diff options
28 files changed, 207 insertions, 194 deletions
diff --git a/moon_authz/moon_authz/__init__.py b/moon_authz/moon_authz/__init__.py index 903c6518..6f964a63 100644 --- a/moon_authz/moon_authz/__init__.py +++ b/moon_authz/moon_authz/__init__.py @@ -3,4 +3,4 @@ # license which can be found in the file 'LICENSE' in this package distribution # or at 'http://www.apache.org/licenses/LICENSE-2.0'. -__version__ = "0.1.0" +__version__ = "4.3.2" diff --git a/moon_authz/moon_authz/__main__.py b/moon_authz/moon_authz/__main__.py index 699c008c..2693f687 100644 --- a/moon_authz/moon_authz/__main__.py +++ b/moon_authz/moon_authz/__main__.py @@ -1,4 +1,4 @@ -from moon_authz.server import main +from moon_authz.server import create_server -server = main() +server = create_server() server.run() diff --git a/moon_authz/moon_authz/api/authorization.py b/moon_authz/moon_authz/api/authorization.py index d7832ef0..c83dd72c 100644 --- a/moon_authz/moon_authz/api/authorization.py +++ b/moon_authz/moon_authz/api/authorization.py @@ -3,30 +3,21 @@ # license which can be found in the file 'LICENSE' in this package distribution # or at 'http://www.apache.org/licenses/LICENSE-2.0'. -import binascii import itertools import pickle -from uuid import uuid4 import logging -from python_moonutilities import exceptions import flask from flask import request from flask_restful import Resource -# TODO (asteroide): -# - end the dev of the context -# - rebuild the authorization function according to the context -# - call the next security function -# - call the master if an element is absent - -LOG = logging.getLogger("moon.authz.api." + __name__) +logger = logging.getLogger("moon.authz.api." + __name__) class Authz(Resource): """ Endpoint for authz requests """ - __version__ = "0.1.0" + __version__ = "4.3.1" __urls__ = ( "/authz", @@ -82,7 +73,7 @@ class Authz(Resource): return response def run(self): - LOG.info("self.context.pdp_set={}".format(self.context.pdp_set)) + logger.info("self.context.pdp_set={}".format(self.context.pdp_set)) result, message = self.__check_rules() if result: return self.__exec_instructions(result) @@ -108,10 +99,10 @@ class Authz(Resource): for item in itertools.product(*scopes_list): req = list(item) for rule in self.cache.rules[self.context.current_policy_id]["rules"]: - LOG.info("rule={}".format(rule)) + logger.info("rule={}".format(rule)) if req == rule['rule']: return rule['instructions'], "" - LOG.warning("No rule match the request...") + logger.warning("No rule match the request...") return False, "No rule match the request..." def __update_subject_category_in_policy(self, operation, target): @@ -119,7 +110,7 @@ class Authz(Resource): try: policy_name, category_name, data_name = target.split(":") except ValueError: - LOG.error("Cannot understand value in instruction ({})".format(target)) + logger.error("Cannot understand value in instruction ({})".format(target)) return False # pdp_set = self.payload["authz_context"]['pdp_set'] for meta_rule_id in self.context.pdp_set: @@ -131,7 +122,7 @@ class Authz(Resource): subject_category_id = category_id break else: - LOG.error("Cannot understand category in instruction ({})".format(target)) + logger.error("Cannot understand category in instruction ({})".format(target)) return False subject_data_id = None for data in PolicyManager.get_subject_data("admin", policy_id, category_id=subject_category_id): @@ -142,7 +133,7 @@ class Authz(Resource): if subject_data_id: break else: - LOG.error("Cannot understand data in instruction ({})".format(target)) + logger.error("Cannot understand data in instruction ({})".format(target)) return False if operation == "add": self.payload["authz_context"]['pdp_set'][meta_rule_id]['target'][subject_category_id].append( @@ -152,7 +143,7 @@ class Authz(Resource): self.payload["authz_context"]['pdp_set'][meta_rule_id]['target'][subject_category_id].remove( subject_data_id) except ValueError: - LOG.warning("Cannot remove role {} from target".format(data_name)) + logger.warning("Cannot remove role {} from target".format(data_name)) result = True break return result @@ -234,7 +225,7 @@ class Authz(Resource): if key == "decision": if instruction["decision"] == "grant": self.context.current_state = "grant" - LOG.info("__exec_instructions True {}".format( + logger.info("__exec_instructions True {}".format( self.context.current_state)) return True else: @@ -251,7 +242,7 @@ class Authz(Resource): self.context.current_state = "deny" else: self.context.current_state = "passed" - LOG.info("__exec_instructions False {}".format(self.context.current_state)) + logger.info("__exec_instructions False {}".format(self.context.current_state)) # def __update_current_request(self): # index = self.payload["authz_context"]["index"] @@ -360,15 +351,15 @@ class Authz(Resource): "args": self.payload} except Exception as e: try: - LOG.error(self.payload["authz_context"]) + logger.error(self.payload["authz_context"]) except KeyError: - LOG.error("Cannot find \"authz_context\" in context") - LOG.error(e, exc_info=True) + logger.error("Cannot find \"authz_context\" in context") + logger.error(e, exc_info=True) return {"authz": False, "error": str(e), "pdp_id": self.pdp_id, "args": self.payload} def head(self, uuid=None, subject_name=None, object_name=None, action_name=None): - LOG.info("HEAD request") + logger.info("HEAD request") return "", 200
\ No newline at end of file diff --git a/moon_authz/moon_authz/http_server.py b/moon_authz/moon_authz/http_server.py index d24a02ca..836efbc8 100644 --- a/moon_authz/moon_authz/http_server.py +++ b/moon_authz/moon_authz/http_server.py @@ -3,9 +3,8 @@ # license which can be found in the file 'LICENSE' in this package distribution # or at 'http://www.apache.org/licenses/LICENSE-2.0'. -from flask import Flask, request -# from flask_cors import CORS, cross_origin -from flask_restful import Resource, Api, reqparse +from flask import Flask +from flask_restful import Resource, Api import logging from moon_authz import __version__ from moon_authz.api.authorization import Authz @@ -61,6 +60,7 @@ class Server: def run(self): raise NotImplementedError() + __API__ = ( Authz, ) @@ -74,7 +74,8 @@ class Root(Resource): __methods = ("get", "post", "put", "delete", "options") def get(self): - tree = {"/": {"methods": ("get",), "description": "List all methods for that service."}} + tree = {"/": {"methods": ("get",), + "description": "List all methods for that service."}} for item in __API__: tree[item.__name__] = {"urls": item.__urls__} _methods = [] @@ -101,8 +102,6 @@ class HTTPServer(Server): self.app = Flask(__name__) self._port = port self._host = host - # Todo : specify only few urls instead of * - # CORS(self.app) self.component_id = kwargs.get("component_id") self.keystone_project_id = kwargs.get("keystone_project_id") self.container_chaining = kwargs.get("container_chaining") diff --git a/moon_authz/moon_authz/server.py b/moon_authz/moon_authz/server.py index 1919ebe5..8715bd87 100644 --- a/moon_authz/moon_authz/server.py +++ b/moon_authz/moon_authz/server.py @@ -4,15 +4,14 @@ # or at 'http://www.apache.org/licenses/LICENSE-2.0'. import os -from oslo_log import log as logging +import logging from moon_authz.http_server import HTTPServer as Server from python_moonutilities import configuration -LOG = logging.getLogger("moon.authz.server") -DOMAIN = "moon_authz" +logger = logging.getLogger("moon.authz.server") -def main(): +def create_server(): configuration.init_logging() component_id = os.getenv("UUID") @@ -21,14 +20,16 @@ def main(): pdp_id = os.getenv("PDP_ID") meta_rule_id = os.getenv("META_RULE_ID") keystone_project_id = os.getenv("KEYSTONE_PROJECT_ID") - LOG.info("component_type={}".format(component_type)) + logger.info("component_type={}".format(component_type)) conf = configuration.get_configuration("plugins/{}".format(component_type)) conf["plugins/{}".format(component_type)]['id'] = component_id - hostname = conf["plugins/{}".format(component_type)].get('hostname', component_id) + hostname = conf["plugins/{}".format(component_type)].get('hostname', + component_id) port = conf["plugins/{}".format(component_type)].get('port', tcp_port) bind = conf["plugins/{}".format(component_type)].get('bind', "0.0.0.0") - LOG.info("Starting server with IP {} on port {} bind to {}".format(hostname, port, bind)) + logger.info("Starting server with IP {} on port {} bind to {}".format( + hostname, port, bind)) server = Server( host=bind, port=int(port), @@ -43,5 +44,10 @@ def main(): return server +def run(): + server = create_server() + server.run() + + if __name__ == '__main__': - main() + run() diff --git a/moon_authz/setup.py b/moon_authz/setup.py index c3ac33c7..ad99b9f8 100644 --- a/moon_authz/setup.py +++ b/moon_authz/setup.py @@ -40,7 +40,7 @@ setup( entry_points={ 'console_scripts': [ - 'moon_authz = moon_authz.server:main', + 'moon_authz = moon_authz.server:run', ], } diff --git a/moon_authz/tests/unit_python/mock_pods.py b/moon_authz/tests/unit_python/mock_pods.py index 7488f4f3..74801cd1 100644 --- a/moon_authz/tests/unit_python/mock_pods.py +++ b/moon_authz/tests/unit_python/mock_pods.py @@ -10,15 +10,15 @@ pdp_mock = { "keystone_project_id": "a64beb1cc224474fb4badd43173e7101" }, "pdp_id1": { - "name": "...", + "name": "pdp_id1", "security_pipeline": ["policy_id_1", "policy_id_2"], "keystone_project_id": "keystone_project_id1", "description": "...", }, "pdp_id12": { - "name": "...", + "name": "pdp_id2", "security_pipeline": ["policy_id_1", "policy_id_2"], - "keystone_project_id": "keystone_project_id1", + "keystone_project_id": "keystone_project_id2", "description": "...", } } @@ -100,7 +100,7 @@ subject_mock = { "policy_id_2": { "subject_id": { "name": "subject_name", - "keystone_id": "keystone_project_id1", + "keystone_id": "keystone_project_id2", "description": "a description" } } diff --git a/moon_authz/tests/unit_python/test_authz.py b/moon_authz/tests/unit_python/test_authz.py index f98abebc..50493c9f 100644 --- a/moon_authz/tests/unit_python/test_authz.py +++ b/moon_authz/tests/unit_python/test_authz.py @@ -12,9 +12,9 @@ def get_json(data): def test_authz_true(context): import moon_authz.server - from python_moonutilities.security_functions import Context + from python_moonutilities.context import Context from python_moonutilities.cache import Cache - server = moon_authz.server.main() + server = moon_authz.server.create_server() client = server.app.test_client() CACHE = Cache() CACHE.update() @@ -33,9 +33,9 @@ def test_authz_true(context): def test_user_not_allowed(context): import moon_authz.server - from python_moonutilities.security_functions import Context + from python_moonutilities.context import Context from python_moonutilities.cache import Cache - server = moon_authz.server.main() + server = moon_authz.server.create_server() client = server.app.test_client() CACHE = Cache() CACHE.update() diff --git a/moon_interface/moon_interface/__init__.py b/moon_interface/moon_interface/__init__.py index 903c6518..6f964a63 100644 --- a/moon_interface/moon_interface/__init__.py +++ b/moon_interface/moon_interface/__init__.py @@ -3,4 +3,4 @@ # license which can be found in the file 'LICENSE' in this package distribution # or at 'http://www.apache.org/licenses/LICENSE-2.0'. -__version__ = "0.1.0" +__version__ = "4.3.2" diff --git a/moon_interface/moon_interface/__main__.py b/moon_interface/moon_interface/__main__.py index 517fdd60..9ad7bf2a 100644 --- a/moon_interface/moon_interface/__main__.py +++ b/moon_interface/moon_interface/__main__.py @@ -1,4 +1,4 @@ -from moon_interface.server import main +from moon_interface.server import create_server -server = main() +server = create_server() server.run() diff --git a/moon_interface/moon_interface/api/authz.py b/moon_interface/moon_interface/api/authz.py index a284ff3a..5739027d 100644 --- a/moon_interface/moon_interface/api/authz.py +++ b/moon_interface/moon_interface/api/authz.py @@ -10,15 +10,14 @@ from flask import request from flask_restful import Resource import logging import pickle -import requests import time from uuid import uuid4 from moon_interface.authz_requests import AuthzRequest -__version__ = "0.1.0" +__version__ = "4.3.1" -LOG = logging.getLogger("moon.interface.api.authz." + __name__) +logger = logging.getLogger("moon.interface.api.authz." + __name__) def pdp_in_cache(cache, uuid): @@ -72,6 +71,10 @@ def create_authz_request(cache, interface_name, manager_url, uuid, subject_name, return cache.authz_requests[req_id] +def delete_authz_request(cache, req_id): + cache.authz_requests.pop(req_id) + + class Authz(Resource): """ Endpoint for authz requests @@ -134,11 +137,14 @@ class Authz(Resource): cpt = 0 while True: if cpt > self.TIMEOUT*10: + delete_authz_request(self.CACHE, authz_request.request_id) return {"result": False, "message": "Authz request had timed out."}, 500 if authz_request.is_authz(): if authz_request.final_result == "Grant": + delete_authz_request(self.CACHE, authz_request.request_id) return {"result": True, "message": ""}, 200 + delete_authz_request(self.CACHE, authz_request.request_id) return {"result": False, "message": ""}, 401 cpt += 1 time.sleep(0.1) diff --git a/moon_interface/moon_interface/api/generic.py b/moon_interface/moon_interface/api/generic.py index 51de9214..dadac259 100644 --- a/moon_interface/moon_interface/api/generic.py +++ b/moon_interface/moon_interface/api/generic.py @@ -6,14 +6,14 @@ Those API are helping API used to manage the Moon platform. """ -from flask_restful import Resource, request +from flask_restful import Resource import logging import moon_interface.api from python_moonutilities.security_functions import check_auth -__version__ = "0.1.0" +__version__ = "4.3.1" -LOG = logging.getLogger("moon.interface.api." + __name__) +logger = logging.getLogger("moon.interface.api." + __name__) class Status(Resource): @@ -35,42 +35,7 @@ class Status(Resource): } } """ - raise NotImplemented - - -class Logs(Resource): - """ - Endpoint for logs requests - """ - - __urls__ = ("/logs", "/logs/", "/logs/<string:component_id>") - - def get(self, component_id=None): - """Get logs from the Moon platform - - :param component_id: the ID of the component your are looking for (optional) - :return: [ - "2015-04-15-13:45:20 - "2015-04-15-13:45:21 - "2015-04-15-13:45:22 - "2015-04-15-13:45:23 - ] - """ - filter_str = request.args.get('filter', '') - from_str = request.args.get('from', '') - to_str = request.args.get('to', '') - event_number = request.args.get('event_number', '') - try: - event_number = int(event_number) - except ValueError: - event_number = None - args = dict() - args["filter"] = filter_str - args["from"] = from_str - args["to"] = to_str - args["event_number"] = event_number - - raise NotImplemented + return {"result": True, "message": ""} class API(Resource): @@ -125,7 +90,7 @@ class API(Resource): if endpoint_id in api_desc[group_id]: return {group_id: {endpoint_id: api_desc[group_id][endpoint_id]}} elif len(endpoint_id) > 0: - LOG.error("Unknown endpoint_id {}".format(endpoint_id)) + logger.error("Unknown endpoint_id {}".format(endpoint_id)) return {"error": "Unknown endpoint_id {}".format(endpoint_id)} return {group_id: api_desc[group_id]} return api_desc diff --git a/moon_interface/moon_interface/authz_requests.py b/moon_interface/moon_interface/authz_requests.py index 3f99cb93..87e21152 100644 --- a/moon_interface/moon_interface/authz_requests.py +++ b/moon_interface/moon_interface/authz_requests.py @@ -7,11 +7,11 @@ import logging import itertools import pickle import requests -from python_moonutilities import configuration, exceptions -from python_moonutilities.security_functions import Context +from python_moonutilities import exceptions +from python_moonutilities.context import Context from python_moonutilities.cache import Cache -LOG = logging.getLogger("moon.interface.authz_requests") +logger = logging.getLogger("moon.interface.authz_requests") CACHE = Cache() @@ -51,7 +51,7 @@ class AuthzRequest: req.status_code )) except requests.exceptions.ConnectionError: - LOG.error("Cannot connect to {}".format( + logger.error("Cannot connect to {}".format( "http://{}:{}/authz".format( self.container_chaining[0]["hostip"], self.container_chaining[0]["port"] @@ -69,7 +69,7 @@ class AuthzRequest: req.status_code )) except requests.exceptions.ConnectionError: - LOG.error("Cannot connect to {}".format( + logger.error("Cannot connect to {}".format( "http://{}:{}/authz".format( self.container_chaining[0]["hostname"], self.container_chaining[0]["port"] @@ -152,8 +152,3 @@ class AuthzRequest: return True self.final_result = "Deny" return True - - # def notify(self, request_id, container_id, payload): - # LOG.info("notify {} {} {}".format(request_id, container_id, payload)) - # # TODO: send the notification and wait for the result - # # req = requests.get() diff --git a/moon_interface/moon_interface/http_server.py b/moon_interface/moon_interface/http_server.py index 72576f6c..57170985 100644 --- a/moon_interface/moon_interface/http_server.py +++ b/moon_interface/moon_interface/http_server.py @@ -4,19 +4,18 @@ # or at 'http://www.apache.org/licenses/LICENSE-2.0'. from flask import Flask, jsonify -from flask_cors import CORS, cross_origin from flask_restful import Resource, Api import logging from moon_interface import __version__ -from moon_interface.api.generic import Status, Logs, API +from moon_interface.api.generic import Status, API from moon_interface.api.authz import Authz from moon_interface.authz_requests import CACHE from python_moonutilities import configuration, exceptions -logger = logging.getLogger("moon.interface.http") +logger = logging.getLogger("moon.interface.http_server") __API__ = ( - Status, Logs, API + Status, API ) @@ -72,7 +71,8 @@ class Root(Resource): __methods = ("get", "post", "put", "delete", "options") def get(self): - tree = {"/": {"methods": ("get",), "description": "List all methods for that service."}} + tree = {"/": {"methods": ("get",), + "description": "List all methods for that service."}} for item in __API__: tree[item.__name__] = {"urls": item.__urls__} _methods = [] @@ -94,10 +94,9 @@ class HTTPServer(Server): self.app = Flask(__name__) self.port = port conf = configuration.get_configuration("components/manager") - self.manager_hostname = conf["components/manager"].get("hostname", "manager") + self.manager_hostname = conf["components/manager"].get("hostname", + "manager") self.manager_port = conf["components/manager"].get("port", 80) - #Todo : specify only few urls instead of * - CORS(self.app) self.api = Api(self.app) self.__set_route() self.__hook_errors() @@ -126,7 +125,9 @@ class HTTPServer(Server): resource_class_kwargs={ "cache": CACHE, "interface_name": self.host, - "manager_url": "http://{}:{}".format(self.manager_hostname, self.manager_port), + "manager_url": "http://{}:{}".format( + self.manager_hostname, + self.manager_port), } ) diff --git a/moon_interface/moon_interface/server.py b/moon_interface/moon_interface/server.py index 8b53d7f3..13955c3e 100644 --- a/moon_interface/moon_interface/server.py +++ b/moon_interface/moon_interface/server.py @@ -7,10 +7,10 @@ import logging from python_moonutilities import configuration, exceptions from moon_interface.http_server import HTTPServer -LOG = logging.getLogger("moon.interface.server") +logger = logging.getLogger("moon.interface.server") -def main(): +def create_server(): configuration.init_logging() try: conf = configuration.get_configuration("components/interface") @@ -21,11 +21,19 @@ def main(): hostname = "interface" bind = "127.0.0.1" port = 80 - configuration.add_component(uuid="interface", name=hostname, port=port, bind=bind) - LOG.info("Starting server with IP {} on port {} bind to {}".format(hostname, port, bind)) + configuration.add_component(uuid="interface", + name=hostname, + port=port, + bind=bind) + logger.info("Starting server with IP {} on port {} bind to {}".format( + hostname, port, bind)) return HTTPServer(host=bind, port=port) -if __name__ == '__main__': - server = main() +def run(): + server = create_server() server.run() + + +if __name__ == '__main__': + run() diff --git a/moon_interface/requirements.txt b/moon_interface/requirements.txt index 7aa2b6df..f22b38e7 100644 --- a/moon_interface/requirements.txt +++ b/moon_interface/requirements.txt @@ -1,4 +1,5 @@ flask flask_restful flask_cors +requests python_moonutilities
\ No newline at end of file diff --git a/moon_interface/setup.py b/moon_interface/setup.py index db15ff54..f358c598 100644 --- a/moon_interface/setup.py +++ b/moon_interface/setup.py @@ -40,7 +40,7 @@ setup( entry_points={ 'console_scripts': [ - 'moon_interface = moon_interface.server:main', + 'moon_interface = moon_interface.server:run', ], } diff --git a/moon_interface/tests/unit_python/api/test_authz.py b/moon_interface/tests/unit_python/api/test_authz.py index a63948f8..84605203 100644 --- a/moon_interface/tests/unit_python/api/test_authz.py +++ b/moon_interface/tests/unit_python/api/test_authz.py @@ -7,7 +7,7 @@ def get_json(data): def test_authz_true(context): import moon_interface.server - server = moon_interface.server.main() + server = moon_interface.server.create_server() client = server.app.test_client() req = client.get("/authz/{p_id}/{s_id}/{o_id}/{a_id}".format( p_id=context["project_id"], diff --git a/moon_interface/tests/unit_python/conftest.py b/moon_interface/tests/unit_python/conftest.py index 1f4e8cfa..35ee19d7 100644 --- a/moon_interface/tests/unit_python/conftest.py +++ b/moon_interface/tests/unit_python/conftest.py @@ -5,7 +5,6 @@ import pickle import pytest import requests_mock from uuid import uuid4 -from requests.packages.urllib3.response import HTTPResponse CONF = { "openstack": { @@ -205,7 +204,7 @@ def set_env_variables(): def get_pickled_context(): - from python_moonutilities.security_functions import Context + from python_moonutilities.context import Context from python_moonutilities.cache import Cache CACHE = Cache() CACHE.update() diff --git a/moon_manager/tests/unit_python/__init__.py b/moon_manager/tests/unit_python/__init__.py deleted file mode 100644 index e69de29b..00000000 --- a/moon_manager/tests/unit_python/__init__.py +++ /dev/null diff --git a/moon_manager/tests/unit_python/api/test_perimeter.py b/moon_manager/tests/unit_python/api/test_perimeter.py index d255ae65..db09780f 100644 --- a/moon_manager/tests/unit_python/api/test_perimeter.py +++ b/moon_manager/tests/unit_python/api/test_perimeter.py @@ -1,16 +1,13 @@ # import moon_manager # import moon_manager.api import json - - -def get_json(data): - return json.loads(data.decode("utf-8")) +import api.utilities as utilities def get_subjects(client): req = client.get("/subjects") assert req.status_code == 200 - subjects = get_json(req.data) + subjects = utilities.get_json(req.data) assert isinstance(subjects, dict) assert "subjects" in subjects return subjects @@ -26,7 +23,7 @@ def add_subjects(client, name): req = client.post("/subjects", data=json.dumps(data), headers={'Content-Type': 'application/json'}) assert req.status_code == 200 - subjects = get_json(req.data) + subjects = utilities.get_json(req.data) assert isinstance(subjects, dict) key = list(subjects["subjects"].keys())[0] value = list(subjects["subjects"].values())[0] @@ -63,9 +60,7 @@ def delete_subject(client, name): def test_subject(): - import moon_manager.server - server = moon_manager.server.main() - client = server.app.test_client() + client = utilities.register_client() get_subjects(client) add_subjects(client, "testuser") add_subjects_without_name(client, "") @@ -75,7 +70,7 @@ def test_subject(): def get_objects(client): req = client.get("/objects") assert req.status_code == 200 - objects = get_json(req.data) + objects = utilities.get_json(req.data) assert isinstance(objects, dict) assert "objects" in objects return objects @@ -89,7 +84,7 @@ def add_objects(client, name): req = client.post("/objects", data=json.dumps(data), headers={'Content-Type': 'application/json'}) assert req.status_code == 200 - objects = get_json(req.data) + objects = utilities.get_json(req.data) assert isinstance(objects, dict) key = list(objects["objects"].keys())[0] value = list(objects["objects"].values())[0] @@ -111,9 +106,7 @@ def delete_objects(client, name): def test_objects(): - import moon_manager.server - server = moon_manager.server.main() - client = server.app.test_client() + client = utilities.register_client() get_objects(client) add_objects(client, "testuser") delete_objects(client, "testuser") @@ -122,7 +115,7 @@ def test_objects(): def get_actions(client): req = client.get("/actions") assert req.status_code == 200 - actions = get_json(req.data) + actions = utilities.get_json(req.data) assert isinstance(actions, dict) assert "actions" in actions return actions @@ -136,7 +129,7 @@ def add_actions(client, name): req = client.post("/actions", data=json.dumps(data), headers={'Content-Type': 'application/json'}) assert req.status_code == 200 - actions = get_json(req.data) + actions = utilities.get_json(req.data) assert isinstance(actions, dict) key = list(actions["actions"].keys())[0] value = list(actions["actions"].values())[0] @@ -158,9 +151,7 @@ def delete_actions(client, name): def test_actions(): - import moon_manager.server - server = moon_manager.server.main() - client = server.app.test_client() + client = utilities.register_client() get_actions(client) add_actions(client, "testuser") delete_actions(client, "testuser") diff --git a/moon_manager/tests/unit_python/api/utilities.py b/moon_manager/tests/unit_python/api/utilities.py new file mode 100644 index 00000000..1c055da5 --- /dev/null +++ b/moon_manager/tests/unit_python/api/utilities.py @@ -0,0 +1,12 @@ +import json + + +def get_json(data): + return json.loads(data.decode("utf-8")) + + +def register_client(): + import moon_manager.server + server = moon_manager.server.main() + client = server.app.test_client() + return client
\ No newline at end of file diff --git a/python_moonutilities/python_moonutilities/cache.py b/python_moonutilities/python_moonutilities/cache.py index 164be3da..154365a4 100644 --- a/python_moonutilities/python_moonutilities/cache.py +++ b/python_moonutilities/python_moonutilities/cache.py @@ -204,7 +204,7 @@ class Cache(object): def __update_rules(self): for policy_id in self.policies: - logger.info("Get {}".format("{}/policies/{}/rules".format( + logger.debug("Get {}".format("{}/policies/{}/rules".format( self.manager_url, policy_id))) response = requests.get("{}/policies/{}/rules".format( @@ -214,7 +214,7 @@ class Cache(object): else: logger.warning(" no 'rules' found within policy_id: {}".format(policy_id)) - logger.info("UPDATE RULES {}".format(self.__RULES)) + logger.debug("UPDATE RULES {}".format(self.__RULES)) # assignment functions @@ -252,7 +252,7 @@ class Cache(object): return value['assignments'] else: logger.warning("'subject_id' or 'category_id' or'assignments'" - " keys are not found in subject_assignments") + " keys are not found in subject_assignments") return [] @property @@ -289,7 +289,7 @@ class Cache(object): return value['assignments'] else: logger.warning("'object_id' or 'category_id' or'assignments'" - " keys are not found in object_assignments") + " keys are not found in object_assignments") return [] @property @@ -326,7 +326,7 @@ class Cache(object): return value['assignments'] else: logger.warning("'action_id' or 'category_id' or'assignments'" - " keys are not found in action_assignments") + " keys are not found in action_assignments") return [] # category functions @@ -398,7 +398,7 @@ class Cache(object): self.__PDP[key] = value else: - raise exceptions.PDPNotFound("Cannot find 'pdps' key") + raise exceptions.PdpError("Cannot find 'pdps' key") @property def pdp(self): @@ -476,24 +476,33 @@ class Cache(object): if meta_rule_id in self.models[model_id]["meta_rules"]: return policy_id else: - logger.warning("Cannot find model_id: {} within models and 'meta_rules' key".format(model_id)) + logger.warning( + "Cannot find model_id: {} within " + "models and 'meta_rules' key".format(model_id)) else: - logger.warning("Cannot find policy_id: {} within policies and 'model_id' key".format(policy_id)) + logger.warning( + "Cannot find policy_id: {} " + "within policies and 'model_id' key".format( + policy_id)) else: - logger.warning("Cannot find 'security_pipeline' key within pdp ") + logger.warning("Cannot find 'security_pipeline' " + "key within pdp ") def get_pdp_from_keystone_project(self, keystone_project_id): for pdp_key, pdp_value in self.pdp.items(): - if "keystone_project_id" in pdp_value and keystone_project_id == pdp_value["keystone_project_id"]: + if "keystone_project_id" in pdp_value and \ + keystone_project_id == pdp_value["keystone_project_id"]: return pdp_key def get_keystone_project_id_from_policy_id(self, policy_id): for pdp_key, pdp_value in self.pdp.items(): - if "security_pipeline" in pdp_value and "keystone_project_id" in pdp_value: + if "security_pipeline" in pdp_value and \ + "keystone_project_id" in pdp_value: if policy_id in pdp_value["security_pipeline"]: return pdp_value["keystone_project_id"] else: - logger.warning(" 'security_pipeline','keystone_project_id' key not in pdp {}".format(pdp_value)) + logger.warning(" 'security_pipeline','keystone_project_id' " + "key not in pdp {}".format(pdp_value)) # for policy_id in pdp_value["security_pipeline"]: # model_id = self.policies[policy_id]["model_id"] # if meta_rule_id in self.models[model_id]["meta_rules"]: @@ -508,7 +517,8 @@ class Cache(object): if container_value['keystone_project_id'] == keystone_project_id: if not meta_rule_id: yield container_id, container_value - elif "meta_rule_id" in container_value and container_value.get('meta_rule_id') == meta_rule_id: + elif "meta_rule_id" in container_value and \ + container_value.get('meta_rule_id') == meta_rule_id: yield container_id, container_value break @@ -622,12 +632,11 @@ class Cache(object): else: logger.warning("no 'keystone_project_id' found") self.__CONTAINER_CHAINING_UPDATE = current_time - logger.info(self.__CONTAINER_CHAINING_UPDATE) return self.__CONTAINER_CHAINING def __update_container_chaining(self, keystone_project_id): container_ids = [] - for pdp_id, pdp_value, in self.pdp.items(): + for pdp_id, pdp_value, in self.__PDP.items(): if pdp_value: if "keystone_project_id" and "security_pipeline" in pdp_value \ and pdp_value["keystone_project_id"] == keystone_project_id: @@ -641,10 +650,6 @@ class Cache(object): meta_rule_id ): if "name" in container_value: - _raw = requests.get("{}/pods/{}".format( - self.orchestrator_url, container_value["name"]) - ) - logger.debug("_raw={}".format(_raw.text)) if "genre" and "port" in container_value: container_ids.append( { @@ -667,8 +672,6 @@ class Cache(object): else: raise exceptions.PolicyUnknown("Cannot find policy within policy_id: {}, " "and may not contains 'model_id' key".format(policy_id)) - else: - raise exceptions.PDPError("Cannot find 'keystone_project_id','security_pipeline' pdp keys") self.__CONTAINER_CHAINING[keystone_project_id] = container_ids diff --git a/python_moonutilities/python_moonutilities/configuration.py b/python_moonutilities/python_moonutilities/configuration.py index 51587582..9a044db7 100644 --- a/python_moonutilities/python_moonutilities/configuration.py +++ b/python_moonutilities/python_moonutilities/configuration.py @@ -6,7 +6,7 @@ import base64 import json -import requests +import python_moonutilities.request_wrapper as requests import logging.config from python_moonutilities import exceptions @@ -25,18 +25,20 @@ def init_logging(): config = get_configuration("logging") logging.config.dictConfig(config['logging']) - def increment_port(): - components_port_start = int(get_configuration("components_port_start")['components_port_start']) - components_port_start += 1 - url = "http://{}:{}/v1/kv/components_port_start".format(CONSUL_HOST, CONSUL_PORT) + components_object = get_configuration("components/port_start") + if 'port_start' in components_object: + components_port_start = int(get_configuration("components/port_start")['port_start']) + components_port_start += 1 + else: + raise exceptions.ConsulComponentContentError("error={}".format(components_object)) + url = "http://{}:{}/v1/kv/components/port_start".format(CONSUL_HOST, CONSUL_PORT) req = requests.put(url, json=str(components_port_start)) if req.status_code != 200: logger.info("url={}".format(url)) raise exceptions.ConsulError return components_port_start - def get_configuration(key): url = "http://{}:{}/v1/kv/{}".format(CONSUL_HOST, CONSUL_PORT, key) req = requests.get(url) @@ -46,14 +48,17 @@ def get_configuration(key): data = req.json() if len(data) == 1: data = data[0] - return {data["Key"]: json.loads(base64.b64decode(data["Value"]).decode("utf-8"))} + if all( k in data for k in ("Key", "Value")) : + return {data["Key"]: json.loads(base64.b64decode(data["Value"]).decode("utf-8"))} + raise exceptions.ConsulComponentContentError("error={}".format(data)) else: return [ - {item["Key"]: json.loads(base64.b64decode(item["Value"]).decode("utf-8"))} - for item in data + { + item["Key"]: json.loads(base64.b64decode(item["Value"]).decode("utf-8")) + if all(k in item for k in ("Key", "Value")) else logger.warning("invalidate content {}".format(item)) + } for item in data ] - def add_component(name, uuid, port=None, bind="127.0.0.1", keystone_id="", extra=None, container=None): data = { "hostname": name, @@ -75,7 +80,6 @@ def add_component(name, uuid, port=None, bind="127.0.0.1", keystone_id="", extra logger.info("Add component {}".format(req.text)) return configuration.get_configuration("components/"+uuid) - def get_plugins(): url = "http://{}:{}/v1/kv/plugins?recurse=true".format(CONSUL_HOST, CONSUL_PORT) req = requests.get(url) @@ -85,14 +89,16 @@ def get_plugins(): data = req.json() if len(data) == 1: data = data[0] - return {data["Key"].replace("plugins/", ""): json.loads(base64.b64decode(data["Value"]).decode("utf-8"))} + if all(k in data for k in ("Key", "Value")): + return {data["Key"].replace("plugins/", ""): json.loads(base64.b64decode(data["Value"]).decode("utf-8"))} + raise exceptions.ConsulComponentContentError("error={}".format(data)) else: return { item["Key"].replace("plugins/", ""): json.loads(base64.b64decode(item["Value"]).decode("utf-8")) + if all(k in item for k in ("Key", "Value")) else logger.warning("invalidate content {}".format(item)) for item in data } - def get_components(): url = "http://{}:{}/v1/kv/components?recurse=true".format(CONSUL_HOST, CONSUL_PORT) req = requests.get(url) @@ -102,10 +108,13 @@ def get_components(): data = req.json() if len(data) == 1: data = data[0] - return {data["Key"].replace("components/", ""): json.loads(base64.b64decode(data["Value"]).decode("utf-8"))} + if all(k in data for k in ("Key", "Value")): + return {data["Key"].replace("components/", ""): json.loads(base64.b64decode(data["Value"]).decode("utf-8"))} + raise exceptions.ConsulComponentContentError("error={}".format(data)) else: return { item["Key"].replace("components/", ""): json.loads(base64.b64decode(item["Value"]).decode("utf-8")) + if all(k in item for k in ("Key", "Value")) else logger.warning("invalidate content {}".format(item)) for item in data } diff --git a/python_moonutilities/python_moonutilities/exceptions.py b/python_moonutilities/python_moonutilities/exceptions.py index f14d6abf..e6c9f6de 100644 --- a/python_moonutilities/python_moonutilities/exceptions.py +++ b/python_moonutilities/python_moonutilities/exceptions.py @@ -504,6 +504,11 @@ class ConsulComponentNotFound(ConsulError): title = 'Consul error' logger = "WARNING" +class ConsulComponentContentError(ConsulError): + description = _("invalid content of component .") + code = 500 + title = 'Consul error' + logger = "WARNING" # Containers exceptions @@ -534,3 +539,18 @@ class PdpExisting(MoonError): code = 409 title = 'Pdp Error' logger = "Error" + + +class PolicyUnknown(MoonError): + description = _("The policy is unknown.") + code = 400 + title = 'Policy Unknown' + logger = "Error" + + +class PolicyExisting(MoonError): + description = _("The policy already exists.") + code = 409 + title = 'Policy Error' + logger = "Error" + diff --git a/python_moonutilities/python_moonutilities/request_wrapper.py b/python_moonutilities/python_moonutilities/request_wrapper.py index 8cf5b997..f1603b9d 100644 --- a/python_moonutilities/python_moonutilities/request_wrapper.py +++ b/python_moonutilities/python_moonutilities/request_wrapper.py @@ -9,4 +9,14 @@ def get(url): raise exceptions.ConsulError("request failure ",e) except: raise exceptions.ConsulError("Unexpected error ", sys.exc_info()[0]) + return response + + +def put(url, json=""): + try: + response = requests.put(url,json=json) + except requests.exceptions.RequestException as e: + raise exceptions.ConsulError("request failure ",e) + except: + raise exceptions.ConsulError("Unexpected error ", sys.exc_info()[0]) return response
\ No newline at end of file diff --git a/python_moonutilities/tests/unit_python/mock_repo/urls.py b/python_moonutilities/tests/unit_python/mock_repo/urls.py index a5b1e63b..75b55927 100644 --- a/python_moonutilities/tests/unit_python/mock_repo/urls.py +++ b/python_moonutilities/tests/unit_python/mock_repo/urls.py @@ -9,11 +9,11 @@ def register_components(m): json=[{'Key': component, 'Value': comp_util.get_b64_conf(component)}] ) m.register_uri( - 'GET', 'http://consul:8500/v1/kv/components_port_start', - json=[{'Key': 'components_port_start', 'Value': comp_util.get_b64_conf("components/port_start")}] + 'GET', 'http://consul:8500/v1/kv/components/port_start', + json=[{'Key': 'port_start', 'Value': comp_util.get_b64_conf("components/port_start")}] ) m.register_uri( - 'PUT', 'http://consul:8500/v1/kv/components_port_start', + 'PUT', 'http://consul:8500/v1/kv/components/port_start', json=[] ) diff --git a/python_moonutilities/tests/unit_python/test_configuration.py b/python_moonutilities/tests/unit_python/test_configuration.py index 10618f1c..8ca389bf 100644 --- a/python_moonutilities/tests/unit_python/test_configuration.py +++ b/python_moonutilities/tests/unit_python/test_configuration.py @@ -5,7 +5,7 @@ import requests_mock def test_get_configuration_success(): from python_moonutilities import configuration - assert configuration.get_configuration("components/port_start")["components/port_start"] == comp_util.CONF["components"]["port_start"] + assert configuration.get_configuration("components/port_start")["port_start"] == comp_util.CONF["components"]["port_start"] @requests_mock.Mocker(kw='mock') @@ -18,27 +18,24 @@ def test_get_configuration_not_found(**kwargs): configuration.get_configuration("components/port_start_wrong") assert str(exception_info.value) == '500: Consul error' - -# [TODO] this test used to test the invalid response -# it should be un commented and run after refactoring the related part @requests_mock.Mocker(kw='mock') def test_get_configuration_invalid_response(**kwargs): from python_moonutilities import configuration - kwargs['mock'].get('http://consul:8500/v1/kv/components_port_start', json=[ - {"components_port_start":'components_port_start', 'Value': comp_util.get_b64_conf("components/port_start")} + kwargs['mock'].get('http://consul:8500/v1/kv/components/port_start', json=[ + {"port_start":'port_start', 'Value': comp_util.get_b64_conf("components/port_start")} ]) - # with pytest.raises(Exception) as exception_info: - # configuration.get_configuration("components_port_start") - # assert str(exception_info.value) == '500: Consul error' + with pytest.raises(Exception) as exception_info: + configuration.get_configuration("components/port_start") + assert str(exception_info.value) == '500: Consul error' @requests_mock.Mocker(kw='mock') def test_put_increment_port_failure(**kwargs): from python_moonutilities import configuration - kwargs['mock'].put('http://consul:8500/v1/kv/components_port_start', json=[], status_code=400) - kwargs['mock'].get('http://consul:8500/v1/kv/components_port_start', json=[ - {'Key': 'components_port_start', 'Value': comp_util.get_b64_conf("components/port_start")} + kwargs['mock'].put('http://consul:8500/v1/kv/components/port_start', json=[], status_code=400) + kwargs['mock'].get('http://consul:8500/v1/kv/components/port_start', json=[ + {'Key': 'port_start', 'Value': comp_util.get_b64_conf("components/port_start")} ], status_code=200) with pytest.raises(Exception) as exception_info: configuration.increment_port() |