diff options
-rw-r--r-- | moonv4/moon_utilities/Changelog | 12 | ||||
-rw-r--r-- | moonv4/moon_utilities/build.sh | 27 | ||||
-rw-r--r-- | moonv4/moon_utilities/moon_utilities/__init__.py | 2 | ||||
-rw-r--r-- | moonv4/moon_utilities/moon_utilities/cache.py | 58 | ||||
-rw-r--r-- | moonv4/moon_utilities/moon_utilities/configuration.py | 10 | ||||
-rw-r--r-- | moonv4/moon_utilities/moon_utilities/misc.py | 117 | ||||
-rw-r--r-- | moonv4/moon_utilities/moon_utilities/security_functions.py | 51 |
7 files changed, 169 insertions, 108 deletions
diff --git a/moonv4/moon_utilities/Changelog b/moonv4/moon_utilities/Changelog index 51a007c2..185e81dc 100644 --- a/moonv4/moon_utilities/Changelog +++ b/moonv4/moon_utilities/Changelog @@ -39,3 +39,15 @@ CHANGES ----- - Add cache functionality +1.3.1 +----- +- Delete Oslo config possibilities + +1.3.2 +----- +- Delete Oslo logging and config + +1.3.3 +----- +- Update the cache + diff --git a/moonv4/moon_utilities/build.sh b/moonv4/moon_utilities/build.sh index 4c7db18d..79bd9132 100644 --- a/moonv4/moon_utilities/build.sh +++ b/moonv4/moon_utilities/build.sh @@ -1,21 +1,28 @@ +#!/usr/bin/env bash - -VERSION=moon_utilities-1.2.0 +VERSION=moon_utilities-1.3.3 python3 setup.py sdist bdist_wheel -rm dist/*.asc +rm dist/*.asc 2>/dev/null gpg --detach-sign -u "A0A96E75" -a dist/${VERSION}-py3-none-any.whl -gpg --detach-sign -u "A0A96E75" -a dist/${VERSION}.linux-x86_64.tar.gz +gpg --detach-sign -u "A0A96E75" -a dist/${VERSION}.tar.gz if [ "$1" = "upload" ]; then twine upload dist/${VERSION}-py3-none-any.whl dist/${VERSION}-py3-none-any.whl.asc - twine upload dist/${VERSION}.linux-x86_64.tar.gz dist/${VERSION}.linux-x86_64.tar.gz.asc + twine upload dist/${VERSION}.tar.gz dist/${VERSION}.tar.gz.asc fi -cp dist/${VERSION}-py3-none-any.whl ../moon_orchestrator/dist/ -cp dist/${VERSION}-py3-none-any.whl ../moon_router/dist/ -cp dist/${VERSION}-py3-none-any.whl ../moon_interface/dist/ -cp dist/${VERSION}-py3-none-any.whl ../moon_manager/dist/ -cp dist/${VERSION}-py3-none-any.whl ../moon_authz/dist/ +if [ "$1" = "copy" ]; then + mkdir -p ../moon_orchestrator/dist/ 2>/dev/null + cp -v dist/${VERSION}-py3-none-any.whl ../moon_orchestrator/dist/ + mkdir -p ../moon_interface/dist/ 2>/dev/null + cp -v dist/${VERSION}-py3-none-any.whl ../moon_interface/dist/ + mkdir -p ../moon_manager/dist/ 2>/dev/null + cp -v dist/${VERSION}-py3-none-any.whl ../moon_manager/dist/ + mkdir -p ../moon_authz/dist/ 2>/dev/null + cp -v dist/${VERSION}-py3-none-any.whl ../moon_authz/dist/ + mkdir -p ../moon_wrapper/dist/ 2>/dev/null + cp -v dist/${VERSION}-py3-none-any.whl ../moon_wrapper/dist/ +fi diff --git a/moonv4/moon_utilities/moon_utilities/__init__.py b/moonv4/moon_utilities/moon_utilities/__init__.py index 6e5782ce..327860b3 100644 --- a/moonv4/moon_utilities/moon_utilities/__init__.py +++ b/moonv4/moon_utilities/moon_utilities/__init__.py @@ -3,4 +3,4 @@ # license which can be found in the file 'LICENSE' in this package distribution # or at 'http://www.apache.org/licenses/LICENSE-2.0'. -__version__ = "1.3.0" +__version__ = "1.3.3" diff --git a/moonv4/moon_utilities/moon_utilities/cache.py b/moonv4/moon_utilities/moon_utilities/cache.py index 7c938b39..2a289df3 100644 --- a/moonv4/moon_utilities/moon_utilities/cache.py +++ b/moonv4/moon_utilities/moon_utilities/cache.py @@ -49,7 +49,6 @@ class Cache(object): __AUTHZ_REQUESTS = {} - def __init__(self): self.manager_url = "{}://{}:{}".format( configuration.get_components()['manager'].get('protocol', 'http'), @@ -82,7 +81,8 @@ class Cache(object): return self.__SUBJECTS def update_subjects(self, policy_id=None): - req = requests.get("{}/policies/{}/subjects".format(self.manager_url, policy_id)) + req = requests.get("{}/policies/{}/subjects".format( + self.manager_url, policy_id)) self.__SUBJECTS[policy_id] = req.json()['subjects'] def get_subject(self, policy_id, name): @@ -103,7 +103,8 @@ class Cache(object): return self.__OBJECTS def update_objects(self, policy_id=None): - req = requests.get("{}/policies/{}/objects".format(self.manager_url, policy_id)) + req = requests.get("{}/policies/{}/objects".format( + self.manager_url, policy_id)) self.__OBJECTS[policy_id] = req.json()['objects'] def get_object(self, policy_id, name): @@ -124,7 +125,8 @@ class Cache(object): return self.__ACTIONS def update_actions(self, policy_id=None): - req = requests.get("{}/policies/{}/actions".format(self.manager_url, policy_id)) + req = requests.get("{}/policies/{}/actions".format( + self.manager_url, policy_id)) self.__ACTIONS[policy_id] = req.json()['actions'] def get_action(self, policy_id, name): @@ -184,10 +186,12 @@ class Cache(object): req = requests.get("{}/policies/{}/subject_assignments/{}".format( self.manager_url, policy_id, perimeter_id)) else: - req = requests.get("{}/policies/{}/subject_assignments".format(self.manager_url, policy_id)) + req = requests.get("{}/policies/{}/subject_assignments".format( + self.manager_url, policy_id)) if policy_id not in self.__SUBJECT_ASSIGNMENTS: self.__SUBJECT_ASSIGNMENTS[policy_id] = {} - self.__SUBJECT_ASSIGNMENTS[policy_id].update(req.json()['subject_assignments']) + self.__SUBJECT_ASSIGNMENTS[policy_id].update( + req.json()['subject_assignments']) def get_subject_assignments(self, policy_id, perimeter_id, category_id): if policy_id not in self.subject_assignments: @@ -208,10 +212,12 @@ class Cache(object): req = requests.get("{}/policies/{}/object_assignments/{}".format( self.manager_url, policy_id, perimeter_id)) else: - req = requests.get("{}/policies/{}/object_assignments".format(self.manager_url, policy_id)) + req = requests.get("{}/policies/{}/object_assignments".format( + self.manager_url, policy_id)) if policy_id not in self.__OBJECT_ASSIGNMENTS: self.__OBJECT_ASSIGNMENTS[policy_id] = {} - self.__OBJECT_ASSIGNMENTS[policy_id].update(req.json()['object_assignments']) + self.__OBJECT_ASSIGNMENTS[policy_id].update( + req.json()['object_assignments']) def get_object_assignments(self, policy_id, perimeter_id, category_id): if policy_id not in self.object_assignments: @@ -232,10 +238,12 @@ class Cache(object): req = requests.get("{}/policies/{}/action_assignments/{}".format( self.manager_url, policy_id, perimeter_id)) else: - req = requests.get("{}/policies/{}/action_assignments".format(self.manager_url, policy_id)) + req = requests.get("{}/policies/{}/action_assignments".format( + self.manager_url, policy_id)) if policy_id not in self.__ACTION_ASSIGNMENTS: self.__ACTION_ASSIGNMENTS[policy_id] = {} - self.__ACTION_ASSIGNMENTS[policy_id].update(req.json()['action_assignments']) + self.__ACTION_ASSIGNMENTS[policy_id].update( + req.json()['action_assignments']) def get_action_assignments(self, policy_id, perimeter_id, category_id): if policy_id not in self.action_assignments: @@ -378,23 +386,27 @@ class Cache(object): # if meta_rule_id in self.models[model_id]["meta_rules"]: # return pdp_value["keystone_project_id"] - def get_containers_from_keystone_project_id(self, keystone_project_id, meta_rule_id=None): + def get_containers_from_keystone_project_id(self, keystone_project_id, + meta_rule_id=None): for container_id, container_value in self.containers.items(): + LOG.info("container={}".format(container_value)) if 'keystone_project_id' not in container_value: continue if container_value['keystone_project_id'] == keystone_project_id: if not meta_rule_id: yield container_id, container_value - elif container_value['meta_rule_id'] == meta_rule_id: + elif container_value.get('meta_rule_id') == meta_rule_id: yield container_id, container_value break # containers functions def __update_container(self): - req = requests.get("{}/containers".format(self.manager_url)) - containers = req.json() - for key, value in containers["containers"].items(): + LOG.info("orchestrator={}".format("{}/pods".format(self.orchestrator_url))) + req = requests.get("{}/pods".format(self.orchestrator_url)) + LOG.info("pods={}".format(req.text)) + pods = req.json() + for key, value in pods["pods"].items(): if key not in self.__CONTAINERS: self.__CONTAINERS[key] = value else: @@ -487,34 +499,24 @@ class Cache(object): def __update_container_chaining(self, keystone_project_id): container_ids = [] for pdp_id, pdp_value, in self.__PDP.items(): - # LOG.info("pdp_id, pdp_value = {}, {}".format(pdp_id, pdp_value)) - # LOG.info("__POLICIES = {}".format(self.__POLICIES)) if pdp_value: if pdp_value["keystone_project_id"] == keystone_project_id: for policy_id in pdp_value["security_pipeline"]: model_id = self.__POLICIES[policy_id]['model_id'] - # LOG.info("model_id = {}".format(model_id)) - # LOG.info("CACHE = {}".format(self.__MODELS[model_id])) - # LOG.info("CACHE.containers = {}".format(self.__CONTAINERS)) - # LOG.info("CACHE.models = {}".format(self.__MODELS)) for meta_rule_id in self.__MODELS[model_id]["meta_rules"]: - # LOG.info("meta_rule = {}".format(self.__MODELS[model_id]["meta_rules"])) for container_id, container_value in self.get_containers_from_keystone_project_id( keystone_project_id, meta_rule_id ): - # LOG.info("CONTAINER: {} {}".format(container_id, container_value)) container_ids.append( { - "container_id": self.__CONTAINERS[container_id]["container_id"], + "container_id": self.__CONTAINERS[container_id]["name"], "genre": self.__CONTAINERS[container_id]["genre"], "policy_id": policy_id, "meta_rule_id": meta_rule_id, - "hostname": self.__CONTAINERS[container_id]["hostname"], - "hostip": self.__CONTAINERS[container_id]["port"][0]["IP"], - "port": self.__CONTAINERS[container_id]["port"][0]["PublicPort"], + "hostname": self.__CONTAINERS[container_id]["name"], + "port": self.__CONTAINERS[container_id]["port"], } ) - # LOG.info("__update_container_chaining={}".format(container_ids)) self.__CONTAINER_CHAINING[keystone_project_id] = container_ids diff --git a/moonv4/moon_utilities/moon_utilities/configuration.py b/moonv4/moon_utilities/moon_utilities/configuration.py index d1c5545f..97727c39 100644 --- a/moonv4/moon_utilities/moon_utilities/configuration.py +++ b/moonv4/moon_utilities/moon_utilities/configuration.py @@ -4,15 +4,11 @@ # or at 'http://www.apache.org/licenses/LICENSE-2.0'. -import copy import base64 import json import requests import logging import logging.config -# from oslo_log import log as logging -from oslo_config import cfg -# import oslo_messaging from moon_utilities import exceptions LOG = logging.getLogger("moon.utilities") @@ -33,11 +29,6 @@ def init_logging(): logging.config.dictConfig(config['logging']) -def init_oslo_config(): - cfg.CONF.transport_url = get_configuration("messenger")['messenger']['url'] - cfg.CONF.rpc_response_timeout = 5 - - def increment_port(): components_port_start = int(get_configuration("components_port_start")['components_port_start']) components_port_start += 1 @@ -123,4 +114,3 @@ def get_components(): init_logging() -init_oslo_config() diff --git a/moonv4/moon_utilities/moon_utilities/misc.py b/moonv4/moon_utilities/moon_utilities/misc.py index d13b4511..4eadd476 100644 --- a/moonv4/moon_utilities/moon_utilities/misc.py +++ b/moonv4/moon_utilities/moon_utilities/misc.py @@ -4,18 +4,10 @@ # or at 'http://www.apache.org/licenses/LICENSE-2.0'. -import os -import re -import types -import requests -from oslo_log import log as logging -from oslo_config import cfg -import oslo_messaging -from moon_utilities import exceptions -from oslo_config.cfg import ConfigOpts +import logging +import random LOG = logging.getLogger(__name__) -CONF = cfg.CONF def get_uuid_from_name(name, elements, **kwargs): @@ -45,3 +37,108 @@ def get_name_from_uuid(uuid, elements, **kwargs): else: return elements[element].get('name') + +def get_random_name(): + _list = ( + "windy", + "vengeful", + "precious", + "vivacious", + "quiet", + "confused", + "exultant", + "impossible", + "thick", + "obsolete", + "piquant", + "fanatical", + "tame", + "perfect", + "animated", + "dark", + "stimulating", + "drunk", + "depressed", + "fumbling", + "like", + "undesirable", + "spurious", + "subsequent", + "spiteful", + "last", + "stale", + "hulking", + "giddy", + "minor", + "careful", + "possessive", + "gullible", + "fragile", + "divergent", + "ill-informed", + "false", + "jumpy", + "damaged", + "likeable", + "volatile", + "handsomely", + "wet", + "long-term", + "pretty", + "taboo", + "normal", + "magnificent", + "nutty", + "puzzling", + "small", + "kind", + "devilish", + "chubby", + "paltry", + "cultured", + "old", + "defective", + "hanging", + "innocent", + "jagged", + "economic", + "good", + "sulky", + "real", + "bent", + "shut", + "furry", + "terrific", + "hollow", + "terrible", + "mammoth", + "pleasant", + "scared", + "obnoxious", + "absorbing", + "imported", + "infamous", + "grieving", + "ill-fated", + "mighty", + "handy", + "comfortable", + "astonishing", + "brown", + "assorted", + "wrong", + "unsightly", + "spooky", + "delightful", + "acid", + "inconclusive", + "mere", + "careless", + "historical", + "flashy", + "squealing", + "quarrelsome", + "empty", + "long", + ) + return random.choice(_list) diff --git a/moonv4/moon_utilities/moon_utilities/security_functions.py b/moonv4/moon_utilities/moon_utilities/security_functions.py index 98935996..fc90d305 100644 --- a/moonv4/moon_utilities/moon_utilities/security_functions.py +++ b/moonv4/moon_utilities/moon_utilities/security_functions.py @@ -12,27 +12,14 @@ import requests import time from functools import wraps from flask import request -from oslo_log import log as logging -from oslo_config import cfg -import oslo_messaging +import logging from moon_utilities import exceptions from moon_utilities import configuration LOG = logging.getLogger("moon.utilities." + __name__) -CONF = cfg.CONF keystone_config = configuration.get_configuration("openstack/keystone")["openstack/keystone"] -slave = configuration.get_configuration(configuration.SLAVE)["slave"] - -__transport_master = oslo_messaging.get_transport(cfg.CONF, slave.get("master_url")) -__transport = oslo_messaging.get_transport(CONF) - -__n_transport = oslo_messaging.get_notification_transport(CONF) -__n_notifier = oslo_messaging.Notifier(__n_transport, - 'router.host', - driver='messagingv2', - topics=['authz-workers']) -__n_notifier = __n_notifier.prepare(publisher_id='router') +# slave = configuration.get_configuration(configuration.SLAVE)["slave"] __targets = {} @@ -173,40 +160,6 @@ def logout(headers, url=None): raise exceptions.KeystoneError -def notify(request_id, container_id, payload, event_type="authz"): - ctxt = { - 'request_id': request_id, - 'container_id': container_id - } - __n_notifier.critical(ctxt, event_type, payload=payload) - # FIXME (asteroide): the notification mus be done 2 times otherwise the notification - # may not be sent (need to search why) - __n_notifier.critical(ctxt, event_type, payload=payload) - - -def call(endpoint="security_router", ctx=None, method="route", **kwargs): - if not ctx: - ctx = dict() - if endpoint not in __targets: - __targets[endpoint] = dict() - __targets[endpoint]["endpoint"] = oslo_messaging.Target(topic=endpoint, version='1.0') - __targets[endpoint]["client"] = dict() - __targets[endpoint]["client"]["internal"] = oslo_messaging.RPCClient(__transport, - __targets[endpoint]["endpoint"]) - __targets[endpoint]["client"]["external"] = oslo_messaging.RPCClient(__transport_master, - __targets[endpoint]["endpoint"]) - if 'call_master' in ctx and ctx['call_master'] and slave.get("master_url"): - client = __targets[endpoint]["client"]["external"] - LOG.info("Calling master {} on {}...".format(method, endpoint)) - else: - client = __targets[endpoint]["client"]["internal"] - LOG.info("Calling {} on {}...".format(method, endpoint)) - result = copy.deepcopy(client.call(ctx, method, **kwargs)) - LOG.info("result={}".format(result)) - del client - return result - - class Context: def __init__(self, init_context, cache): |