aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--moonv4/moon_utilities/Changelog12
-rw-r--r--moonv4/moon_utilities/build.sh27
-rw-r--r--moonv4/moon_utilities/moon_utilities/__init__.py2
-rw-r--r--moonv4/moon_utilities/moon_utilities/cache.py58
-rw-r--r--moonv4/moon_utilities/moon_utilities/configuration.py10
-rw-r--r--moonv4/moon_utilities/moon_utilities/misc.py117
-rw-r--r--moonv4/moon_utilities/moon_utilities/security_functions.py51
7 files changed, 169 insertions, 108 deletions
diff --git a/moonv4/moon_utilities/Changelog b/moonv4/moon_utilities/Changelog
index 51a007c2..185e81dc 100644
--- a/moonv4/moon_utilities/Changelog
+++ b/moonv4/moon_utilities/Changelog
@@ -39,3 +39,15 @@ CHANGES
-----
- Add cache functionality
+1.3.1
+-----
+- Delete Oslo config possibilities
+
+1.3.2
+-----
+- Delete Oslo logging and config
+
+1.3.3
+-----
+- Update the cache
+
diff --git a/moonv4/moon_utilities/build.sh b/moonv4/moon_utilities/build.sh
index 4c7db18d..79bd9132 100644
--- a/moonv4/moon_utilities/build.sh
+++ b/moonv4/moon_utilities/build.sh
@@ -1,21 +1,28 @@
+#!/usr/bin/env bash
-
-VERSION=moon_utilities-1.2.0
+VERSION=moon_utilities-1.3.3
python3 setup.py sdist bdist_wheel
-rm dist/*.asc
+rm dist/*.asc 2>/dev/null
gpg --detach-sign -u "A0A96E75" -a dist/${VERSION}-py3-none-any.whl
-gpg --detach-sign -u "A0A96E75" -a dist/${VERSION}.linux-x86_64.tar.gz
+gpg --detach-sign -u "A0A96E75" -a dist/${VERSION}.tar.gz
if [ "$1" = "upload" ]; then
twine upload dist/${VERSION}-py3-none-any.whl dist/${VERSION}-py3-none-any.whl.asc
- twine upload dist/${VERSION}.linux-x86_64.tar.gz dist/${VERSION}.linux-x86_64.tar.gz.asc
+ twine upload dist/${VERSION}.tar.gz dist/${VERSION}.tar.gz.asc
fi
-cp dist/${VERSION}-py3-none-any.whl ../moon_orchestrator/dist/
-cp dist/${VERSION}-py3-none-any.whl ../moon_router/dist/
-cp dist/${VERSION}-py3-none-any.whl ../moon_interface/dist/
-cp dist/${VERSION}-py3-none-any.whl ../moon_manager/dist/
-cp dist/${VERSION}-py3-none-any.whl ../moon_authz/dist/
+if [ "$1" = "copy" ]; then
+ mkdir -p ../moon_orchestrator/dist/ 2>/dev/null
+ cp -v dist/${VERSION}-py3-none-any.whl ../moon_orchestrator/dist/
+ mkdir -p ../moon_interface/dist/ 2>/dev/null
+ cp -v dist/${VERSION}-py3-none-any.whl ../moon_interface/dist/
+ mkdir -p ../moon_manager/dist/ 2>/dev/null
+ cp -v dist/${VERSION}-py3-none-any.whl ../moon_manager/dist/
+ mkdir -p ../moon_authz/dist/ 2>/dev/null
+ cp -v dist/${VERSION}-py3-none-any.whl ../moon_authz/dist/
+ mkdir -p ../moon_wrapper/dist/ 2>/dev/null
+ cp -v dist/${VERSION}-py3-none-any.whl ../moon_wrapper/dist/
+fi
diff --git a/moonv4/moon_utilities/moon_utilities/__init__.py b/moonv4/moon_utilities/moon_utilities/__init__.py
index 6e5782ce..327860b3 100644
--- a/moonv4/moon_utilities/moon_utilities/__init__.py
+++ b/moonv4/moon_utilities/moon_utilities/__init__.py
@@ -3,4 +3,4 @@
# license which can be found in the file 'LICENSE' in this package distribution
# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-__version__ = "1.3.0"
+__version__ = "1.3.3"
diff --git a/moonv4/moon_utilities/moon_utilities/cache.py b/moonv4/moon_utilities/moon_utilities/cache.py
index 7c938b39..2a289df3 100644
--- a/moonv4/moon_utilities/moon_utilities/cache.py
+++ b/moonv4/moon_utilities/moon_utilities/cache.py
@@ -49,7 +49,6 @@ class Cache(object):
__AUTHZ_REQUESTS = {}
-
def __init__(self):
self.manager_url = "{}://{}:{}".format(
configuration.get_components()['manager'].get('protocol', 'http'),
@@ -82,7 +81,8 @@ class Cache(object):
return self.__SUBJECTS
def update_subjects(self, policy_id=None):
- req = requests.get("{}/policies/{}/subjects".format(self.manager_url, policy_id))
+ req = requests.get("{}/policies/{}/subjects".format(
+ self.manager_url, policy_id))
self.__SUBJECTS[policy_id] = req.json()['subjects']
def get_subject(self, policy_id, name):
@@ -103,7 +103,8 @@ class Cache(object):
return self.__OBJECTS
def update_objects(self, policy_id=None):
- req = requests.get("{}/policies/{}/objects".format(self.manager_url, policy_id))
+ req = requests.get("{}/policies/{}/objects".format(
+ self.manager_url, policy_id))
self.__OBJECTS[policy_id] = req.json()['objects']
def get_object(self, policy_id, name):
@@ -124,7 +125,8 @@ class Cache(object):
return self.__ACTIONS
def update_actions(self, policy_id=None):
- req = requests.get("{}/policies/{}/actions".format(self.manager_url, policy_id))
+ req = requests.get("{}/policies/{}/actions".format(
+ self.manager_url, policy_id))
self.__ACTIONS[policy_id] = req.json()['actions']
def get_action(self, policy_id, name):
@@ -184,10 +186,12 @@ class Cache(object):
req = requests.get("{}/policies/{}/subject_assignments/{}".format(
self.manager_url, policy_id, perimeter_id))
else:
- req = requests.get("{}/policies/{}/subject_assignments".format(self.manager_url, policy_id))
+ req = requests.get("{}/policies/{}/subject_assignments".format(
+ self.manager_url, policy_id))
if policy_id not in self.__SUBJECT_ASSIGNMENTS:
self.__SUBJECT_ASSIGNMENTS[policy_id] = {}
- self.__SUBJECT_ASSIGNMENTS[policy_id].update(req.json()['subject_assignments'])
+ self.__SUBJECT_ASSIGNMENTS[policy_id].update(
+ req.json()['subject_assignments'])
def get_subject_assignments(self, policy_id, perimeter_id, category_id):
if policy_id not in self.subject_assignments:
@@ -208,10 +212,12 @@ class Cache(object):
req = requests.get("{}/policies/{}/object_assignments/{}".format(
self.manager_url, policy_id, perimeter_id))
else:
- req = requests.get("{}/policies/{}/object_assignments".format(self.manager_url, policy_id))
+ req = requests.get("{}/policies/{}/object_assignments".format(
+ self.manager_url, policy_id))
if policy_id not in self.__OBJECT_ASSIGNMENTS:
self.__OBJECT_ASSIGNMENTS[policy_id] = {}
- self.__OBJECT_ASSIGNMENTS[policy_id].update(req.json()['object_assignments'])
+ self.__OBJECT_ASSIGNMENTS[policy_id].update(
+ req.json()['object_assignments'])
def get_object_assignments(self, policy_id, perimeter_id, category_id):
if policy_id not in self.object_assignments:
@@ -232,10 +238,12 @@ class Cache(object):
req = requests.get("{}/policies/{}/action_assignments/{}".format(
self.manager_url, policy_id, perimeter_id))
else:
- req = requests.get("{}/policies/{}/action_assignments".format(self.manager_url, policy_id))
+ req = requests.get("{}/policies/{}/action_assignments".format(
+ self.manager_url, policy_id))
if policy_id not in self.__ACTION_ASSIGNMENTS:
self.__ACTION_ASSIGNMENTS[policy_id] = {}
- self.__ACTION_ASSIGNMENTS[policy_id].update(req.json()['action_assignments'])
+ self.__ACTION_ASSIGNMENTS[policy_id].update(
+ req.json()['action_assignments'])
def get_action_assignments(self, policy_id, perimeter_id, category_id):
if policy_id not in self.action_assignments:
@@ -378,23 +386,27 @@ class Cache(object):
# if meta_rule_id in self.models[model_id]["meta_rules"]:
# return pdp_value["keystone_project_id"]
- def get_containers_from_keystone_project_id(self, keystone_project_id, meta_rule_id=None):
+ def get_containers_from_keystone_project_id(self, keystone_project_id,
+ meta_rule_id=None):
for container_id, container_value in self.containers.items():
+ LOG.info("container={}".format(container_value))
if 'keystone_project_id' not in container_value:
continue
if container_value['keystone_project_id'] == keystone_project_id:
if not meta_rule_id:
yield container_id, container_value
- elif container_value['meta_rule_id'] == meta_rule_id:
+ elif container_value.get('meta_rule_id') == meta_rule_id:
yield container_id, container_value
break
# containers functions
def __update_container(self):
- req = requests.get("{}/containers".format(self.manager_url))
- containers = req.json()
- for key, value in containers["containers"].items():
+ LOG.info("orchestrator={}".format("{}/pods".format(self.orchestrator_url)))
+ req = requests.get("{}/pods".format(self.orchestrator_url))
+ LOG.info("pods={}".format(req.text))
+ pods = req.json()
+ for key, value in pods["pods"].items():
if key not in self.__CONTAINERS:
self.__CONTAINERS[key] = value
else:
@@ -487,34 +499,24 @@ class Cache(object):
def __update_container_chaining(self, keystone_project_id):
container_ids = []
for pdp_id, pdp_value, in self.__PDP.items():
- # LOG.info("pdp_id, pdp_value = {}, {}".format(pdp_id, pdp_value))
- # LOG.info("__POLICIES = {}".format(self.__POLICIES))
if pdp_value:
if pdp_value["keystone_project_id"] == keystone_project_id:
for policy_id in pdp_value["security_pipeline"]:
model_id = self.__POLICIES[policy_id]['model_id']
- # LOG.info("model_id = {}".format(model_id))
- # LOG.info("CACHE = {}".format(self.__MODELS[model_id]))
- # LOG.info("CACHE.containers = {}".format(self.__CONTAINERS))
- # LOG.info("CACHE.models = {}".format(self.__MODELS))
for meta_rule_id in self.__MODELS[model_id]["meta_rules"]:
- # LOG.info("meta_rule = {}".format(self.__MODELS[model_id]["meta_rules"]))
for container_id, container_value in self.get_containers_from_keystone_project_id(
keystone_project_id,
meta_rule_id
):
- # LOG.info("CONTAINER: {} {}".format(container_id, container_value))
container_ids.append(
{
- "container_id": self.__CONTAINERS[container_id]["container_id"],
+ "container_id": self.__CONTAINERS[container_id]["name"],
"genre": self.__CONTAINERS[container_id]["genre"],
"policy_id": policy_id,
"meta_rule_id": meta_rule_id,
- "hostname": self.__CONTAINERS[container_id]["hostname"],
- "hostip": self.__CONTAINERS[container_id]["port"][0]["IP"],
- "port": self.__CONTAINERS[container_id]["port"][0]["PublicPort"],
+ "hostname": self.__CONTAINERS[container_id]["name"],
+ "port": self.__CONTAINERS[container_id]["port"],
}
)
- # LOG.info("__update_container_chaining={}".format(container_ids))
self.__CONTAINER_CHAINING[keystone_project_id] = container_ids
diff --git a/moonv4/moon_utilities/moon_utilities/configuration.py b/moonv4/moon_utilities/moon_utilities/configuration.py
index d1c5545f..97727c39 100644
--- a/moonv4/moon_utilities/moon_utilities/configuration.py
+++ b/moonv4/moon_utilities/moon_utilities/configuration.py
@@ -4,15 +4,11 @@
# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-import copy
import base64
import json
import requests
import logging
import logging.config
-# from oslo_log import log as logging
-from oslo_config import cfg
-# import oslo_messaging
from moon_utilities import exceptions
LOG = logging.getLogger("moon.utilities")
@@ -33,11 +29,6 @@ def init_logging():
logging.config.dictConfig(config['logging'])
-def init_oslo_config():
- cfg.CONF.transport_url = get_configuration("messenger")['messenger']['url']
- cfg.CONF.rpc_response_timeout = 5
-
-
def increment_port():
components_port_start = int(get_configuration("components_port_start")['components_port_start'])
components_port_start += 1
@@ -123,4 +114,3 @@ def get_components():
init_logging()
-init_oslo_config()
diff --git a/moonv4/moon_utilities/moon_utilities/misc.py b/moonv4/moon_utilities/moon_utilities/misc.py
index d13b4511..4eadd476 100644
--- a/moonv4/moon_utilities/moon_utilities/misc.py
+++ b/moonv4/moon_utilities/moon_utilities/misc.py
@@ -4,18 +4,10 @@
# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-import os
-import re
-import types
-import requests
-from oslo_log import log as logging
-from oslo_config import cfg
-import oslo_messaging
-from moon_utilities import exceptions
-from oslo_config.cfg import ConfigOpts
+import logging
+import random
LOG = logging.getLogger(__name__)
-CONF = cfg.CONF
def get_uuid_from_name(name, elements, **kwargs):
@@ -45,3 +37,108 @@ def get_name_from_uuid(uuid, elements, **kwargs):
else:
return elements[element].get('name')
+
+def get_random_name():
+ _list = (
+ "windy",
+ "vengeful",
+ "precious",
+ "vivacious",
+ "quiet",
+ "confused",
+ "exultant",
+ "impossible",
+ "thick",
+ "obsolete",
+ "piquant",
+ "fanatical",
+ "tame",
+ "perfect",
+ "animated",
+ "dark",
+ "stimulating",
+ "drunk",
+ "depressed",
+ "fumbling",
+ "like",
+ "undesirable",
+ "spurious",
+ "subsequent",
+ "spiteful",
+ "last",
+ "stale",
+ "hulking",
+ "giddy",
+ "minor",
+ "careful",
+ "possessive",
+ "gullible",
+ "fragile",
+ "divergent",
+ "ill-informed",
+ "false",
+ "jumpy",
+ "damaged",
+ "likeable",
+ "volatile",
+ "handsomely",
+ "wet",
+ "long-term",
+ "pretty",
+ "taboo",
+ "normal",
+ "magnificent",
+ "nutty",
+ "puzzling",
+ "small",
+ "kind",
+ "devilish",
+ "chubby",
+ "paltry",
+ "cultured",
+ "old",
+ "defective",
+ "hanging",
+ "innocent",
+ "jagged",
+ "economic",
+ "good",
+ "sulky",
+ "real",
+ "bent",
+ "shut",
+ "furry",
+ "terrific",
+ "hollow",
+ "terrible",
+ "mammoth",
+ "pleasant",
+ "scared",
+ "obnoxious",
+ "absorbing",
+ "imported",
+ "infamous",
+ "grieving",
+ "ill-fated",
+ "mighty",
+ "handy",
+ "comfortable",
+ "astonishing",
+ "brown",
+ "assorted",
+ "wrong",
+ "unsightly",
+ "spooky",
+ "delightful",
+ "acid",
+ "inconclusive",
+ "mere",
+ "careless",
+ "historical",
+ "flashy",
+ "squealing",
+ "quarrelsome",
+ "empty",
+ "long",
+ )
+ return random.choice(_list)
diff --git a/moonv4/moon_utilities/moon_utilities/security_functions.py b/moonv4/moon_utilities/moon_utilities/security_functions.py
index 98935996..fc90d305 100644
--- a/moonv4/moon_utilities/moon_utilities/security_functions.py
+++ b/moonv4/moon_utilities/moon_utilities/security_functions.py
@@ -12,27 +12,14 @@ import requests
import time
from functools import wraps
from flask import request
-from oslo_log import log as logging
-from oslo_config import cfg
-import oslo_messaging
+import logging
from moon_utilities import exceptions
from moon_utilities import configuration
LOG = logging.getLogger("moon.utilities." + __name__)
-CONF = cfg.CONF
keystone_config = configuration.get_configuration("openstack/keystone")["openstack/keystone"]
-slave = configuration.get_configuration(configuration.SLAVE)["slave"]
-
-__transport_master = oslo_messaging.get_transport(cfg.CONF, slave.get("master_url"))
-__transport = oslo_messaging.get_transport(CONF)
-
-__n_transport = oslo_messaging.get_notification_transport(CONF)
-__n_notifier = oslo_messaging.Notifier(__n_transport,
- 'router.host',
- driver='messagingv2',
- topics=['authz-workers'])
-__n_notifier = __n_notifier.prepare(publisher_id='router')
+# slave = configuration.get_configuration(configuration.SLAVE)["slave"]
__targets = {}
@@ -173,40 +160,6 @@ def logout(headers, url=None):
raise exceptions.KeystoneError
-def notify(request_id, container_id, payload, event_type="authz"):
- ctxt = {
- 'request_id': request_id,
- 'container_id': container_id
- }
- __n_notifier.critical(ctxt, event_type, payload=payload)
- # FIXME (asteroide): the notification mus be done 2 times otherwise the notification
- # may not be sent (need to search why)
- __n_notifier.critical(ctxt, event_type, payload=payload)
-
-
-def call(endpoint="security_router", ctx=None, method="route", **kwargs):
- if not ctx:
- ctx = dict()
- if endpoint not in __targets:
- __targets[endpoint] = dict()
- __targets[endpoint]["endpoint"] = oslo_messaging.Target(topic=endpoint, version='1.0')
- __targets[endpoint]["client"] = dict()
- __targets[endpoint]["client"]["internal"] = oslo_messaging.RPCClient(__transport,
- __targets[endpoint]["endpoint"])
- __targets[endpoint]["client"]["external"] = oslo_messaging.RPCClient(__transport_master,
- __targets[endpoint]["endpoint"])
- if 'call_master' in ctx and ctx['call_master'] and slave.get("master_url"):
- client = __targets[endpoint]["client"]["external"]
- LOG.info("Calling master {} on {}...".format(method, endpoint))
- else:
- client = __targets[endpoint]["client"]["internal"]
- LOG.info("Calling {} on {}...".format(method, endpoint))
- result = copy.deepcopy(client.call(ctx, method, **kwargs))
- LOG.info("result={}".format(result))
- del client
- return result
-
-
class Context:
def __init__(self, init_context, cache):