diff options
19 files changed, 793 insertions, 107 deletions
diff --git a/moon_manager/moon_manager/__init__.py b/moon_manager/moon_manager/__init__.py index 6f964a63..85c245e0 100644 --- a/moon_manager/moon_manager/__init__.py +++ b/moon_manager/moon_manager/__init__.py @@ -3,4 +3,4 @@ # license which can be found in the file 'LICENSE' in this package distribution # or at 'http://www.apache.org/licenses/LICENSE-2.0'. -__version__ = "4.3.2" +__version__ = "4.4.0" diff --git a/moon_manager/moon_manager/api/slaves.py b/moon_manager/moon_manager/api/slaves.py new file mode 100644 index 00000000..d87b8aad --- /dev/null +++ b/moon_manager/moon_manager/api/slaves.py @@ -0,0 +1,110 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. +""" +PDP are Policy Decision Point. + +""" + +from flask import request +from flask_restful import Resource +import logging +import requests +import time +from python_moonutilities.security_functions import check_auth +from python_moondb.core import PDPManager +from python_moondb.core import PolicyManager +from python_moondb.core import ModelManager +from python_moonutilities import configuration, exceptions + +__version__ = "4.3.0" + +logger = logging.getLogger("moon.manager.api." + __name__) + + +class Slaves(Resource): + """ + Endpoint for pdp requests + """ + + __urls__ = ( + "/slaves", + "/slaves/", + "/slaves/<string:uuid>", + "/slaves/<string:uuid>/", + ) + + def __init__(self, **kwargs): + conf = configuration.get_configuration("components/orchestrator") + self.orchestrator_hostname = conf["components/orchestrator"].get("hostname", + "orchestrator") + self.orchestrator_port = conf["components/orchestrator"].get("port", + 80) + + @check_auth + def get(self, uuid=None, user_id=None): + """Retrieve all slaves + + :param uuid: uuid of the slave + :param user_id: user ID who do the request + :return: { + "slaves": { + "XXX": { + "name": "...", + "installed": True + }, + "YYY": { + "name": "...", + "installed": False + } + } + } + """ + req = requests.get("http://{}:{}/slaves".format( + self.orchestrator_hostname, self.orchestrator_port + )) + return {"slaves": req.json()} + + @check_auth + def patch(self, uuid=None, user_id=None): + """Update a slave + + :param uuid: uuid of the slave to update + :param user_id: user ID who do the request + :request body: { + "op": "replace", + "variable": "configured", + "value": True, + } + :return: 204 + :internal_api: add_pdp + """ + logger.info("Will made a request for {}".format(uuid)) + if request.json.get("op") == "replace" \ + and request.json.get("variable") == "configured" \ + and request.json.get("value"): + req = requests.post("http://{}:{}/pods".format( + self.orchestrator_hostname, self.orchestrator_port, + ), + json={"slave_name": uuid} + ) + if req.status_code != 200: + logger.warning("Get error from Orchestrator {} {}".format( + req.reason, req.status_code + )) + return "Orchestrator: " + str(req.reason), req.status_code + elif request.json.get("op") == "replace" \ + and request.json.get("variable") == "configured" \ + and not request.json.get("value"): + req = requests.delete("http://{}:{}/pods/{}".format( + self.orchestrator_hostname, self.orchestrator_port, uuid + )) + if req.status_code != 200: + logger.warning("Get error from Orchestrator {} {}".format( + req.reason, req.status_code + )) + return "Orchestrator: " + str(req.reason), req.status_code + else: + return "Malformed request", 400 + return {"slaves": req.json()} diff --git a/moon_manager/moon_manager/http_server.py b/moon_manager/moon_manager/http_server.py index d67e1121..a98cab43 100644 --- a/moon_manager/moon_manager/http_server.py +++ b/moon_manager/moon_manager/http_server.py @@ -14,6 +14,7 @@ from moon_manager.api.generic import Status, Logs, API from moon_manager.api.models import Models from moon_manager.api.policies import Policies from moon_manager.api.pdp import PDP +from moon_manager.api.slaves import Slaves from moon_manager.api.meta_rules import MetaRules from moon_manager.api.meta_data import SubjectCategories, ObjectCategories, ActionCategories from moon_manager.api.perimeter import Subjects, Objects, Actions @@ -32,7 +33,7 @@ __API__ = ( Subjects, Objects, Actions, Rules, SubjectAssignments, ObjectAssignments, ActionAssignments, SubjectData, ObjectData, ActionData, - Models, Policies, PDP + Models, Policies, PDP, Slaves ) diff --git a/moon_manager/tests/unit_python/api/test_assignemnt.py b/moon_manager/tests/unit_python/api/test_assignemnt.py new file mode 100644 index 00000000..08688e04 --- /dev/null +++ b/moon_manager/tests/unit_python/api/test_assignemnt.py @@ -0,0 +1,174 @@ +import api.utilities as utilities +import json + + +# subject_categories_test + + +def get_subject_assignment(client, policy_id): + req = client.get("/policies/{}/subject_assignments".format(policy_id)) + subject_assignment = utilities.get_json(req.data) + return req, subject_assignment + + +def add_subject_assignment(client, policy_id, category_id): + data = { + "id": "id1", + "category_id": category_id, + "data_id": "data_id1" + } + req = client.post("/policies/{}/subject_assignments/{}".format(policy_id, category_id), data=json.dumps(data), + headers={'Content-Type': 'application/json'}) + subject_assignment = utilities.get_json(req.data) + return req, subject_assignment + + +def delete_subject_assignment(client, policy_id): + req = client.delete("/policies/{}/subject_assignments".format(policy_id)) + return req + + +def test_get_subject_assignment(): + policy_id = utilities.get_policy_id() + client = utilities.register_client() + req, subject_assignment = get_subject_assignment(client, policy_id) + assert req.status_code == 200 + assert isinstance(subject_assignment, dict) + assert "subject_assignments" in subject_assignment + + +def test_add_subject_assignment(): + policy_id = utilities.get_policy_id() + client = utilities.register_client() + req, subject_assignment = add_subject_assignment(client, policy_id, "111") + assert req.status_code == 200 + assert isinstance(subject_assignment, dict) + value = subject_assignment["subject_assignments"] + assert "subject_assignments" in subject_assignment + id = list(value.keys())[0] + assert value[id]['policy_id'] == policy_id + assert value[id]['category_id'] == "111" + assert value[id]['subject_id'] == "id1" + + +def test_delete_subject_assignment(): + client = utilities.register_client() + policy_id = utilities.get_policy_id() + success_req = delete_subject_assignment(client, policy_id) + assert success_req.status_code == 200 + +# --------------------------------------------------------------------------- + +# object_categories_test + + +def get_object_assignment(client, policy_id): + req = client.get("/policies/{}/object_assignments".format(policy_id)) + object_assignment = utilities.get_json(req.data) + return req, object_assignment + + +def add_object_assignment(client, policy_id, category_id): + data = { + "id": "id1", + "category_id": category_id, + "data_id": "data_id1" + } + req = client.post("/policies/{}/object_assignments/{}".format(policy_id, category_id), data=json.dumps(data), + headers={'Content-Type': 'application/json'}) + object_assignment = utilities.get_json(req.data) + return req, object_assignment + + +def delete_object_assignment(client, policy_id): + req = client.delete("/policies/{}/object_assignments".format(policy_id)) + return req + + +def test_get_object_assignment(): + policy_id = utilities.get_policy_id() + client = utilities.register_client() + req, object_assignment = get_object_assignment(client, policy_id) + assert req.status_code == 200 + assert isinstance(object_assignment, dict) + assert "object_assignments" in object_assignment + + +def test_add_object_assignment(): + policy_id = utilities.get_policy_id() + client = utilities.register_client() + req, object_assignment = add_object_assignment(client, policy_id, "111") + assert req.status_code == 200 + assert isinstance(object_assignment, dict) + value = object_assignment["object_assignments"] + assert "object_assignments" in object_assignment + id = list(value.keys())[0] + assert value[id]['policy_id'] == policy_id + assert value[id]['category_id'] == "111" + assert value[id]['object_id'] == "id1" + + +def test_delete_object_assignment(): + client = utilities.register_client() + policy_id = utilities.get_policy_id() + success_req = delete_object_assignment(client, policy_id) + assert success_req.status_code == 200 + +# --------------------------------------------------------------------------- + +# action_categories_test + + +def get_action_assignment(client, policy_id): + req = client.get("/policies/{}/action_assignments".format(policy_id)) + action_assignment = utilities.get_json(req.data) + return req, action_assignment + + +def add_action_assignment(client, policy_id, category_id): + data = { + "id": "id1", + "category_id": category_id, + "data_id": "data_id1" + } + req = client.post("/policies/{}/action_assignments/{}".format(policy_id, category_id), data=json.dumps(data), + headers={'Content-Type': 'application/json'}) + action_assignment = utilities.get_json(req.data) + return req, action_assignment + + +def delete_action_assignment(client, policy_id): + req = client.delete("/policies/{}/action_assignments".format(policy_id)) + return req + + +def test_get_action_assignment(): + policy_id = utilities.get_policy_id() + client = utilities.register_client() + req, action_assignment = get_action_assignment(client, policy_id) + assert req.status_code == 200 + assert isinstance(action_assignment, dict) + assert "action_assignments" in action_assignment + + +def test_add_action_assignment(): + policy_id = utilities.get_policy_id() + client = utilities.register_client() + req, action_assignment = add_action_assignment(client, policy_id, "111") + assert req.status_code == 200 + assert isinstance(action_assignment, dict) + value = action_assignment["action_assignments"] + assert "action_assignments" in action_assignment + id = list(value.keys())[0] + assert value[id]['policy_id'] == policy_id + assert value[id]['category_id'] == "111" + assert value[id]['action_id'] == "id1" + + +def test_delete_action_assignment(): + client = utilities.register_client() + policy_id = utilities.get_policy_id() + success_req = delete_action_assignment(client, policy_id) + assert success_req.status_code == 200 + +# ---------------------------------------------------------------------------
\ No newline at end of file diff --git a/moon_manager/tests/unit_python/api/test_rules.py b/moon_manager/tests/unit_python/api/test_rules.py new file mode 100644 index 00000000..86a3d390 --- /dev/null +++ b/moon_manager/tests/unit_python/api/test_rules.py @@ -0,0 +1,58 @@ +import api.utilities as utilities +import json + + +def get_rules(client, policy_id): + req = client.get("/policies/{}/rules".format(policy_id)) + rules = utilities.get_json(req.data) + return req, rules + + +def add_rules(client, policy_id): + data = { + "meta_rule_id": "meta_rule_id1", + "rule": ["subject_data_id2", "object_data_id2", "action_data_id2"], + "instructions": ( + {"decision": "grant"}, + ), + "enabled": True + } + req = client.post("/policies/{}/rules".format(policy_id), data=json.dumps(data), + headers={'Content-Type': 'application/json'}) + rules = utilities.get_json(req.data) + return req, rules + + +def delete_rules(client, policy_id, meta_rule_id): + req = client.delete("/policies/{}/rules/{}".format(policy_id, meta_rule_id)) + return req + + +def test_get_rules(): + policy_id = utilities.get_policy_id() + client = utilities.register_client() + req, rules = get_rules(client, policy_id) + assert req.status_code == 200 + assert isinstance(rules, dict) + assert "rules" in rules + + +def test_add_rules(): + policy_id = utilities.get_policy_id() + client = utilities.register_client() + req, rules = add_rules(client, policy_id) + assert req.status_code == 200 + assert isinstance(rules, dict) + value = rules["rules"] + assert "rules" in rules + id = list(value.keys())[0] + assert value[id]["meta_rule_id"] == "meta_rule_id1" + + +def test_delete_rules(): + client = utilities.register_client() + policy_id = utilities.get_policy_id() + req, added_rules = get_rules(client, policy_id) + id = added_rules["rules"]['rules'][0]['id'] + rules = delete_rules(client, policy_id, id) + assert rules.status_code == 200 diff --git a/moon_orchestrator/moon_orchestrator/__init__.py b/moon_orchestrator/moon_orchestrator/__init__.py index 3276f42d..85c245e0 100644 --- a/moon_orchestrator/moon_orchestrator/__init__.py +++ b/moon_orchestrator/moon_orchestrator/__init__.py @@ -3,4 +3,4 @@ # license which can be found in the file 'LICENSE' in this package distribution # or at 'http://www.apache.org/licenses/LICENSE-2.0'. -__version__ = "4.3.1" +__version__ = "4.4.0" diff --git a/moon_orchestrator/moon_orchestrator/api/pods.py b/moon_orchestrator/moon_orchestrator/api/pods.py index 31ae31de..3a01c3a9 100644 --- a/moon_orchestrator/moon_orchestrator/api/pods.py +++ b/moon_orchestrator/moon_orchestrator/api/pods.py @@ -6,6 +6,7 @@ from flask import request from flask_restful import Resource from python_moonutilities.security_functions import check_auth +from python_moonutilities import exceptions import logging logger = logging.getLogger("moon.orchestrator.api.pods") @@ -17,6 +18,7 @@ class Pods(Resource): """ __version__ = "4.3.1" + POD_TYPES = ("authz", "wrapper") __urls__ = ( "/pods", @@ -57,6 +59,21 @@ class Pods(Resource): except Exception as e: return {"result": False, "message": str(e)}, 500 + def __get_pod_with_keystone_pid(self, keystone_pid): + for pod_key, pod_values in self.driver.get_pods().items(): + if pod_values[0]['keystone_project_id'] == keystone_pid: + return True + + def __get_wrapper(self, slave_name): + for slave in self.driver.get_slaves(): + if slave_name == slave["name"] \ + and slave["configured"]: + return True + + def __get_slave_names(self): + for slave in self.driver.get_slaves(): + yield slave["name"] + @check_auth def post(self, uuid=None, user_id=None): """Create a new pod. @@ -64,9 +81,14 @@ class Pods(Resource): :param uuid: uuid of the pod (not used here) :param user_id: user ID who do the request :request body: { - "name": "...", - "description": "...", - "type": "plugin_name" + "pdp_id": "fa2323f7055d4a88b1b85d31fe5e8369", + "name": "pdp_rbac3", + "keystone_project_id": "ceacbb5564cc48ad929dd4f00e52bf63", + "models": {...}, + "policies": {...}, + "description": "test", + "security_pipeline": [...], + "slave_name": "" } :return: { "pdp_id1": { @@ -76,25 +98,35 @@ class Pods(Resource): } } """ - logger.debug("POST param={}".format(request.json)) - try: + pods = {} + if "security_pipeline" in request.json: + if self.__get_pod_with_keystone_pid(request.json.get("keystone_project_id")): + raise exceptions.PipelineConflict self.driver.create_pipeline( request.json.get("keystone_project_id"), request.json.get("pdp_id"), request.json.get("security_pipeline"), manager_data=request.json, - active_context=None, - active_context_name=None) - pods = {} + slave_name=request.json.get("slave_name")) for _pod_key, _pod_values in self.driver.get_pods().items(): pods[_pod_key] = [] for _pod_value in _pod_values: if _pod_value['namespace'] != "moon": continue pods[_pod_key].append(_pod_value) - return {"pods": pods} - except Exception as e: - return {"result": False, "message": str(e)}, 500 + else: + logger.info("------------------------------------") + logger.info(list(self.__get_slave_names())) + logger.info("------------------------------------") + if self.__get_wrapper(request.json.get("slave_name")): + raise exceptions.WrapperConflict + if request.json.get("slave_name") not in self.__get_slave_names(): + raise exceptions.SlaveNameUnknown + slave_name = request.json.get("slave_name") + if not slave_name: + slave_name = self.driver.get_slaves(active=True) + self.driver.create_wrappers(slave_name) + return {"pods": self.driver.get_pods()} @check_auth def delete(self, uuid=None, user_id=None): @@ -110,27 +142,31 @@ class Pods(Resource): try: self.driver.delete_pipeline(uuid) return {'result': True} + except exceptions.PipelineUnknown: + for slave in self.driver.get_slaves(): + if uuid in (slave['name'], slave["wrapper_name"]): + self.driver.delete_wrapper(name=slave["wrapper_name"]) except Exception as e: return {"result": False, "message": str(e)}, 500 - @check_auth - def patch(self, uuid=None, user_id=None): - """Update a pod - - :param uuid: uuid of the pdp to update - :param user_id: user ID who do the request - :request body: { - "name": "...", - "replicas": "...", - "description": "...", - } - :return: { - "pod_id1": { - "name": "...", - "replicas": "...", - "description": "...", - } - } - :internal_api: update_pdp - """ - return {"pods": None} + # @check_auth + # def patch(self, uuid=None, user_id=None): + # """Update a pod + # + # :param uuid: uuid of the pdp to update + # :param user_id: user ID who do the request + # :request body: { + # "name": "...", + # "replicas": "...", + # "description": "...", + # } + # :return: { + # "pod_id1": { + # "name": "...", + # "replicas": "...", + # "description": "...", + # } + # } + # :internal_api: update_pdp + # """ + # return {"pods": None} diff --git a/moon_orchestrator/moon_orchestrator/api/slaves.py b/moon_orchestrator/moon_orchestrator/api/slaves.py new file mode 100644 index 00000000..7453d305 --- /dev/null +++ b/moon_orchestrator/moon_orchestrator/api/slaves.py @@ -0,0 +1,46 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +from flask import request +from flask_restful import Resource +from python_moonutilities.security_functions import check_auth +import logging + +logger = logging.getLogger("moon.orchestrator.api.slaves") + + +class Slaves(Resource): + """ + Endpoint for slaves requests + """ + + __version__ = "4.3.1" + + __urls__ = ( + "/slaves", + "/slaves/", + "/slaves/<string:uuid>", + "/slaves/<string:uuid>/", + ) + + def __init__(self, **kwargs): + self.driver = kwargs.get("driver") + + @check_auth + def get(self, uuid=None, user_id=None): + """Retrieve all pods + + :param uuid: uuid of the pod + :param user_id: user ID who do the request + :return: { + "pod_id1": { + "name": "...", + "replicas": "...", + "description": "...", + } + } + """ + slaves = self.driver.get_slaves() + return {"slaves": slaves} diff --git a/moon_orchestrator/moon_orchestrator/drivers.py b/moon_orchestrator/moon_orchestrator/drivers.py index 9c230cce..bb0d0c2c 100644 --- a/moon_orchestrator/moon_orchestrator/drivers.py +++ b/moon_orchestrator/moon_orchestrator/drivers.py @@ -159,17 +159,17 @@ class K8S(Driver): resp = client.create_namespaced_service(namespace="moon", body=service_manifest) logger.info("Service {} created!".format(data.get('name'))) - return resp + return service_manifest def load_deployment_and_service(self, data, api_client=None, ext_client=None, expose=False): _client = api_client if api_client else self.client + manifest = self.__create_service(client=_client, data=data[0], + expose=expose) + data[0]["external_port"] = manifest['spec']['ports'][0].get('nodePort') pod = self.__create_deployment(client=ext_client, data=data) - self.__create_service(client=_client, data=data[0], - expose=expose) self.cache[pod.metadata.uid] = data - @staticmethod - def delete_deployment(name=None, namespace="moon", ext_client=None): + def delete_deployment(self, name=None, namespace="moon", ext_client=None): logger.info("Deleting deployment {}".format(name)) body = client.V1DeleteOptions(propagation_policy='Foreground') ret = ext_client.delete_namespaced_deployment( @@ -177,7 +177,16 @@ class K8S(Driver): namespace=namespace, body=body ) - logger.info(ret) + logger.debug(ret) + _uid = None + for uid, value in self.cache.items(): + if value[0]['name'] == name: + _uid = uid + break + if _uid: + self.cache.pop(_uid) + else: + raise exceptions.DockerError("Cannot find and delete pod named {}".format(name)) def delete_service(self, name, namespace="moon", api_client=None): if not api_client: @@ -185,12 +194,45 @@ class K8S(Driver): ret = api_client.delete_namespaced_service(name=name, namespace=namespace) logger.debug("delete_service {}".format(ret)) - def get_slaves(self): + def get_slaves(self, active=False): + contexts, active_context = self.get_contexts() + pods = self.get_pods() + # logger.info("pods = {}".format(pods)) + slaves = [] + if active: + for key, value in pods.items(): + # logger.info("ctx={}".format(active_context)) + # logger.info("value={}".format(value)) + if active_context["name"] == value[0].get('slave_name'): + data = dict(active_context) + data["wrapper_name"] = value[0]['name'] + data["ip"] = value[0].get("ip", "NC") + data["port"] = value[0].get("external_port", "NC") + slaves.append(data) + break + return slaves + for ctx in contexts: + data = dict(ctx) + data["configured"] = False + for key, value in pods.items(): + # logger.info("ctx={}".format(ctx)) + # logger.info("value={}".format(value)) + if ctx["name"] == value[0].get('slave_name'): + data["wrapper_name"] = value[0]['name'] + data["ip"] = value[0].get("ip", "NC") + data["port"] = value[0].get("external_port", "NC") + data["configured"] = True + break + slaves.append(data) + return slaves + + @staticmethod + def get_contexts(): contexts, active_context = config.list_kube_config_contexts() return contexts, active_context - def create_wrappers(self): - contexts, active_context = self.get_slaves() + def create_wrappers(self, slave_name=None): + contexts, active_context = self.get_contexts() logger.debug("contexts: {}".format(contexts)) logger.debug("active_context: {}".format(active_context)) conf = configuration.get_configuration("components/wrapper") @@ -201,6 +243,8 @@ class K8S(Driver): "container", "wukongsun/moon_wrapper:v4.3") for _ctx in contexts: + if slave_name and slave_name != _ctx['name']: + continue _config = config.new_client_from_config(context=_ctx['name']) logger.debug("_config={}".format(_config)) api_client = client.CoreV1Api(_config) @@ -209,14 +253,56 @@ class K8S(Driver): "name": hostname + "-" + get_random_name(), "container": container, "port": port, - "namespace": "moon" + "namespace": "moon", + "slave_name": _ctx['name'] }, ] self.load_deployment_and_service(data, api_client, ext_client, expose=True) + def delete_wrapper(self, uuid=None, name=None, namespace="moon", + active_context=None, + active_context_name=None): + name_to_delete = None + if uuid and uuid in self.get_pods(): + name_to_delete = self.get_pods()[uuid][0]['name'] + elif name: + for pod_key, pod_list in self.get_pods().items(): + for pod_value in pod_list: + if pod_value.get("name") == name: + name_to_delete = pod_value.get("name") + break + if not name_to_delete: + raise exceptions.WrapperUnknown + contexts, _active_context = self.get_contexts() + if active_context_name: + for _context in contexts: + if _context["name"] == active_context_name: + active_context = _context + break + if active_context: + active_context = _active_context + _config = config.new_client_from_config( + context=active_context['name']) + logger.debug("_config={}".format(_config)) + api_client = client.CoreV1Api(_config) + ext_client = client.ExtensionsV1beta1Api(_config) + self.delete_deployment(name=name_to_delete, namespace=namespace, + ext_client=ext_client) + self.delete_service(name=name_to_delete, api_client=api_client) + return + logger.debug("contexts={}".format(contexts)) + for _ctx in contexts: + _config = config.new_client_from_config(context=_ctx['name']) + logger.debug("_config={}".format(_config)) + api_client = client.CoreV1Api(_config) + ext_client = client.ExtensionsV1beta1Api(_config) + self.delete_deployment(name=name_to_delete, namespace=namespace, + ext_client=ext_client) + self.delete_service(name=name_to_delete, api_client=api_client) + def create_pipeline(self, keystone_project_id, pdp_id, policy_ids, manager_data=None, active_context=None, - active_context_name=None): + slave_name=None): """ Create security functions :param keystone_project_id: the Keystone project id @@ -225,7 +311,7 @@ class K8S(Driver): :param manager_data: data needed to create pods :param active_context: if present, add the security function in this context - :param active_context_name: if present, add the security function in + :param slave_name: if present, add the security function in this context name if active_context_name and active_context are not present, add the security function in all context (ie, in all slaves) @@ -295,12 +381,12 @@ class K8S(Driver): "namespace": "moon" }) logger.debug("data={}".format(data)) - contexts, _active_context = self.get_slaves() - logger.debug("active_context_name={}".format(active_context_name)) + contexts, _active_context = self.get_contexts() + logger.debug("active_context_name={}".format(slave_name)) logger.debug("active_context={}".format(active_context)) - if active_context_name: + if slave_name: for _context in contexts: - if _context["name"] == active_context_name: + if _context["name"] == slave_name: active_context = _context break if active_context: @@ -314,6 +400,8 @@ class K8S(Driver): return logger.debug("contexts={}".format(contexts)) for _ctx in contexts: + if slave_name and slave_name != _ctx['name']: + continue _config = config.new_client_from_config(context=_ctx['name']) logger.debug("_config={}".format(_config)) api_client = client.CoreV1Api(_config) @@ -342,9 +430,9 @@ class K8S(Driver): name_to_delete = pod_value.get("name") break if not name_to_delete: - raise exceptions.MoonError("Cannot find pipeline") + raise exceptions.PipelineUnknown logger.info("Will delete deployment and service named {}".format(name_to_delete)) - contexts, _active_context = self.get_slaves() + contexts, _active_context = self.get_contexts() if active_context_name: for _context in contexts: if _context["name"] == active_context_name: diff --git a/moon_orchestrator/moon_orchestrator/http_server.py b/moon_orchestrator/moon_orchestrator/http_server.py index fa5308d0..85e29cd0 100644 --- a/moon_orchestrator/moon_orchestrator/http_server.py +++ b/moon_orchestrator/moon_orchestrator/http_server.py @@ -10,6 +10,7 @@ import requests import time from moon_orchestrator import __version__ from moon_orchestrator.api.pods import Pods +from moon_orchestrator.api.slaves import Slaves from moon_orchestrator.api.generic import Status from moon_orchestrator.drivers import get_driver from python_moonutilities import configuration, exceptions @@ -122,7 +123,7 @@ class HTTPServer(Server): if "pdps" in pdp.json(): break logger.debug("pdp={}".format(pdp)) - self.driver.create_wrappers() + # self.driver.create_wrappers() for _pdp_key, _pdp_value in pdp.json()['pdps'].items(): if _pdp_value.get('keystone_project_id'): # TODO: select context to add security function @@ -151,6 +152,10 @@ class HTTPServer(Server): resource_class_kwargs={ "driver": self.driver }) + self.api.add_resource(Slaves, *Slaves.__urls__, + resource_class_kwargs={ + "driver": self.driver + }) def run(self): self.app.run(host=self._host, port=self._port) # nosec diff --git a/moon_orchestrator/tests/unit_python/test_pods.py b/moon_orchestrator/tests/unit_python/test_pods.py index f760aa62..678645be 100644 --- a/moon_orchestrator/tests/unit_python/test_pods.py +++ b/moon_orchestrator/tests/unit_python/test_pods.py @@ -31,7 +31,7 @@ def test_get_pods_failure(context, monkeypatch): assert not data["pods"] -def test_add_pods(context, monkeypatch): +def test_add_pods_with_pipeline(context, monkeypatch): patch_k8s(monkeypatch) import moon_orchestrator.server @@ -52,6 +52,60 @@ def test_add_pods(context, monkeypatch): assert data["pods"] +def test_add_pods_without_pipeline_with_bad_slave_name(context, monkeypatch): + patch_k8s(monkeypatch) + + import moon_orchestrator.server + server = moon_orchestrator.server.create_server() + _client = server.app.test_client() + data = { + "slave_name": "test", + } + req = _client.post("/pods", data=json.dumps(data), + headers={'Content-Type': 'application/json'}) + assert req.status_code == 400 + assert req.data + data = get_json(req.data) + assert isinstance(data, dict) + assert 'The slave is unknown.' in data['message'] + + +def test_add_pods_without_pipeline_with_good_slave_name(context, monkeypatch): + patch_k8s(monkeypatch) + + import moon_orchestrator.server + server = moon_orchestrator.server.create_server() + _client = server.app.test_client() + data = { + "slave_name": "active_context", + } + req = _client.post("/pods", data=json.dumps(data), + headers={'Content-Type': 'application/json'}) + assert req.status_code == 200 + assert req.data + data = get_json(req.data) + assert isinstance(data, dict) + assert "pods" in data + assert data["pods"] + + +def test_add_pods_without_pipeline_without_slave_name(context, monkeypatch): + patch_k8s(monkeypatch) + + import moon_orchestrator.server + server = moon_orchestrator.server.create_server() + _client = server.app.test_client() + data = { + } + req = _client.post("/pods", data=json.dumps(data), + headers={'Content-Type': 'application/json'}) + assert req.status_code == 400 + assert req.data + data = get_json(req.data) + assert isinstance(data, dict) + assert 'The slave is unknown.' in data['message'] + + def test_add_pods_with_no_data(context, monkeypatch): patch_k8s(monkeypatch) import moon_orchestrator.server @@ -59,10 +113,10 @@ def test_add_pods_with_no_data(context, monkeypatch): _client = server.app.test_client() req = _client.post("/pods", data=json.dumps({}), headers={'Content-Type': 'application/json'}) - assert req.status_code == 500 + assert req.status_code == 400 assert req.data data = get_json(req.data) - assert '400: Policy Unknown' in data['message'] + assert 'The slave is unknown.' in data['message'] def test_add_pods_with_no_policies_no_models(context, monkeypatch, no_requests): diff --git a/moon_orchestrator/tests/unit_python/test_slaves.py b/moon_orchestrator/tests/unit_python/test_slaves.py new file mode 100644 index 00000000..88ff7e55 --- /dev/null +++ b/moon_orchestrator/tests/unit_python/test_slaves.py @@ -0,0 +1,17 @@ +import json +from mock_pods import patch_k8s +from utilities import get_json + + +def test_get_slaves(context, monkeypatch): + patch_k8s(monkeypatch) + + import moon_orchestrator.server + server = moon_orchestrator.server.create_server() + _client = server.app.test_client() + req = _client.get("/slaves") + assert req.status_code == 200 + assert req.data + data = get_json(req.data) + assert isinstance(data, dict) + assert "slaves" in data diff --git a/python_moondb/python_moondb/api/policy.py b/python_moondb/python_moondb/api/policy.py index 97866bfd..ca313f9a 100644 --- a/python_moondb/python_moondb/api/policy.py +++ b/python_moondb/python_moondb/api/policy.py @@ -22,12 +22,16 @@ class PolicyManager(Managers): policies = self.PolicyManager.get_policies("admin") models = self.ModelManager.get_models("admin") for pdp_key, pdp_value in self.PDPManager.get_pdp(user_id).items(): + if 'security_pipeline' not in pdp_value: + raise exceptions.PdpContentError for policy_id in pdp_value["security_pipeline"]: - if not policies: + if not policies or policy_id not in policies: raise exceptions.PolicyUnknown model_id = policies[policy_id]["model_id"] if not models: raise exceptions.ModelUnknown + if model_id not in models: + raise exceptions.ModelUnknown if meta_rule_id in models[model_id]["meta_rules"]: return policy_id @@ -78,6 +82,8 @@ class PolicyManager(Managers): value.get('name')) perimeter_id = uuid4().hex value.update(k_user['users'][0]) + if not self.get_policies(user_id=user_id, policy_id=policy_id): + raise exceptions.PolicyUnknown return self.driver.set_subject(policy_id=policy_id, perimeter_id=perimeter_id, value=value) @enforce(("read", "write"), "perimeter") @@ -90,6 +96,8 @@ class PolicyManager(Managers): @enforce(("read", "write"), "perimeter") def add_object(self, user_id, policy_id, perimeter_id=None, value=None): + if not self.get_policies(user_id=user_id, policy_id=policy_id): + raise exceptions.PolicyUnknown if not perimeter_id: perimeter_id = uuid4().hex return self.driver.set_object(policy_id=policy_id, perimeter_id=perimeter_id, value=value) @@ -104,6 +112,8 @@ class PolicyManager(Managers): @enforce(("read", "write"), "perimeter") def add_action(self, user_id, policy_id, perimeter_id=None, value=None): + if not self.get_policies(user_id=user_id, policy_id=policy_id): + raise exceptions.PolicyUnknown if not perimeter_id: perimeter_id = uuid4().hex return self.driver.set_action(policy_id=policy_id, perimeter_id=perimeter_id, value=value) @@ -127,6 +137,10 @@ class PolicyManager(Managers): @enforce(("read", "write"), "data") def set_subject_data(self, user_id, policy_id, data_id=None, category_id=None, value=None): + if not category_id: + raise Exception('Invalid category id') + if not self.get_policies(user_id=user_id, policy_id=policy_id): + raise exceptions.PolicyUnknown if not data_id: data_id = uuid4().hex return self.driver.set_subject_data(policy_id=policy_id, data_id=data_id, category_id=category_id, value=value) @@ -151,6 +165,10 @@ class PolicyManager(Managers): @enforce(("read", "write"), "data") def add_object_data(self, user_id, policy_id, data_id=None, category_id=None, value=None): + if not category_id: + raise Exception('Invalid category id') + if not self.get_policies(user_id=user_id, policy_id=policy_id): + raise exceptions.PolicyUnknown if not data_id: data_id = uuid4().hex return self.driver.set_object_data(policy_id=policy_id, data_id=data_id, category_id=category_id, value=value) @@ -167,14 +185,18 @@ class PolicyManager(Managers): if not category_id: for cat in available_metadata["action"]: results.append(self.driver.get_action_data(policy_id=policy_id, data_id=data_id, - category_id=cat)) + category_id=cat)) if category_id and category_id in available_metadata["action"]: results.append(self.driver.get_action_data(policy_id=policy_id, data_id=data_id, - category_id=category_id)) + category_id=category_id)) return results @enforce(("read", "write"), "data") def add_action_data(self, user_id, policy_id, data_id=None, category_id=None, value=None): + if not category_id: + raise Exception('Invalid category id') + if not self.get_policies(user_id=user_id, policy_id=policy_id): + raise exceptions.PolicyUnknown if not data_id: data_id = uuid4().hex return self.driver.set_action_data(policy_id=policy_id, data_id=data_id, category_id=category_id, value=value) @@ -190,6 +212,8 @@ class PolicyManager(Managers): @enforce(("read", "write"), "assignments") def add_subject_assignment(self, user_id, policy_id, subject_id, category_id, data_id): + if not self.get_policies(user_id=user_id, policy_id=policy_id): + raise exceptions.PolicyUnknown return self.driver.add_subject_assignment(policy_id=policy_id, subject_id=subject_id, category_id=category_id, data_id=data_id) @@ -204,6 +228,8 @@ class PolicyManager(Managers): @enforce(("read", "write"), "assignments") def add_object_assignment(self, user_id, policy_id, object_id, category_id, data_id): + if not self.get_policies(user_id=user_id, policy_id=policy_id): + raise exceptions.PolicyUnknown return self.driver.add_object_assignment(policy_id=policy_id, object_id=object_id, category_id=category_id, data_id=data_id) @@ -218,6 +244,8 @@ class PolicyManager(Managers): @enforce(("read", "write"), "assignments") def add_action_assignment(self, user_id, policy_id, action_id, category_id, data_id): + if not self.get_policies(user_id=user_id, policy_id=policy_id): + raise exceptions.PolicyUnknown return self.driver.add_action_assignment(policy_id=policy_id, action_id=action_id, category_id=category_id, data_id=data_id) @@ -232,6 +260,8 @@ class PolicyManager(Managers): @enforce(("read", "write"), "rules") def add_rule(self, user_id, policy_id, meta_rule_id, value): + if not self.get_policies(user_id=user_id, policy_id=policy_id): + raise exceptions.PolicyUnknown return self.driver.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) @enforce(("read", "write"), "rules") diff --git a/python_moondb/tests/unit_python/policies/test_assignments.py b/python_moondb/tests/unit_python/policies/test_assignments.py index ccac205a..707632b0 100755 --- a/python_moondb/tests/unit_python/policies/test_assignments.py +++ b/python_moondb/tests/unit_python/policies/test_assignments.py @@ -1,3 +1,6 @@ +import policies.mock_data as mock_data + + def get_action_assignments(policy_id, action_id=None, category_id=None): from python_moondb.core import PolicyManager return PolicyManager.get_action_assignments("", policy_id, action_id, category_id) @@ -44,7 +47,7 @@ def delete_subject_assignment(policy_id, subject_id, category_id, data_id): def test_get_action_assignments(db): - policy_id = "admin" + policy_id = mock_data.get_policy_id() action_id = "action_id_1" category_id = "category_id_1" data_id = "data_id_1" @@ -59,7 +62,7 @@ def test_get_action_assignments(db): def test_get_action_assignments_by_policy_id(db): - policy_id = "admin" + policy_id = mock_data.get_policy_id() action_id = "action_id_1" category_id = "category_id_1" data_id = "data_id_1" @@ -77,7 +80,7 @@ def test_get_action_assignments_by_policy_id(db): def test_add_action_assignments(db): - policy_id = "admin" + policy_id = mock_data.get_policy_id() action_id = "action_id_1" category_id = "category_id_1" data_id = "data_id_1" @@ -92,9 +95,9 @@ def test_add_action_assignments(db): def test_delete_action_assignment(db): - policy_id = "admin_1" + policy_id = mock_data.get_policy_id() add_action_assignment(policy_id, "", "", "") - policy_id = "admin_2" + policy_id = mock_data.get_policy_id() action_id = "action_id_2" category_id = "category_id_2" data_id = "data_id_2" @@ -112,7 +115,7 @@ def test_delete_action_assignment_with_invalid_policy_id(db): def test_get_object_assignments(db): - policy_id = "admin" + policy_id = mock_data.get_policy_id() object_id = "object_id_1" category_id = "category_id_1" data_id = "data_id_1" @@ -127,7 +130,7 @@ def test_get_object_assignments(db): def test_get_object_assignments_by_policy_id(db): - policy_id = "admin" + policy_id = mock_data.get_policy_id() object_id_1 = "object_id_1" category_id_1 = "category_id_1" data_id = "data_id_1" @@ -145,7 +148,7 @@ def test_get_object_assignments_by_policy_id(db): def test_add_object_assignments(db): - policy_id = "admin" + policy_id = mock_data.get_policy_id() object_id = "object_id_1" category_id = "category_id_1" data_id = "data_id_1" @@ -160,7 +163,7 @@ def test_add_object_assignments(db): def test_delete_object_assignment(db): - policy_id = "admin_1" + policy_id = mock_data.get_policy_id() add_object_assignment(policy_id, "", "", "") object_id = "action_id_2" category_id = "category_id_2" @@ -179,7 +182,7 @@ def test_delete_object_assignment_with_invalid_policy_id(db): def test_get_subject_assignments(db): - policy_id = "admin" + policy_id = mock_data.get_policy_id() subject_id = "object_id_1" category_id = "category_id_1" data_id = "data_id_1" @@ -194,7 +197,7 @@ def test_get_subject_assignments(db): def test_get_subject_assignments_by_policy_id(db): - policy_id = "admin" + policy_id = mock_data.get_policy_id() subject_id_1 = "subject_id_1" category_id_1 = "category_id_1" data_id = "data_id_1" @@ -212,7 +215,7 @@ def test_get_subject_assignments_by_policy_id(db): def test_add_subject_assignments(db): - policy_id = "admin" + policy_id = mock_data.get_policy_id() subject_id = "subject_id_1" category_id = "category_id_1" data_id = "data_id_1" @@ -227,7 +230,7 @@ def test_add_subject_assignments(db): def test_delete_subject_assignment(db): - policy_id = "admin_1" + policy_id = mock_data.get_policy_id() add_subject_assignment(policy_id, "", "", "") subject_id = "subject_id_2" category_id = "category_id_2" diff --git a/python_moondb/tests/unit_python/policies/test_data.py b/python_moondb/tests/unit_python/policies/test_data.py index 875121eb..67fa44fb 100755 --- a/python_moondb/tests/unit_python/policies/test_data.py +++ b/python_moondb/tests/unit_python/policies/test_data.py @@ -117,8 +117,6 @@ def test_get_action_data(db): def test_get_action_data_with_invalid_category_id(db): policy_id = mock_data.get_policy_id() get_available_metadata(policy_id) - - policy_id = policy_id data_id = "data_id_1" category_id = "action_category_id1" value = { @@ -132,7 +130,7 @@ def test_get_action_data_with_invalid_category_id(db): def test_add_action_data(db): - policy_id = "policy_id_1" + policy_id = mock_data.get_policy_id() data_id = "data_id_1" category_id = "category_id_1" value = { @@ -145,6 +143,18 @@ def test_add_action_data(db): assert action_data[action_data_id].get('policy_id') == policy_id +def test_add_action_data_with_invalid_category_id(db): + policy_id = mock_data.get_policy_id() + data_id = "data_id_1" + value = { + "name": "action-type", + "description": {"vm-action": "", "storage-action": "", }, + } + with pytest.raises(Exception) as exception_info: + add_action_data(policy_id=policy_id, data_id=data_id, value=value).get('data') + assert str(exception_info.value) == 'Invalid category id' + + def test_delete_action_data(db): policy_id = mock_data.get_policy_id() get_available_metadata(policy_id) @@ -164,8 +174,6 @@ def test_delete_action_data(db): def test_get_object_data(db): policy_id = mock_data.get_policy_id() get_available_metadata(policy_id) - - policy_id = policy_id data_id = "data_id_1" category_id = "object_category_id1" value = { @@ -181,8 +189,6 @@ def test_get_object_data(db): def test_get_object_data_with_invalid_category_id(db): policy_id = mock_data.get_policy_id() get_available_metadata(policy_id) - - policy_id = policy_id data_id = "data_id_1" category_id = "object_category_id1" value = { @@ -196,7 +202,7 @@ def test_get_object_data_with_invalid_category_id(db): def test_add_object_data(db): - policy_id = "policy_id_1" + policy_id = mock_data.get_policy_id() data_id = "data_id_1" category_id = "object_category_id1" value = { @@ -209,6 +215,18 @@ def test_add_object_data(db): assert object_data[object_data_id].get('policy_id') == policy_id +def test_add_object_data_with_invalid_category_id(db): + policy_id = mock_data.get_policy_id() + data_id = "data_id_1" + value = { + "name": "object-security-level", + "description": {"low": "", "medium": "", "high": ""}, + } + with pytest.raises(Exception) as exception_info: + add_object_data(policy_id=policy_id, data_id=data_id, value=value).get('data') + assert str(exception_info.value) == 'Invalid category id' + + def test_delete_object_data(db): policy_id = mock_data.get_policy_id() get_available_metadata(policy_id) @@ -228,8 +246,6 @@ def test_delete_object_data(db): def test_get_subject_data(db): policy_id = mock_data.get_policy_id() get_available_metadata(policy_id) - - policy_id = policy_id data_id = "data_id_1" category_id = "subject_category_id1" value = { @@ -245,8 +261,6 @@ def test_get_subject_data(db): def test_get_subject_data_with_invalid_category_id(db): policy_id = mock_data.get_policy_id() get_available_metadata(policy_id) - - policy_id = policy_id data_id = "data_id_1" category_id = "subject_category_id1" value = { @@ -260,19 +274,31 @@ def test_get_subject_data_with_invalid_category_id(db): def test_add_subject_data(db): - policy_id = "policy_id_1" + policy_id = mock_data.get_policy_id() data_id = "data_id_1" category_id = "subject_category_id1" value = { "name": "subject-security-level", "description": {"low": "", "medium": "", "high": ""}, } - subject_data = add_object_data(policy_id, data_id, category_id, value).get('data') + subject_data = add_subject_data(policy_id, data_id, category_id, value).get('data') assert subject_data subject_data_id = list(subject_data.keys())[0] assert subject_data[subject_data_id].get('policy_id') == policy_id +def test_add_subject_data_with_no_category_id(db): + policy_id = mock_data.get_policy_id() + data_id = "data_id_1" + value = { + "name": "subject-security-level", + "description": {"low": "", "medium": "", "high": ""}, + } + with pytest.raises(Exception) as exception_info: + add_subject_data(policy_id=policy_id, data_id=data_id, value=value).get('data') + assert str(exception_info.value) == 'Invalid category id' + + def test_delete_subject_data(db): policy_id = mock_data.get_policy_id() get_available_metadata(policy_id) @@ -290,7 +316,7 @@ def test_delete_subject_data(db): def test_get_actions(db): - policy_id = "policy_id_1" + policy_id = mock_data.get_policy_id() value = { "name": "test_action", "description": "test", @@ -304,7 +330,7 @@ def test_get_actions(db): def test_add_action(db): - policy_id = "policy_id_1" + policy_id = mock_data.get_policy_id() value = { "name": "test_action", "description": "test", @@ -316,7 +342,7 @@ def test_add_action(db): def test_add_action_multiple_times(db): - policy_id = "policy_id_1" + policy_id = mock_data.get_policy_id() value = { "name": "test_action", "description": "test", @@ -330,14 +356,14 @@ def test_add_action_multiple_times(db): "description": "test", "policy_list": ['policy_id_3', 'policy_id_4'] } - action = add_action('policy_id_7', perimeter_id, value) + action = add_action(mock_data.get_policy_id(), perimeter_id, value) assert action action_id = list(action.keys())[0] assert len(action[action_id].get('policy_list')) == 2 def test_delete_action(db): - policy_id = "policy_id_1" + policy_id = mock_data.get_policy_id() value = { "name": "test_action", "description": "test", @@ -358,7 +384,7 @@ def test_delete_action_with_invalid_perimeter_id(db): def test_get_objects(db): - policy_id = "policy_id_1" + policy_id = mock_data.get_policy_id() value = { "name": "test_object", "description": "test", @@ -372,7 +398,7 @@ def test_get_objects(db): def test_add_object(db): - policy_id = "policy_id_1" + policy_id = mock_data.get_policy_id() value = { "name": "test_object", "description": "test", @@ -384,7 +410,7 @@ def test_add_object(db): def test_add_objects_multiple_times(db): - policy_id = "policy_id_1" + policy_id = mock_data.get_policy_id() value = { "name": "test_object", "description": "test", @@ -398,14 +424,14 @@ def test_add_objects_multiple_times(db): "description": "test", "policy_list": ['policy_id_3', 'policy_id_4'] } - added_object = add_object('policy_id_7', perimeter_id, value) + added_object = add_object(mock_data.get_policy_id(), perimeter_id, value) assert added_object object_id = list(added_object.keys())[0] assert len(added_object[object_id].get('policy_list')) == 2 def test_delete_object(db): - policy_id = "policy_id_1" + policy_id = mock_data.get_policy_id() value = { "name": "test_object", "description": "test", @@ -426,7 +452,7 @@ def test_delete_object_with_invalid_perimeter_id(db): def test_get_subjects(db): - policy_id = "policy_id_1" + policy_id = mock_data.get_policy_id() value = { "name": "testuser", "description": "test", @@ -440,7 +466,7 @@ def test_get_subjects(db): def test_add_subject(db): - policy_id = "policy_id_1" + policy_id = mock_data.get_policy_id() value = { "name": "testuser", "description": "test", @@ -452,7 +478,7 @@ def test_add_subject(db): def test_add_subjects_multiple_times(db): - policy_id = "policy_id_1" + policy_id = mock_data.get_policy_id() value = { "name": "testuser", "description": "test", @@ -466,14 +492,14 @@ def test_add_subjects_multiple_times(db): "description": "test", "policy_list": ['policy_id_3', 'policy_id_4'] } - subject = add_subject('policy_id_7', perimeter_id, value) + subject = add_subject(mock_data.get_policy_id(), perimeter_id, value) assert subject subject_id = list(subject.keys())[0] assert len(subject[subject_id].get('policy_list')) == 2 def test_delete_subject(db): - policy_id = "policy_id_1" + policy_id = mock_data.get_policy_id() value = { "name": "testuser", "description": "test", diff --git a/python_moondb/tests/unit_python/policies/test_policies.py b/python_moondb/tests/unit_python/policies/test_policies.py index 487cb6a1..148034ef 100755 --- a/python_moondb/tests/unit_python/policies/test_policies.py +++ b/python_moondb/tests/unit_python/policies/test_policies.py @@ -231,7 +231,7 @@ def test_get_rules(db): "instructions": ({"decision": "grant"}), "enabled": "", } - policy_id = "1" + policy_id = mock_data.get_policy_id() meta_rule_id = "1" add_rule(policy_id, meta_rule_id, value) value = { @@ -239,7 +239,6 @@ def test_get_rules(db): "instructions": ({"decision": "grant"}), "enabled": "", } - policy_id = "1" meta_rule_id = "1" add_rule(policy_id, meta_rule_id, value) rules = get_rules(policy_id, meta_rule_id) @@ -261,7 +260,7 @@ def test_add_rule(db): "instructions": ({"decision": "grant"}), "enabled": "", } - policy_id = "1" + policy_id = mock_data.get_policy_id() meta_rule_id = "1" rules = add_rule(policy_id, meta_rule_id, value) assert rules @@ -279,7 +278,7 @@ def test_delete_rule(db): "instructions": ({"decision": "grant"}), "enabled": "", } - policy_id = "2" + policy_id = mock_data.get_policy_id() meta_rule_id = "2" rules = add_rule(policy_id, meta_rule_id, value) rule_id = list(rules.keys())[0] diff --git a/python_moonutilities/Changelog b/python_moonutilities/Changelog index 2c4c02a8..ffc03809 100644 --- a/python_moonutilities/Changelog +++ b/python_moonutilities/Changelog @@ -78,3 +78,7 @@ CHANGES 1.4.5 ----- - Add PdpKeystoneMappingConflict exception + +1.4.6 +----- +- Add WrapperConflict, PipelineConflict, SlaveNameUnknown exceptions diff --git a/python_moonutilities/python_moonutilities/__init__.py b/python_moonutilities/python_moonutilities/__init__.py index bcd7e545..741ba4f6 100644 --- a/python_moonutilities/python_moonutilities/__init__.py +++ b/python_moonutilities/python_moonutilities/__init__.py @@ -3,6 +3,6 @@ # license which can be found in the file 'LICENSE' in this package distribution # or at 'http://www.apache.org/licenses/LICENSE-2.0'. -__version__ = "1.4.5" +__version__ = "1.4.6" diff --git a/python_moonutilities/python_moonutilities/exceptions.py b/python_moonutilities/python_moonutilities/exceptions.py index 6db7bf01..1298f9e4 100644 --- a/python_moonutilities/python_moonutilities/exceptions.py +++ b/python_moonutilities/python_moonutilities/exceptions.py @@ -535,6 +535,41 @@ class ContainerMissing(DockerError): logger = "ERROR" +class WrapperConflict(MoonError): + description = _("A Wrapper already exist for the specified slave.") + code = 409 + title = 'Wrapper conflict' + logger = "ERROR" + + +class PipelineConflict(MoonError): + description = _("A Pipeline already exist for the specified slave.") + code = 409 + title = 'Pipeline conflict' + logger = "ERROR" + + +class PipelineUnknown(MoonError): + description = _("This Pipeline is unknown from the system.") + code = 400 + title = 'Pipeline Unknown' + logger = "ERROR" + + +class WrapperUnknown(MoonError): + description = _("This Wrapper is unknown from the system.") + code = 400 + title = 'Wrapper Unknown' + logger = "ERROR" + + +class SlaveNameUnknown(MoonError): + description = _("The slave is unknown.") + code = 400 + title = 'Slave Unknown' + logger = "Error" + + class PdpUnknown(MoonError): description = _("The pdp is unknown.") code = 400 |