rules.__urls__)
- # self.api.add_resource(SubMetaRules, *SubMetaRules.__urls__)
- #
- # self.api.add_resource(Mappings, *Mappings.__urls__)
-
def run(self):
self.app.run(debug=True, host=self._host, port=self._port) # nosec
diff --git a/moonv4/moon_interface/moon_interface/server.py b/moonv4/moon_interface/moon_interface/server.py
index e70cec89..711aa00a 100644
--- a/moonv4/moon_interface/moon_interface/server.py
+++ b/moonv4/moon_interface/moon_interface/server.py
@@ -3,22 +3,28 @@
# license which can be found in the file 'LICENSE' in this package distribution
# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-import os
-from oslo_config import cfg
-from oslo_log import log as logging
-from moon_utilities import options # noqa
+import logging
+from moon_utilities import configuration, exceptions
from moon_interface.http_server import HTTPServer
-LOG = logging.getLogger(__name__)
-CONF = cfg.CONF
-DOMAIN = "moon_interface"
-
-__CWD__ = os.path.dirname(os.path.abspath(__file__))
+LOG = logging.getLogger("moon.interface")
def main():
- LOG.info("Starting server with IP {} on port {}".format(CONF.interface.host, CONF.interface.port))
- server = HTTPServer(host=CONF.interface.host, port=CONF.interface.port)
+ configuration.init_logging()
+ try:
+ conf = configuration.get_configuration("components/interface")
+ LOG.debug("interface.conf={}".format(conf))
+ hostname = conf["components/interface"].get("hostname", "interface")
+ port = conf["components/interface"].get("port", 80)
+ bind = conf["components/interface"].get("bind", "127.0.0.1")
+ except exceptions.ConsulComponentNotFound:
+ hostname = "interface"
+ bind = "127.0.0.1"
+ port = 80
+ configuration.add_component(uuid="interface", name=hostname, port=port, bind=bind)
+ LOG.info("Starting server with IP {} on port {} bind to {}".format(hostname, port, bind))
+ server = HTTPServer(host=bind, port=port)
server.run()
diff --git a/moonv4/moon_interface/moon_interface/tools.py b/moonv4/moon_interface/moon_interface/tools.py
deleted file mode 100644
index 0d43a857..00000000
--- a/moonv4/moon_interface/moon_interface/tools.py
+++ /dev/null
@@ -1,79 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-
-import os
-import requests
-import time
-from functools import wraps
-from flask import request
-from oslo_config import cfg
-from oslo_log import log as logging
-import oslo_messaging
-from moon_utilities import exceptions
-
-
-LOG = logging.getLogger(__name__)
-CONF = cfg.CONF
-
-TOKENS = {}
-
-
-def check_token(token, url=None):
- _verify = False
- if CONF.keystone.server_crt:
- _verify = CONF.keystone.server_crt
- try:
- os.environ.pop("http_proxy")
- os.environ.pop("https_proxy")
- except KeyError:
- pass
- if not url:
- url = CONF.keystone.url
- headers = {
- "Content-Type": "application/json",
- 'X-Subject-Token': token,
- 'X-Auth-Token': token,
- }
- if CONF.keystone.check_token.lower() in ("false", "no", "n"):
- # TODO (asteroide): must send the admin id
- return "admin" if not token else token
- if CONF.keystone.check_token.lower() in ("yes", "y", "true"):
- if token in TOKENS:
- delta = time.mktime(TOKENS[token]["expires_at"]) - time.mktime(time.gmtime())
- if delta > 0:
- return TOKENS[token]["user"]
- raise exceptions.KeystoneError
- else:
- req = requests.get("{}/auth/tokens".format(url), headers=headers, verify=_verify)
- if req.status_code in (200, 201):
- # Note (asteroide): the time stamps is not in ISO 8601, so it is necessary to delete
- # characters after the dot
- token_time = req.json().get("token").get("expires_at").split(".")
- TOKENS[token] = dict()
- TOKENS[token]["expires_at"] = time.strptime(token_time[0], "%Y-%m-%dT%H:%M:%S")
- TOKENS[token]["user"] = req.json().get("token").get("user").get("id")
- return TOKENS[token]["user"]
- LOG.error("{} - {}".format(req.status_code, req.text))
- raise exceptions.KeystoneError
- elif CONF.keystone.check_token.lower() == "strict":
- req = requests.head("{}/auth/tokens".format(url), headers=headers, verify=_verify)
- if req.status_code in (200, 201):
- return token
- LOG.error("{} - {}".format(req.status_code, req.text))
- raise exceptions.KeystoneError
- raise exceptions.KeystoneError
-
-
-def check_auth(function):
- @wraps(function)
- def wrapper(*args, **kwargs):
- token = request.headers.get('X-Auth-Token')
- token = check_token(token)
- if not token:
- raise exceptions.AuthException
- user_id = kwargs.pop("user_id", token)
- result = function(*args, **kwargs, user_id=user_id)
- return result
- return wrapper
diff --git a/moonv4/moon_interface/requirements.txt b/moonv4/moon_interface/requirements.txt
index d851e630..ee4b455e 100644
--- a/moonv4/moon_interface/requirements.txt
+++ b/moonv4/moon_interface/requirements.txt
@@ -5,4 +5,5 @@ vine
flask
flask_restful
flask_cors
-babel \ No newline at end of file
+babel
+moon_utilities \ No newline at end of file