diff options
| author |   Asteroide <thomas.duval@orange.com> | 2018-10-05 15:01:17 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <gerrit@opnfv.org> | 2018-10-05 15:01:17 +0000 |
| commit | cbea4e360e9bfaa9698cf7c61c83c96a1ba89b8c (patch) | |
| tree | a8bf6a7bfb06605ed5bfab77570afbe1e46cff4b /python_moonclient/python_moonclient/core | |
| parent | a3f68df52836676b23ac0f5e3d8c40c957ee80a7 (diff) | |
| parent | 2e35a7e46f0929438c1c206e3116caa829f07dc6 (diff) | |
Merge "Update code to 4.6 official version"
Diffstat (limited to 'python_moonclient/python_moonclient/core')
10 files changed, 240 insertions, 180 deletions
diff --git a/python_moonclient/python_moonclient/core/authz.py b/python_moonclient/python_moonclient/core/authz.py index 7bf9b57b..d331004c 100644 --- a/python_moonclient/python_moonclient/core/authz.py +++ b/python_moonclient/python_moonclient/core/authz.py @@ -1,19 +1,19 @@ +from uuid import uuid4 import copy import logging import threading -import requests import time import json import random -from uuid import uuid4 +import requests HOST_MANAGER = None PORT_MANAGER = None HOST_KEYSTONE = None PORT_KEYSTONE = None -lock = threading.Lock() -logger = logging.getLogger("moonclient.core.authz") +LOCK = threading.Lock() +LOGGER = logging.getLogger("moonclient.core.authz") def _construct_payload(creds, current_rule, enforcer, target): @@ -43,15 +43,16 @@ def _send(url, data=None, stress_test=False): try: if stress_test: current_request['start'] = time.time() - # with lock: + # with LOCK: res = requests.get(url) current_request['end'] = time.time() current_request['delta'] = current_request["end"] - current_request["start"] else: - with lock: + with LOCK: current_request['start'] = time.time() if data: - data, _ = _construct_payload(data['credentials'], data['rule'], True, data['target']) + data, _ = _construct_payload(data['credentials'], data['rule'], True, + data['target']) res = requests.post(url, json=data, headers={'content-type': "application/x-www-form-urlencode"} ) @@ -60,34 +61,34 @@ def _send(url, data=None, stress_test=False): current_request['end'] = time.time() current_request['delta'] = current_request["end"] - current_request["start"] except requests.exceptions.ConnectionError: - logger.warning("Unable to connect to server") + LOGGER.warning("Unable to connect to server") return {} if not stress_test: try: j = res.json() if res.status_code == 200: - logger.warning("\033[1m{}\033[m \033[32mGrant\033[m".format(url)) + LOGGER.warning("\033[1m{}\033[m \033[32mGrant\033[m".format(url)) elif res.status_code == 401: - logger.warning("\033[1m{}\033[m \033[31mDeny\033[m".format(url)) + LOGGER.warning("\033[1m{}\033[m \033[31mDeny\033[m".format(url)) else: - logger.error("\033[1m{}\033[m {} {}".format(url, res.status_code, res.text)) + LOGGER.error("\033[1m{}\033[m {} {}".format(url, res.status_code, res.text)) except Exception as e: if res.text == "True": - logger.warning("\033[1m{}\033[m \033[32mGrant\033[m".format(url)) + LOGGER.warning("\033[1m{}\033[m \033[32mGrant\033[m".format(url)) elif res.text == "False": - logger.warning("\033[1m{}\033[m \033[31mDeny\033[m".format(url)) + LOGGER.warning("\033[1m{}\033[m \033[31mDeny\033[m".format(url)) else: - logger.error("\033[1m{}\033[m {} {}".format(url, res.status_code, res.text)) - logger.exception(e) - logger.error(res.text) + LOGGER.error("\033[1m{}\033[m {} {}".format(url, res.status_code, res.text)) + LOGGER.exception(e) + LOGGER.error(res.text) else: if j.get("result"): # logger.warning("{} \033[32m{}\033[m".format(url, j.get("result"))) - logger.debug("{}".format(j.get("error", ""))) + LOGGER.debug("{}".format(j.get("error", ""))) current_request['result'] = "Grant" else: # logger.warning("{} \033[31m{}\033[m".format(url, "Deny")) - logger.debug("{}".format(j)) + LOGGER.debug("{}".format(j)) current_request['result'] = "Deny" return current_request @@ -110,35 +111,37 @@ class AsyncGet(threading.Thread): self.result['index'] = self.index -def send_requests(scenario, authz_host, authz_port, keystone_project_id, request_second=1, limit=500, +def send_requests(scenario, authz_host, authz_port, keystone_project_id, request_second=1, + limit=500, dry_run=None, stress_test=False, destination="wrapper"): backgrounds = [] time_data = list() start_timing = time.time() request_cpt = 0 - SUBJECTS = tuple(scenario.subjects.keys()) - OBJECTS = tuple(scenario.objects.keys()) - ACTIONS = tuple(scenario.actions.keys()) + subjects = tuple(scenario.subjects.keys()) + objects = tuple(scenario.objects.keys()) + actions = tuple(scenario.actions.keys()) while request_cpt < limit: - rule = (random.choice(SUBJECTS), random.choice(OBJECTS), random.choice(ACTIONS)) + rule = (random.choice(subjects), random.choice(objects), random.choice(actions)) if destination.lower() == "wrapper": url = "http://{}:{}/authz/oslo".format(authz_host, authz_port) data = { 'target': { - "user_id": random.choice(SUBJECTS), + "user_id": random.choice(subjects), "target": { - "name": random.choice(OBJECTS) + "name": random.choice(objects) }, "project_id": keystone_project_id }, 'credentials': None, - 'rule': random.choice(ACTIONS) + 'rule': random.choice(actions) } else: - url = "http://{}:{}/authz/{}/{}".format(authz_host, authz_port, keystone_project_id, "/".join(rule)) + url = "http://{}:{}/authz/{}/{}".format(authz_host, authz_port, keystone_project_id, + "/".join(rule)) data = None if dry_run: - logger.info(url) + LOGGER.info(url) continue request_cpt += 1 if stress_test: @@ -150,9 +153,9 @@ def send_requests(scenario, authz_host, authz_port, keystone_project_id, request background.start() if request_second > 0: if request_cpt % request_second == 0: - if time.time()-start_timing < 1: + if time.time() - start_timing < 1: while True: - if time.time()-start_timing > 1: + if time.time() - start_timing > 1: break start_timing = time.time() if not stress_test: @@ -175,4 +178,3 @@ def get_delta(time_data): time_delta_sum1 += item['delta'] time_delta_average1 = time_delta_sum1 / len(time_data) return time_delta, time_delta_average1 - diff --git a/python_moonclient/python_moonclient/core/check_tools.py b/python_moonclient/python_moonclient/core/check_tools.py index 8138f54e..381e92c7 100644 --- a/python_moonclient/python_moonclient/core/check_tools.py +++ b/python_moonclient/python_moonclient/core/check_tools.py @@ -10,16 +10,19 @@ def check_optionnal_result(result): def check_result(result): if type(result) is not dict or "result" not in result: - raise MoonCliException("Unexpected request result. It should be a dictionnary with a 'result' entry") + raise MoonCliException( + "Unexpected request result. It should be a dictionnary with a 'result' entry") if result["result"] is None: raise MoonCliException("Unexpected request result. The 'result' entry shall not be null") def _check_generic_in_result(field, result, check_not_null=False): if type(field) is not str or type(result) is not dict or field not in result: - raise MoonCliException("Unexpected request result. It should be a dictionnary with a '{}' entry".format(field)) + raise MoonCliException( + "Unexpected request result. It should be a dictionnary with a '{}' entry".format(field)) if check_not_null is True and result[field] is None: - raise MoonCliException("Unexpected request result. The '{}' entry shall not be null".format(field)) + raise MoonCliException( + "Unexpected request result. The '{}' entry shall not be null".format(field)) def check_slaves_in_result(result): @@ -93,13 +96,17 @@ def check_pdp_id(pdp_id, result): def _check_generic_name(field, name, field_elt_id, result, do_check_name=True): if type(field) is str: if result[field] is None: - raise MoonCliException("Unexpected request result : {} shall not be empty".format(field)) + raise MoonCliException( + "Unexpected request result : {} shall not be empty".format(field)) if field_elt_id not in result[field]: raise MoonCliException("Unexpected request result. Unknown {} id".format(field)) if "name" not in result[field][field_elt_id]: - raise MoonCliException("Unexpected request result : {} with id {} has no name".format(field, field_elt_id)) + raise MoonCliException( + "Unexpected request result : {} with id {} has no name".format(field, field_elt_id)) if do_check_name and name != result[field][field_elt_id]["name"]: - raise MoonCliException("Unexpected request result : {} with id {} has a bad name. Expected {}".format(field, field_elt_id, name)) + raise MoonCliException( + "Unexpected request result : {} with id {} has a bad name. Expected {}".format( + field, field_elt_id, name)) def check_model_name(name, model_id, result, do_check_name): @@ -159,7 +166,9 @@ def check_acat_id_in_dict(acat_id, in_dict): def check_policy_id_in_pipeline(policy_id, pipeline): if policy_id not in pipeline: - raise MoonCliException("Unexpected request result. The policy id {} shall be in the pipeline".format(policy_id)) + raise MoonCliException( + "Unexpected request result. The policy id {} shall be in the pipeline".format( + policy_id)) def _check_generic_policy_in_dict(field, policy_id, in_dict): @@ -167,10 +176,12 @@ def _check_generic_policy_in_dict(field, policy_id, in_dict): if policy_id is not None: if "policy_list" not in in_dict: raise MoonCliException( - "Unexpected request result. The policy list of the {} shall not be empty".format(field)) + "Unexpected request result. The policy list of the {} shall not be empty".format( + field)) if policy_id not in in_dict["policy_list"]: raise MoonCliException( - "Unexpected request result. The policy with id {} shall be in the {}".format(policy_id, field)) + "Unexpected request result. The policy with id {} shall be in the {}".format( + policy_id, field)) def check_subject_policy(policy_id, in_dict): @@ -188,14 +199,19 @@ def check_action_policy(policy_id, in_dict): def _check_generic_elt_id(field1, field1_id, field2, field2_id, result): if type(field1) is str and type(field2) is str: if result[field1] is None: - raise MoonCliException("Unexpected request result: {} shall not be empty".format(field1)) + raise MoonCliException( + "Unexpected request result: {} shall not be empty".format(field1)) if field1_id not in result[field1]: raise MoonCliException("Unexpected request result. Unknown {} with id".format(field1)) if field2 not in result[field1][field1_id]: - raise MoonCliException("Unexpected request result. {} element with id {} has no {} field".format(field1, field1_id, field2)) + raise MoonCliException( + "Unexpected request result. {} element with id {} has no {} field".format(field1, + field1_id, + field2)) if field2_id != result[field1][field1_id][field2]: raise MoonCliException( - "Unexpected request result. {} element with id {} has a bad {} id. Expected {}".format(field1, field1_id, field2, field2_id)) + "Unexpected request result. {} element with id {} has a bad {} id. Expected {}".format( + field1, field1_id, field2, field2_id)) def check_policy_model_id(model_id, policy_id, result): @@ -213,7 +229,8 @@ def check_subject_description(description, in_dict): "Unexpected request result. The description of the subject shall not be empty") if description not in in_dict["description"]: raise MoonCliException( - "Unexpected request result. The description {} shall be in the subject".format(description)) + "Unexpected request result. The description {} shall be in the subject".format( + description)) def check_meta_rules_list_in_model(meta_rule_list, model_id, result): @@ -222,9 +239,13 @@ def check_meta_rules_list_in_model(meta_rule_list, model_id, result): if model_id not in result['models']: raise MoonCliException("Unexpected request result. Unknown Model id") if "meta_rules" not in result['models'][model_id]: - raise MoonCliException("Unexpected request result. Meta rules related to model with id {} are empty".format(model_id)) + raise MoonCliException( + "Unexpected request result. Meta rules related to model with id {} are empty".format( + model_id)) if meta_rule_list != result['models'][model_id]["meta_rules"]: - raise MoonCliException("Unexpected request result. Meta rule of model with id {} are different from those expected".format(model_id)) + raise MoonCliException( + "Unexpected request result. Meta rule of model with id {} are different from those expected".format( + model_id)) def check_name_in_slaves(name, slaves): @@ -235,10 +256,11 @@ def check_name_in_slaves(name, slaves): raise MoonCliException("The slave '{}' was not found !".format(name)) -def _check_generic_data_data(field,result): +def _check_generic_data_data(field, result): if type(field) is str: if field not in result: - raise MoonCliException("Unexpected request result. The {} field shall be in result".format(field)) + raise MoonCliException( + "Unexpected request result. The {} field shall be in result".format(field)) # if "data" not in resulti[field]: # raise MoonCliException("Unexpected request result. The data field shall be in result['{}']".format(field)) @@ -248,7 +270,8 @@ def _check_id_in_generic_data_data(field, data_id, result): _check_generic_data_data(field, result) for _data in result[field]: if data_id not in list(_data['data'].keys()): - raise MoonCliException("Unexpected request result. Data id {} not in {}".format(data_id, field)) + raise MoonCliException( + "Unexpected request result. Data id {} not in {}".format(data_id, field)) def _check_id_not_in_generic_data_data(field, data_id, result): @@ -256,14 +279,18 @@ def _check_id_not_in_generic_data_data(field, data_id, result): _check_generic_data_data(field, result) for _data in result[field]: if data_id in list(_data['data'].keys()): - raise MoonCliException("Unexpected request result. Data id {} shall not be in {}".format(data_id, field)) + raise MoonCliException( + "Unexpected request result. Data id {} shall not be in {}".format(data_id, + field)) def _check_category_in_generic_data_data(field, category_id, result): _check_generic_data_data(field, result) for _data in result[field]: if category_id != _data["category_id"]: - raise MoonCliException("Unexpected request result. Category id {} not in {} data".format(category_id, field)) + raise MoonCliException( + "Unexpected request result. Category id {} not in {} data".format(category_id, + field)) def check_subject_data_data(result): @@ -314,74 +341,92 @@ def check_category_id_in_action_data_data(category_id, result): _check_category_in_generic_data_data('action_data', category_id, result) -def _check_generic_assignments(field, field_id_name, field_id, field_cat_id, field_data_id, result): +def _check_generic_assignments(field, field_id_name, field_id, field_cat_id, field_data_id, result): if type(field) is str and type(field_id_name) is str: for key in result[field]: if field_id_name not in result[field][key]: - raise MoonCliException("Unexpected request result. subject_id not in result[{}] data".format(field)) + raise MoonCliException( + "Unexpected request result. subject_id not in result[{}] data".format(field)) if "category_id" not in result[field][key]: - raise MoonCliException("Unexpected request result. category_id not in result[{}] data".format(field)) + raise MoonCliException( + "Unexpected request result. category_id not in result[{}] data".format(field)) if "assignments" not in result[field][key]: - raise MoonCliException("Unexpected request result. assignments not in result[{}] data".format(field)) + raise MoonCliException( + "Unexpected request result. assignments not in result[{}] data".format(field)) if result[field][key][field_id_name] == field_id and \ result[field][key]["category_id"] == field_cat_id: if field_data_id not in result[field][key]["assignments"]: raise MoonCliException( - "Unexpected request result. {} data with id {} not in result[{}][]['assignements'] data".format(field, field_data_id, field)) + "Unexpected request result. {} data with id {} not in result[{}][]['assignements'] data".format( + field, field_data_id, field)) def check_subject_assignements(subject_id, subject_act_id, subject_data_id, result): - _check_generic_assignments("subject_assignments", "subject_id", subject_id, subject_act_id, subject_data_id, result) + _check_generic_assignments("subject_assignments", "subject_id", subject_id, subject_act_id, + subject_data_id, result) def check_object_assignements(object_id, object_act_id, object_data_id, result): - _check_generic_assignments("object_assignments", "object_id", object_id, object_act_id, object_data_id, result) + _check_generic_assignments("object_assignments", "object_id", object_id, object_act_id, + object_data_id, result) def check_action_assignements(action_id, action_act_id, action_data_id, result): - _check_generic_assignments("action_assignments", "action_id", action_id, action_act_id, action_data_id, result) + _check_generic_assignments("action_assignments", "action_id", action_id, action_act_id, + action_data_id, result) -def _check_not_generic_assignments(field, field_id_name, field_id, field_cat_id, field_data_id, result): +def _check_not_generic_assignments(field, field_id_name, field_id, field_cat_id, field_data_id, + result): if type(field) is str and type(field_id_name) is str: for key in result[field]: if field_id_name not in result[field][key]: - raise MoonCliException("Unexpected request result. subject_id not in result[{}] data".format(field)) + raise MoonCliException( + "Unexpected request result. subject_id not in result[{}] data".format(field)) if "category_id" not in result[field][key]: - raise MoonCliException("Unexpected request result. category_id not in result[{}] data".format(field)) + raise MoonCliException( + "Unexpected request result. category_id not in result[{}] data".format(field)) if "assignments" not in result[field][key]: - raise MoonCliException("Unexpected request result. assignments not in result[{}] data".format(field)) + raise MoonCliException( + "Unexpected request result. assignments not in result[{}] data".format(field)) if result[field][key]['subject_id'] == field_id and \ result[field][key]["category_id"] == field_cat_id: if field_data_id in result[field][key]["assignments"]: raise MoonCliException( - "Unexpected request result. {} data with id {} shall not be in result[{}][]['assignements'] data".format(field, field_data_id, field)) + "Unexpected request result. {} data with id {} shall not be in result[{}][]['assignements'] data".format( + field, field_data_id, field)) def check_not_subject_assignements(subject_id, subject_act_id, subject_data_id, result): - _check_not_generic_assignments("subject_assignments", "subject_id", subject_id, subject_act_id, subject_data_id, result) + _check_not_generic_assignments("subject_assignments", "subject_id", subject_id, subject_act_id, + subject_data_id, result) def check_not_object_assignements(object_id, object_act_id, object_data_id, result): - _check_not_generic_assignments("object_assignments", "object_id", object_id, object_act_id, object_data_id, result) + _check_not_generic_assignments("object_assignments", "object_id", object_id, object_act_id, + object_data_id, result) def check_not_action_assignements(action_id, action_act_id, action_data_id, result): - _check_not_generic_assignments("action_assignments", "action_id", action_id, action_act_id, action_data_id, result) + _check_not_generic_assignments("action_assignments", "action_id", action_id, action_act_id, + action_data_id, result) def check_policy_id_in_dict(policy_id, in_dict): if "policy_id" not in in_dict: raise MoonCliException("Unexpected request result. policy_id not in result") if policy_id != in_dict["policy_id"]: - raise MoonCliException("Unexpected request result. Bad policy id in result, expected {}".format(policy_id)) + raise MoonCliException( + "Unexpected request result. Bad policy id in result, expected {}".format(policy_id)) def check_meta_rule_id_in_dict(meta_rule_id, in_dict): if "meta_rule_id" not in in_dict: raise MoonCliException("Unexpected request result. meta_rule_id not in result") if meta_rule_id != in_dict["meta_rule_id"]: - raise MoonCliException("Unexpected request result. Bad meta rule id in result, expected {}".format(meta_rule_id)) + raise MoonCliException( + "Unexpected request result. Bad meta rule id in result, expected {}".format( + meta_rule_id)) def check_rule_in_dict(rule, in_dict): @@ -399,7 +444,8 @@ def check_rule_id_in_list(meta_rule_id, rule_id, rule, in_dict): if meta_rule_id == item["meta_rule_id"]: if rule_id == item["id"]: if rule != item["rule"]: - raise MoonCliException("Unexpected request result. Bad rule in result, expected {}".format(rule)) + raise MoonCliException( + "Unexpected request result. Bad rule in result, expected {}".format(rule)) def check_rule_id_not_in_list(rule_id, in_dict): @@ -408,4 +454,5 @@ def check_rule_id_not_in_list(rule_id, in_dict): if rule_id == item["id"]: found_rule = True if found_rule is True: - raise MoonCliException("Unexpected request result. Rule with id {} shall not be in result".format(rule_id))
\ No newline at end of file + raise MoonCliException( + "Unexpected request result. Rule with id {} shall not be in result".format(rule_id)) diff --git a/python_moonclient/python_moonclient/core/cli_exceptions.py b/python_moonclient/python_moonclient/core/cli_exceptions.py index 2ec2ed18..01fd23e0 100644 --- a/python_moonclient/python_moonclient/core/cli_exceptions.py +++ b/python_moonclient/python_moonclient/core/cli_exceptions.py @@ -1,7 +1,4 @@ class MoonCliException(Exception): def __init__(self, message): - # Call the base class constructor with the parameters it needs super(MoonCliException, self).__init__(message) - - diff --git a/python_moonclient/python_moonclient/core/config.py b/python_moonclient/python_moonclient/core/config.py index f8e3fe29..c123499b 100644 --- a/python_moonclient/python_moonclient/core/config.py +++ b/python_moonclient/python_moonclient/core/config.py @@ -14,11 +14,10 @@ def get_configuration(consul_host, consul_port, key): if len(data) == 1: data = data[0] return {data["Key"]: json.loads(base64.b64decode(data["Value"]).decode("utf-8"))} - else: - return [ - {item["Key"]: json.loads(base64.b64decode(item["Value"]).decode("utf-8"))} - for item in data - ] + return [ + {item["Key"]: json.loads(base64.b64decode(item["Value"]).decode("utf-8"))} + for item in data + ] def get_config_data(consul_host, consul_port): @@ -31,9 +30,9 @@ def get_config_data(consul_host, consul_port): 'components/manager')['components/manager']['external']['port'] try: requests.get("http://{}:{}/".format( - conf_data['manager_host'], - conf_data['manager_port'] - ), + conf_data['manager_host'], + conf_data['manager_port'] + ), timeout=2) except requests.exceptions.ConnectionError: conf_data['manager_host'] = get_configuration(consul_host, consul_port, @@ -54,9 +53,12 @@ def get_config_data(consul_host, consul_port): 'openstack/keystone')['openstack/keystone']['url'] conf_data['keystone_user'] = get_configuration(consul_host, consul_port, - 'openstack/keystone')['openstack/keystone']['user'] + 'openstack/keystone')['openstack/keystone'][ + 'user'] conf_data['keystone_password'] = get_configuration(consul_host, consul_port, - 'openstack/keystone')['openstack/keystone']['password'] + 'openstack/keystone')['openstack/keystone'][ + 'password'] conf_data['keystone_project'] = get_configuration(consul_host, consul_port, - 'openstack/keystone')['openstack/keystone']['project'] + 'openstack/keystone')['openstack/keystone'][ + 'project'] return conf_data diff --git a/python_moonclient/python_moonclient/core/json_export.py b/python_moonclient/python_moonclient/core/json_export.py index 53c1b1f0..edaeb177 100644 --- a/python_moonclient/python_moonclient/core/json_export.py +++ b/python_moonclient/python_moonclient/core/json_export.py @@ -1,14 +1,14 @@ import logging -import requests import copy +import requests from python_moonclient.core import config - -logger = logging.getLogger("moonclient.core.export_json") +LOGGER = logging.getLogger("moonclient.core.export_json") URL = None HEADERS = None + def init(consul_host, consul_port): conf_data = config.get_config_data(consul_host, consul_port) global URL, HEADERS @@ -23,4 +23,4 @@ def export_to_json(): req = requests.get(URL.format("/export")) req.raise_for_status() result = req.json() - return result
\ No newline at end of file + return result diff --git a/python_moonclient/python_moonclient/core/json_import.py b/python_moonclient/python_moonclient/core/json_import.py index a724476b..b65ec39b 100644 --- a/python_moonclient/python_moonclient/core/json_import.py +++ b/python_moonclient/python_moonclient/core/json_import.py @@ -3,12 +3,12 @@ import requests import copy from python_moonclient.core import config - -logger = logging.getLogger("moonclient.core.import_json") +LOGGER = logging.getLogger("moonclient.core.import_json") URL = None HEADERS = None + def init(consul_host, consul_port): conf_data = config.get_config_data(consul_host, consul_port) global URL, HEADERS @@ -23,7 +23,7 @@ def import_json(file_name): files = {'file': open(file_name, 'rb')} req = requests.post(URL.format("/import"), files=files) result = req.json() - if isinstance(result,dict) and "message" in result: + if isinstance(result, dict) and "message" in result: req.reason = result["message"] req.raise_for_status() - return result
\ No newline at end of file + return result diff --git a/python_moonclient/python_moonclient/core/models.py b/python_moonclient/python_moonclient/core/models.py index 709b4a7a..8d3c8858 100644 --- a/python_moonclient/python_moonclient/core/models.py +++ b/python_moonclient/python_moonclient/core/models.py @@ -1,11 +1,10 @@ import logging -import requests import copy +import requests from python_moonclient.core import config from python_moonclient.core.check_tools import * -logger = logging.getLogger("moonclient.core.models") - +LOGGER = logging.getLogger("moonclient.core.models") URL = None HEADERS = None @@ -241,17 +240,17 @@ def add_meta_rule_to_model(model_id, meta_rule_id): def create_model(scenario, model_id=None): - logger.info("Creating model {}".format(scenario.model_name)) + LOGGER.info("Creating model {}".format(scenario.model_name)) if not model_id: - logger.info("Add model") + LOGGER.info("Add model") model_id = add_model(name=scenario.model_name) - logger.info("Add subject categories") + LOGGER.info("Add subject categories") for cat in scenario.subject_categories: scenario.subject_categories[cat] = add_subject_category(name=cat) - logger.info("Add object categories") + LOGGER.info("Add object categories") for cat in scenario.object_categories: scenario.object_categories[cat] = add_object_category(name=cat) - logger.info("Add action categories") + LOGGER.info("Add action categories") for cat in scenario.action_categories: scenario.action_categories[cat] = add_action_category(name=cat) sub_cat = [] @@ -272,7 +271,7 @@ def create_model(scenario, model_id=None): meta_rule_id = _meta_rule_id break else: - logger.info("Add meta rule") + LOGGER.info("Add meta rule") meta_rule_id = add_meta_rule(item_name, sub_cat, ob_cat, act_cat) item_value["id"] = meta_rule_id if meta_rule_id not in meta_rule_list: diff --git a/python_moonclient/python_moonclient/core/pdp.py b/python_moonclient/python_moonclient/core/pdp.py index 4e9e404c..f67a4d01 100644 --- a/python_moonclient/python_moonclient/core/pdp.py +++ b/python_moonclient/python_moonclient/core/pdp.py @@ -4,8 +4,7 @@ import requests from python_moonclient.core import config from python_moonclient.core.check_tools import * - -logger = logging.getLogger("python_moonclient.core.pdp") +LOGGER = logging.getLogger("python_moonclient.core.pdp") URL = None HEADERS = None @@ -14,7 +13,6 @@ KEYSTONE_PASSWORD = None KEYSTONE_PROJECT = None KEYSTONE_SERVER = None - pdp_template = { "name": "test_pdp", "security_pipeline": [], @@ -63,11 +61,11 @@ def get_keystone_projects(): } req = requests.post("{}/auth/tokens".format(KEYSTONE_SERVER), json=data_auth, headers=HEADERS) - logger.debug("{}/auth/tokens".format(KEYSTONE_SERVER)) - logger.debug(req.text) + LOGGER.debug("{}/auth/tokens".format(KEYSTONE_SERVER)) + LOGGER.debug(req.text) req.raise_for_status() - TOKEN = req.headers['X-Subject-Token'] - HEADERS['X-Auth-Token'] = TOKEN + token = req.headers['X-Subject-Token'] + HEADERS['X-Auth-Token'] = token req = requests.get("{}/projects".format(KEYSTONE_SERVER), headers=HEADERS) if req.status_code not in (200, 201): data_auth["auth"]["scope"] = { @@ -78,10 +76,11 @@ def get_keystone_projects(): } } } - req = requests.post("{}/auth/tokens".format(KEYSTONE_SERVER), json=data_auth, headers=HEADERS) + req = requests.post("{}/auth/tokens".format(KEYSTONE_SERVER), json=data_auth, + headers=HEADERS) req.raise_for_status() - TOKEN = req.headers['X-Subject-Token'] - HEADERS['X-Auth-Token'] = TOKEN + token = req.headers['X-Subject-Token'] + HEADERS['X-Auth-Token'] = token req = requests.get("{}/projects".format(KEYSTONE_SERVER), headers=HEADERS) req.raise_for_status() return req.json() @@ -94,21 +93,21 @@ def get_keystone_id(pdp_name): if pdp_name != pdp_value["name"]: continue if pdp_value['security_pipeline'] and pdp_value["keystone_project_id"]: - logger.debug("Found pdp with keystone_project_id={}".format(pdp_value["keystone_project_id"])) + LOGGER.debug( + "Found pdp with keystone_project_id={}".format(pdp_value["keystone_project_id"])) keystone_project_id = pdp_value["keystone_project_id"] if not keystone_project_id: - logger.error("Cannot find PDP with keystone project ID") + LOGGER.error("Cannot find PDP with keystone project ID") sys.exit(1) return keystone_project_id - def check_pdp(pdp_id=None, keystone_project_id=None, moon_url=None): - _URL = URL + _url = URL if moon_url: - _URL = moon_url - req = requests.get(_URL + "/pdp") + _url = moon_url + req = requests.get(_url + "/pdp") req.raise_for_status() result = req.json() check_pdp_in_result(result) @@ -124,8 +123,8 @@ def add_pdp(name="test_pdp", policy_id=None): if policy_id: pdp_template['security_pipeline'].append(policy_id) req = requests.post(URL + "/pdp", json=pdp_template, headers=HEADERS) - logger.debug(req.status_code) - logger.debug(req) + LOGGER.debug(req.status_code) + LOGGER.debug(req) req.raise_for_status() result = req.json() check_pdp_in_result(result) @@ -175,7 +174,7 @@ def delete_pdp(pdp_id): def create_pdp(scenario, policy_id=None, project_id=None): - logger.info("Creating PDP {}".format(scenario.pdp_name)) + LOGGER.info("Creating PDP {}".format(scenario.pdp_name)) projects = get_keystone_projects() # if not project_id: # for _project in projects['projects']: @@ -186,7 +185,9 @@ def create_pdp(scenario, policy_id=None, project_id=None): for pdp_id, pdp_value in pdps.items(): if scenario.pdp_name == pdp_value["name"]: update_pdp(pdp_id, policy_id=policy_id) - logger.debug("Found existing PDP named {} (will add policy {})".format(scenario.pdp_name, policy_id)) + LOGGER.debug( + "Found existing PDP named {} (will add policy {})".format(scenario.pdp_name, + policy_id)) return pdp_id _pdp_id = add_pdp(name=scenario.pdp_name, policy_id=policy_id) # map_to_keystone(pdp_id=_pdp_id, keystone_project_id=project_id) diff --git a/python_moonclient/python_moonclient/core/policies.py b/python_moonclient/python_moonclient/core/policies.py index 46d918aa..b9b05dd8 100644 --- a/python_moonclient/python_moonclient/core/policies.py +++ b/python_moonclient/python_moonclient/core/policies.py @@ -3,7 +3,7 @@ import requests from python_moonclient.core import models, config from python_moonclient.core.check_tools import * -logger = logging.getLogger("moonclient.core.policies") +LOGGER = logging.getLogger("moonclient.core.policies") URL = None HEADERS = None @@ -108,13 +108,13 @@ def delete_policy(policy_id): def add_subject(policy_id=None, name="test_subject"): subject_template['name'] = name if policy_id: - logger.debug(URL.format("/policies/{}/subjects".format(policy_id))) + LOGGER.debug(URL.format("/policies/{}/subjects".format(policy_id))) req = requests.post(URL.format("/policies/{}/subjects".format(policy_id)), json=subject_template, headers=HEADERS) else: - logger.debug(URL.format("/subjects")) + LOGGER.debug(URL.format("/subjects")) req = requests.post(URL.format("/subjects"), json=subject_template, headers=HEADERS) - logger.debug(req.text) + LOGGER.debug(req.text) req.raise_for_status() result = req.json() check_subject_in_result(result) @@ -186,11 +186,12 @@ def add_object(policy_id=None, name="test_object"): def update_object(object_id, policy_id): - req = requests.patch(URL.format("/policies/{}/objects/{}".format(policy_id, object_id)), json={}) + req = requests.patch(URL.format("/policies/{}/objects/{}".format(policy_id, object_id)), + json={}) req.raise_for_status() result = req.json() check_object_in_result(result) - check_object_name(object_template["name"] , object_id, result) + check_object_name(object_template["name"], object_id, result) check_object_policy(policy_id, result["objects"][object_id]) @@ -244,7 +245,8 @@ def add_action(policy_id=None, name="test_action"): def update_action(action_id, policy_id): - req = requests.patch(URL.format("/policies/{}/actions/{}".format(policy_id, action_id)), json={}) + req = requests.patch(URL.format("/policies/{}/actions/{}".format(policy_id, action_id)), + json={}) req.raise_for_status() result = req.json() check_action_in_result(result) @@ -310,8 +312,9 @@ def check_subject_data(policy_id, data_id, category_id): def delete_subject_data(policy_id, category_id, data_id): - req = requests.delete(URL.format("/policies/{}/subject_data/{}/{}".format(policy_id, category_id, data_id)), - headers=HEADERS) + req = requests.delete( + URL.format("/policies/{}/subject_data/{}/{}".format(policy_id, category_id, data_id)), + headers=HEADERS) req.raise_for_status() req = requests.get(URL.format("/policies/{}/subject_data/{}".format(policy_id, category_id))) req.raise_for_status() @@ -340,9 +343,11 @@ def check_object_data(policy_id, data_id, category_id): check_category_id_in_object_data_data(category_id, result) return result + def delete_object_data(policy_id, category_id, data_id): - req = requests.delete(URL.format("/policies/{}/object_data/{}/{}".format(policy_id, category_id, data_id)), - headers=HEADERS) + req = requests.delete( + URL.format("/policies/{}/object_data/{}/{}".format(policy_id, category_id, data_id)), + headers=HEADERS) req.raise_for_status() req = requests.get(URL.format("/policies/{}/object_data/{}".format(policy_id, category_id))) req.raise_for_status() @@ -372,9 +377,11 @@ def check_action_data(policy_id, data_id, category_id): check_category_id_in_action_data_data(category_id, result) return result + def delete_action_data(policy_id, category_id, data_id): - req = requests.delete(URL.format("/policies/{}/action_data/{}/{}".format(policy_id, category_id, data_id)), - headers=HEADERS) + req = requests.delete( + URL.format("/policies/{}/action_data/{}/{}".format(policy_id, category_id, data_id)), + headers=HEADERS) req.raise_for_status() req = requests.get(URL.format("/policies/{}/action_data/{}".format(policy_id, category_id))) req.raise_for_status() @@ -386,10 +393,10 @@ def delete_action_data(policy_id, category_id, data_id): def add_subject_assignments(policy_id, subject_id, subject_cat_id, subject_data_id): req = requests.post(URL.format("/policies/{}/subject_assignments".format(policy_id)), json={ - "id": subject_id, - "category_id": subject_cat_id, - "data_id": subject_data_id - }, headers=HEADERS) + "id": subject_id, + "category_id": subject_cat_id, + "data_id": subject_data_id + }, headers=HEADERS) req.raise_for_status() result = req.json() check_subject_assignment_in_result(result) @@ -425,10 +432,10 @@ def check_action_assignments(policy_id, action_id, action_cat_id, action_data_id def add_object_assignments(policy_id, object_id, object_cat_id, object_data_id): req = requests.post(URL.format("/policies/{}/object_assignments".format(policy_id)), json={ - "id": object_id, - "category_id": object_cat_id, - "data_id": object_data_id - }, headers=HEADERS) + "id": object_id, + "category_id": object_cat_id, + "data_id": object_data_id + }, headers=HEADERS) req.raise_for_status() result = req.json() check_object_assignment_in_result(result) @@ -437,10 +444,10 @@ def add_object_assignments(policy_id, object_id, object_cat_id, object_data_id): def add_action_assignments(policy_id, action_id, action_cat_id, action_data_id): req = requests.post(URL.format("/policies/{}/action_assignments".format(policy_id)), json={ - "id": action_id, - "category_id": action_cat_id, - "data_id": action_data_id - }, headers=HEADERS) + "id": action_id, + "category_id": action_cat_id, + "data_id": action_data_id + }, headers=HEADERS) req.raise_for_status() result = req.json() check_action_assignment_in_result(result) @@ -491,7 +498,8 @@ def delete_action_assignment(policy_id, action_id, action_cat_id, action_data_id check_not_action_assignements(action_id, action_cat_id, action_data_id, result) -def add_rule(policy_id, meta_rule_id, rule, instructions={"chain": [{"security_pipeline": "rbac"}]}): +def add_rule(policy_id, meta_rule_id, rule, + instructions={"chain": [{"security_pipeline": "rbac"}]}): req = requests.post(URL.format("/policies/{}/rules".format(policy_id)), json={ "meta_rule_id": meta_rule_id, @@ -539,8 +547,9 @@ def check_meta_rule(): print(result) return result + def create_policy(scenario, model_id, meta_rule_list): - logger.info("Creating policy {}".format(scenario.policy_name)) + LOGGER.info("Creating policy {}".format(scenario.policy_name)) _policies = check_policy() for _policy_id, _policy_value in _policies["policies"].items(): if _policy_value['name'] == scenario.policy_name: @@ -552,24 +561,24 @@ def create_policy(scenario, model_id, meta_rule_list): update_policy(policy_id, model_id) for meta_rule_id in meta_rule_list: - logger.debug("add_meta_rule_to_model {} {}".format(model_id, meta_rule_id)) + LOGGER.debug("add_meta_rule_to_model {} {}".format(model_id, meta_rule_id)) models.add_meta_rule_to_model(model_id, meta_rule_id) - logger.info("Add subject data") + LOGGER.info("Add subject data") for subject_cat_name in scenario.subject_data: for subject_data_name in scenario.subject_data[subject_cat_name]: data_id = scenario.subject_data[subject_cat_name][subject_data_name] = add_subject_data( policy_id=policy_id, category_id=scenario.subject_categories[subject_cat_name], name=subject_data_name) scenario.subject_data[subject_cat_name][subject_data_name] = data_id - logger.info("Add object data") + LOGGER.info("Add object data") for object_cat_name in scenario.object_data: for object_data_name in scenario.object_data[object_cat_name]: data_id = scenario.object_data[object_cat_name][object_data_name] = add_object_data( policy_id=policy_id, category_id=scenario.object_categories[object_cat_name], name=object_data_name) scenario.object_data[object_cat_name][object_data_name] = data_id - logger.info("Add action data") + LOGGER.info("Add action data") for action_cat_name in scenario.action_data: for action_data_name in scenario.action_data[action_cat_name]: data_id = scenario.action_data[action_cat_name][action_data_name] = add_action_data( @@ -577,17 +586,17 @@ def create_policy(scenario, model_id, meta_rule_list): category_id=scenario.action_categories[action_cat_name], name=action_data_name) scenario.action_data[action_cat_name][action_data_name] = data_id - logger.info("Add subjects") + LOGGER.info("Add subjects") for name in scenario.subjects: scenario.subjects[name] = add_subject(policy_id, name=name) - logger.info("Add objects") + LOGGER.info("Add objects") for name in scenario.objects: scenario.objects[name] = add_object(policy_id, name=name) - logger.info("Add actions") + LOGGER.info("Add actions") for name in scenario.actions: scenario.actions[name] = add_action(policy_id, name=name) - logger.info("Add subject assignments") + LOGGER.info("Add subject assignments") for subject_name in scenario.subject_assignments: if type(scenario.subject_assignments[subject_name]) in (list, tuple): for items in scenario.subject_assignments[subject_name]: @@ -595,16 +604,19 @@ def create_policy(scenario, model_id, meta_rule_list): subject_id = scenario.subjects[subject_name] subject_cat_id = scenario.subject_categories[subject_category_name] for data in scenario.subject_assignments[subject_name]: - subject_data_id = scenario.subject_data[subject_category_name][data[subject_category_name]] - add_subject_assignments(policy_id, subject_id, subject_cat_id, subject_data_id) + subject_data_id = scenario.subject_data[subject_category_name][ + data[subject_category_name]] + add_subject_assignments(policy_id, subject_id, subject_cat_id, + subject_data_id) else: for subject_category_name in scenario.subject_assignments[subject_name]: subject_id = scenario.subjects[subject_name] subject_cat_id = scenario.subject_categories[subject_category_name] - subject_data_id = scenario.subject_data[subject_category_name][scenario.subject_assignments[subject_name][subject_category_name]] + subject_data_id = scenario.subject_data[subject_category_name][ + scenario.subject_assignments[subject_name][subject_category_name]] add_subject_assignments(policy_id, subject_id, subject_cat_id, subject_data_id) - logger.info("Add object assignments") + LOGGER.info("Add object assignments") for object_name in scenario.object_assignments: if type(scenario.object_assignments[object_name]) in (list, tuple): for items in scenario.object_assignments[object_name]: @@ -612,16 +624,18 @@ def create_policy(scenario, model_id, meta_rule_list): object_id = scenario.objects[object_name] object_cat_id = scenario.object_categories[object_category_name] for data in scenario.object_assignments[object_name]: - object_data_id = scenario.object_data[object_category_name][data[object_category_name]] + object_data_id = scenario.object_data[object_category_name][ + data[object_category_name]] add_object_assignments(policy_id, object_id, object_cat_id, object_data_id) else: for object_category_name in scenario.object_assignments[object_name]: object_id = scenario.objects[object_name] object_cat_id = scenario.object_categories[object_category_name] - object_data_id = scenario.object_data[object_category_name][scenario.object_assignments[object_name][object_category_name]] + object_data_id = scenario.object_data[object_category_name][ + scenario.object_assignments[object_name][object_category_name]] add_object_assignments(policy_id, object_id, object_cat_id, object_data_id) - logger.info("Add action assignments") + LOGGER.info("Add action assignments") for action_name in scenario.action_assignments: if type(scenario.action_assignments[action_name]) in (list, tuple): for items in scenario.action_assignments[action_name]: @@ -629,16 +643,18 @@ def create_policy(scenario, model_id, meta_rule_list): action_id = scenario.actions[action_name] action_cat_id = scenario.action_categories[action_category_name] for data in scenario.action_assignments[action_name]: - action_data_id = scenario.action_data[action_category_name][data[action_category_name]] + action_data_id = scenario.action_data[action_category_name][ + data[action_category_name]] add_action_assignments(policy_id, action_id, action_cat_id, action_data_id) else: for action_category_name in scenario.action_assignments[action_name]: action_id = scenario.actions[action_name] action_cat_id = scenario.action_categories[action_category_name] - action_data_id = scenario.action_data[action_category_name][scenario.action_assignments[action_name][action_category_name]] + action_data_id = scenario.action_data[action_category_name][ + scenario.action_assignments[action_name][action_category_name]] add_action_assignments(policy_id, action_id, action_cat_id, action_data_id) - logger.info("Add rules") + LOGGER.info("Add rules") for meta_rule_name in scenario.rules: meta_rule_value = scenario.meta_rule[meta_rule_name] for rule in scenario.rules[meta_rule_name]: @@ -655,4 +671,3 @@ def create_policy(scenario, model_id, meta_rule_list): instructions = rule["instructions"] add_rule(policy_id, meta_rule_value["id"], data_list, instructions) return policy_id - diff --git a/python_moonclient/python_moonclient/core/slaves.py b/python_moonclient/python_moonclient/core/slaves.py index 112b56f3..77b127c1 100644 --- a/python_moonclient/python_moonclient/core/slaves.py +++ b/python_moonclient/python_moonclient/core/slaves.py @@ -3,8 +3,7 @@ import requests from python_moonclient.core import config from python_moonclient.core.check_tools import * -logger = logging.getLogger("moonclient.core.slaves") - +LOGGER = logging.getLogger("moonclient.core.slaves") URL = None HEADERS = None @@ -20,8 +19,6 @@ def init(consul_host, consul_port): HEADERS = {"content-type": "application/json"} - - def get_slaves(): req = requests.get(URL.format("/slaves")) req.raise_for_status() @@ -36,10 +33,10 @@ def set_slave(name): req = requests.patch(URL.format("/slaves/{}".format(name)), headers=HEADERS, json={ - "op": "replace", - "variable": "configured", - "value": True - }) + "op": "replace", + "variable": "configured", + "value": True + }) req.raise_for_status() result = req.json() check_slaves_in_result(result) @@ -52,10 +49,10 @@ def delete_slave(name): req = requests.patch(URL.format("/slaves/{}".format(name)), headers=HEADERS, json={ - "op": "replace", - "variable": "configured", - "value": False - }) + "op": "replace", + "variable": "configured", + "value": False + }) req.raise_for_status() result = req.json() check_slaves_in_result(result) |