aboutsummaryrefslogtreecommitdiffstats
path: root/moon_authz
diff options
context:
space:
mode:
Diffstat (limited to 'moon_authz')
-rw-r--r--moon_authz/Dockerfile8
-rw-r--r--moon_authz/README.md (renamed from moon_authz/README.rst)3
-rw-r--r--moon_authz/moon_authz/api/authorization.py96
-rw-r--r--moon_authz/moon_authz/api/generic.py131
-rw-r--r--moon_authz/moon_authz/http_server.py2
-rw-r--r--moon_authz/moon_authz/server.py7
-rw-r--r--moon_authz/setup.py2
7 files changed, 55 insertions, 194 deletions
diff --git a/moon_authz/Dockerfile b/moon_authz/Dockerfile
index 7ab172b0..fea9555d 100644
--- a/moon_authz/Dockerfile
+++ b/moon_authz/Dockerfile
@@ -1,12 +1,8 @@
-FROM ubuntu:latest
-
-RUN apt update && apt install python3.5 python3-pip -y
-RUN pip3 install pip --upgrade
+FROM python:3
ADD . /root
WORKDIR /root/
-RUN pip3 install -r requirements.txt --upgrade
-RUN pip3 install /root/dist/* --upgrade
+RUN pip3 install -r requirements.txt
RUN pip3 install .
CMD ["python3", "-m", "moon_authz"] \ No newline at end of file
diff --git a/moon_authz/README.rst b/moon_authz/README.md
index ded4e99a..696c29a1 100644
--- a/moon_authz/README.rst
+++ b/moon_authz/README.md
@@ -1,5 +1,4 @@
-Core module for the Moon project
-================================
+# moon_authz
This package contains the core module for the Moon project
It is designed to provide authorization features to all OpenStack components.
diff --git a/moon_authz/moon_authz/api/authorization.py b/moon_authz/moon_authz/api/authorization.py
index 4cd8de06..d7832ef0 100644
--- a/moon_authz/moon_authz/api/authorization.py
+++ b/moon_authz/moon_authz/api/authorization.py
@@ -19,20 +19,20 @@ from flask_restful import Resource
# - call the next security function
# - call the master if an element is absent
-LOG = logging.getLogger("moon.api." + __name__)
+LOG = logging.getLogger("moon.authz.api." + __name__)
class Authz(Resource):
"""
Endpoint for authz requests
"""
+ __version__ = "0.1.0"
__urls__ = (
"/authz",
"/authz/",
- "/authz/<string:uuid>/<string:subject_name>/<string:object_name>/<string:action_name>",
)
- __version__ = "0.1.0"
+
pdp_id = None
meta_rule_id = None
keystone_project_id = None
@@ -47,13 +47,11 @@ class Authz(Resource):
self.cache = kwargs.get("cache")
self.context = None
- def post(self, uuid=None, subject_name=None, object_name=None, action_name=None):
+ def post(self):
"""Get a response on an authorization request
- :param uuid: uuid of a tenant or an intra_extension
- :param subject_name: name of the subject or the request
- :param object_name: name of the object
- :param action_name: name of the action
+ :request:
+
:return: {
"args": {},
"ctx": {
@@ -255,47 +253,47 @@ class Authz(Resource):
self.context.current_state = "passed"
LOG.info("__exec_instructions False {}".format(self.context.current_state))
- def __update_current_request(self):
- index = self.payload["authz_context"]["index"]
- current_header_id = self.payload["authz_context"]['headers'][index]
- previous_header_id = self.payload["authz_context"]['headers'][index - 1]
- current_policy_id = PolicyManager.get_policy_from_meta_rules("admin", current_header_id)
- previous_policy_id = PolicyManager.get_policy_from_meta_rules("admin", previous_header_id)
- # FIXME (asteroide): must change those lines to be ubiquitous against any type of policy
- if self.payload["authz_context"]['pdp_set'][current_header_id]['meta_rules']['name'] == "session":
- subject = self.payload["authz_context"]['current_request'].get("subject")
- subject_category_id = None
- role_names = []
- for category_id, category_value in ModelManager.get_subject_categories("admin").items():
- if category_value["name"] == "role":
- subject_category_id = category_id
- break
- for assignment_id, assignment_value in PolicyManager.get_subject_assignments(
- "admin", previous_policy_id, subject, subject_category_id).items():
- for data_id in assignment_value["assignments"]:
- data = PolicyManager.get_subject_data("admin", previous_policy_id, data_id, subject_category_id)
- for _data in data:
- for key, value in _data["data"].items():
- role_names.append(value["name"])
- new_role_ids = []
- for perimeter_id, perimeter_value in PolicyManager.get_objects("admin", current_policy_id).items():
- if perimeter_value["name"] in role_names:
- new_role_ids.append(perimeter_id)
- break
- perimeter_id = None
- for perimeter_id, perimeter_value in PolicyManager.get_actions("admin", current_policy_id).items():
- if perimeter_value["name"] == "*":
- break
-
- self.payload["authz_context"]['current_request']['object'] = new_role_ids[0]
- self.payload["authz_context"]['current_request']['action'] = perimeter_id
- elif self.payload["authz_context"]['pdp_set'][current_header_id]['meta_rules']['name'] == "rbac":
- self.payload["authz_context"]['current_request']['subject'] = \
- self.payload["authz_context"]['initial_request']['subject']
- self.payload["authz_context"]['current_request']['object'] = \
- self.payload["authz_context"]['initial_request']['object']
- self.payload["authz_context"]['current_request']['action'] = \
- self.payload["authz_context"]['initial_request']['action']
+ # def __update_current_request(self):
+ # index = self.payload["authz_context"]["index"]
+ # current_header_id = self.payload["authz_context"]['headers'][index]
+ # previous_header_id = self.payload["authz_context"]['headers'][index - 1]
+ # current_policy_id = PolicyManager.get_policy_from_meta_rules("admin", current_header_id)
+ # previous_policy_id = PolicyManager.get_policy_from_meta_rules("admin", previous_header_id)
+ # # FIXME (asteroide): must change those lines to be ubiquitous against any type of policy
+ # if self.payload["authz_context"]['pdp_set'][current_header_id]['meta_rules']['name'] == "session":
+ # subject = self.payload["authz_context"]['current_request'].get("subject")
+ # subject_category_id = None
+ # role_names = []
+ # for category_id, category_value in ModelManager.get_subject_categories("admin").items():
+ # if category_value["name"] == "role":
+ # subject_category_id = category_id
+ # break
+ # for assignment_id, assignment_value in PolicyManager.get_subject_assignments(
+ # "admin", previous_policy_id, subject, subject_category_id).items():
+ # for data_id in assignment_value["assignments"]:
+ # data = PolicyManager.get_subject_data("admin", previous_policy_id, data_id, subject_category_id)
+ # for _data in data:
+ # for key, value in _data["data"].items():
+ # role_names.append(value["name"])
+ # new_role_ids = []
+ # for perimeter_id, perimeter_value in PolicyManager.get_objects("admin", current_policy_id).items():
+ # if perimeter_value["name"] in role_names:
+ # new_role_ids.append(perimeter_id)
+ # break
+ # perimeter_id = None
+ # for perimeter_id, perimeter_value in PolicyManager.get_actions("admin", current_policy_id).items():
+ # if perimeter_value["name"] == "*":
+ # break
+ #
+ # self.payload["authz_context"]['current_request']['object'] = new_role_ids[0]
+ # self.payload["authz_context"]['current_request']['action'] = perimeter_id
+ # elif self.payload["authz_context"]['pdp_set'][current_header_id]['meta_rules']['name'] == "rbac":
+ # self.payload["authz_context"]['current_request']['subject'] = \
+ # self.payload["authz_context"]['initial_request']['subject']
+ # self.payload["authz_context"]['current_request']['object'] = \
+ # self.payload["authz_context"]['initial_request']['object']
+ # self.payload["authz_context"]['current_request']['action'] = \
+ # self.payload["authz_context"]['initial_request']['action']
def get_authz(self):
# self.keystone_project_id = payload["id"]
diff --git a/moon_authz/moon_authz/api/generic.py b/moon_authz/moon_authz/api/generic.py
deleted file mode 100644
index f4e13e42..00000000
--- a/moon_authz/moon_authz/api/generic.py
+++ /dev/null
@@ -1,131 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-"""
-Those API are helping API used to manage the Moon platform.
-"""
-
-from flask_restful import Resource, request
-from oslo_log import log as logging
-import moon_authz.api
-from python_moonutilities.security_functions import check_auth
-
-__version__ = "0.1.0"
-
-LOG = logging.getLogger("moon.authz.api." + __name__)
-
-
-class Status(Resource):
- """
- Endpoint for status requests
- """
-
- __urls__ = ("/status", "/status/", "/status/<string:component_id>")
-
- def get(self, component_id=None):
- """Retrieve status of all components
-
- :return: {
- "orchestrator": {
- "status": "Running"
- },
- "security_router": {
- "status": "Running"
- }
- }
- """
- raise NotImplemented
-
-
-class Logs(Resource):
- """
- Endpoint for logs requests
- """
-
- __urls__ = ("/logs", "/logs/", "/logs/<string:component_id>")
-
- def get(self, component_id=None):
- """Get logs from the Moon platform
-
- :param component_id: the ID of the component your are looking for (optional)
- :return: [
- "2015-04-15-13:45:20
- "2015-04-15-13:45:21
- "2015-04-15-13:45:22
- "2015-04-15-13:45:23
- ]
- """
- filter_str = request.args.get('filter', '')
- from_str = request.args.get('from', '')
- to_str = request.args.get('to', '')
- event_number = request.args.get('event_number', '')
- try:
- event_number = int(event_number)
- except ValueError:
- event_number = None
- args = dict()
- args["filter"] = filter_str
- args["from"] = from_str
- args["to"] = to_str
- args["event_number"] = event_number
-
- raise NotImplemented
-
-
-class API(Resource):
- """
- Endpoint for API requests
- """
-
- __urls__ = (
- "/api",
- "/api/",
- "/api/<string:group_id>",
- "/api/<string:group_id>/",
- "/api/<string:group_id>/<string:endpoint_id>")
-
- @check_auth
- def get(self, group_id="", endpoint_id="", user_id=""):
- """Retrieve all API endpoints or a specific endpoint if endpoint_id is given
-
- :param group_id: the name of one existing group (ie generic, ...)
- :param endpoint_id: the name of one existing component (ie Logs, Status, ...)
- :return: {
- "group_name": {
- "endpoint_name": {
- "description": "a description",
- "methods": {
- "get": "description of the HTTP method"
- },
- "urls": ('/api', '/api/', '/api/<string:endpoint_id>')
- }
- }
- """
- __methods = ("get", "post", "put", "delete", "options", "patch")
- api_list = filter(lambda x: "__" not in x, dir(moon_authz.api))
- api_desc = dict()
- for api_name in api_list:
- api_desc[api_name] = {}
- group_api_obj = eval("moon_interface.api.{}".format(api_name))
- api_desc[api_name]["description"] = group_api_obj.__doc__
- if "__version__" in dir(group_api_obj):
- api_desc[api_name]["version"] = group_api_obj.__version__
- object_list = list(filter(lambda x: "__" not in x, dir(group_api_obj)))
- for obj in map(lambda x: eval("moon_interface.api.{}.{}".format(api_name, x)), object_list):
- if "__urls__" in dir(obj):
- api_desc[api_name][obj.__name__] = dict()
- api_desc[api_name][obj.__name__]["urls"] = obj.__urls__
- api_desc[api_name][obj.__name__]["methods"] = dict()
- for _method in filter(lambda x: x in __methods, dir(obj)):
- docstring = eval("moon_interface.api.{}.{}.{}.__doc__".format(api_name, obj.__name__, _method))
- api_desc[api_name][obj.__name__]["methods"][_method] = docstring
- api_desc[api_name][obj.__name__]["description"] = str(obj.__doc__)
- if group_id in api_desc:
- if endpoint_id in api_desc[group_id]:
- return {group_id: {endpoint_id: api_desc[group_id][endpoint_id]}}
- elif len(endpoint_id) > 0:
- LOG.error("Unknown endpoint_id {}".format(endpoint_id))
- return {"error": "Unknown endpoint_id {}".format(endpoint_id)}
- return {group_id: api_desc[group_id]}
- return api_desc
diff --git a/moon_authz/moon_authz/http_server.py b/moon_authz/moon_authz/http_server.py
index 50e878d3..d24a02ca 100644
--- a/moon_authz/moon_authz/http_server.py
+++ b/moon_authz/moon_authz/http_server.py
@@ -12,7 +12,7 @@ from moon_authz.api.authorization import Authz
from python_moonutilities.cache import Cache
from python_moonutilities import exceptions
-logger = logging.getLogger("moon." + __name__)
+logger = logging.getLogger("moon.authz.http_server")
CACHE = Cache()
CACHE.update()
diff --git a/moon_authz/moon_authz/server.py b/moon_authz/moon_authz/server.py
index 974012dc..1919ebe5 100644
--- a/moon_authz/moon_authz/server.py
+++ b/moon_authz/moon_authz/server.py
@@ -8,20 +8,19 @@ from oslo_log import log as logging
from moon_authz.http_server import HTTPServer as Server
from python_moonutilities import configuration
-LOG = logging.getLogger("moon.server")
+LOG = logging.getLogger("moon.authz.server")
DOMAIN = "moon_authz"
-__CWD__ = os.path.dirname(os.path.abspath(__file__))
-
def main():
+ configuration.init_logging()
+
component_id = os.getenv("UUID")
component_type = os.getenv("TYPE")
tcp_port = os.getenv("PORT")
pdp_id = os.getenv("PDP_ID")
meta_rule_id = os.getenv("META_RULE_ID")
keystone_project_id = os.getenv("KEYSTONE_PROJECT_ID")
- configuration.init_logging()
LOG.info("component_type={}".format(component_type))
conf = configuration.get_configuration("plugins/{}".format(component_type))
conf["plugins/{}".format(component_type)]['id'] = component_id
diff --git a/moon_authz/setup.py b/moon_authz/setup.py
index a8dcd0c4..c3ac33c7 100644
--- a/moon_authz/setup.py
+++ b/moon_authz/setup.py
@@ -21,7 +21,7 @@ setup(
description="",
- long_description=open('README.rst').read(),
+ long_description=open('README.md').read(),
# install_requires= ,